I think, it's a scam similar to this: http://seclists.org/fulldisclosure/2014/Apr/292 but you can try it and sacrifice your 20 BTC :) (and there is no escrow...) On Tue, May 06, 2014 at 08:42:06AM +0100, Mark Steward wrote:

Very drole.

Mark

On 6 May 2014 08:28, "Matej Kovacic" wrote:

Hi,

(NOT OpenSSL!)

in case you didn't came aroud this:

http://pastebin.com/gjkivAf3

Unfortunately, there is no patch yet...

Regards,

M.

-- ______________________________________________________________________________ [Pavol Luptak, Nethemba s.r.o.] [http://www.nethemba.com] [tel: +421905400542]

This is bs. https://news.ycombinator.com/item?id=7701208 On Tue, 6 May 2014, Odinn Cyberguerrilla wrote:

Date: Tue, 6 May 2014 09:41:57 -0700 From: Odinn Cyberguerrilla To: Matej Kovacic Cc: cypherpunks@cpunks.org Subject: Re: OpenSSH memory leak

...

Hi,

(NOT OpenSSL!)

in case you didn't came aroud this:

http://pastebin.com/gjkivAf3

Unfortunately, there is no patch yet...

Regards,

M.

Possibly related is this:

Let's say you are in some garden variety Ubuntu and as of May 5 or thereabouts, you were happily sitting on the best version available of OpenSSL which would be (as of April 2014): OpenSSL1.0.1g 7 Apr 2014 And then sometime late on May 5, 2014 you decided to do this in your terminal...

sudo apt-get update && sudo apt-get upgrade

Oh, well that was interesting

Now go back in and do this

openssl version -a

Wait a minute...

yes, most people are going to have to go back in and

curl https://www.openssl.org/source/openssl-1.0.1g.tar.gz | tar xz && cd openssl-1.0.1g && sudo ./config && sudo make && sudo make install

History repeats itself

b0z0@sdf.lonestar.org SDF Public Access UNIX System - http://sdf.lonestar.org