Security firm Akamai CSO says code recently published by its firm to guard against attempts to use the Heartbleed vulnerability to steal OpenSSL private keys is flawed. The vulnerability in that custom allocation scheme stemmed from an RSA key made of six critical values, but the company’s code secured only three of them. An independent security researcher found and confirmed the allocation scheme bug after just 15 minutes of code review. Other sites, including Pinterest, Tumblr, Yahoo, and Google, have — or are putting — related patches in place.”]
Source: https://www.darkreading.com/application-security/akamai-withdraws-proposed-heartbleed-patch