Message du 10/04/14 22:42 De : "rysiek" A : cypherpunks@cpunks.org Copie à : Objet : Re: [tor-talk] [cryptography] The Heartbleed Bug is a serious vulnerability in OpenSSL
Dnia czwartek, 10 kwietnia 2014 16:26:46 Juan Garofalo pisze:
--On Thursday, April 10, 2014 3:46 AM -0400 grarpamp
wrote:
On Wed, Apr 9, 2014 at 2:29 PM, Christopher J. Walters
It makes me wonder if the NSA was involved in inserting this bug into OpenSSL clients and servers.
That would be 2+ years of amazing win on NSA part [1]. Any unlikely impropriety would come out soon. More likely reality... opensource people are busy and good humans and coding mistakes happen.
Oh. And what about the constant babbling stating that open source is oh-so-great security-wise because lots of people can look at the code bla bla bla bla bla. Bla!
Well, they can. Doesn't mean they do. Time to get the message out there: "start bloody looking at the code".
-- Pozdr rysiek> [ signature.asc (0.3 Ko) ]
There is one reason why this bug came to light, we can see the source code. Otherwise it could be exploited for decades instead of two years and nobody would ever notice it.