[tor-talk] [cryptography] The Heartbleed Bug is a serious vulnerability in OpenSSL

Fri Apr 11 11:02:19 PDT 2014

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 04/11/2014 12:54 PM, rysiek wrote:
> Dnia piątek, 11 kwietnia 2014 10:04:38 The Doctor pisze:
>> The timing of the commit in question is most interesting,
>> indeed:
>> 
>> http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4817504d069b4c508216
>>
>> 
1b02a22116ad75f822b1
>> 
>> ...the date and time of the year when people are least likely to
>> be sitting at their computers watching for and reviewing commits.
>> Only better time would probably have been at 2359 hours UTC.
> 
> Now I love my conspiracy theories just like the next guy and I
> definitely do not take sides (I am myself quite inclined to think
> this is not entirely an honest mistake), but...
> 
> ...the kind of argument you make rings a bell: 
> http://en.wikipedia.org/wiki/Anthropic_bias
> 
> I agree that this was the very best time for a commit so that
> nobody sees it/reviews it. Maybe this is why nobody has seen it nor
> reviewed it? As in, the very fact it is so does not prove that it
> was done at this time on purpose.

I agree that there is no proof that this bug was introduced on purpose
and it might be a simple oversight (no matter what it looks like or
could be). We have to keep in mind that one of the things spies do is
sow suspicion and doubt - it's a powerful weapon! All these
vulnerabilities we're finding in critical software /might just be/
mistakes and oversights. Or they might be deliberate attacks by the
NSA/GCHQ. Part of the power these agencies wield is that /we'll likely
never know/ and so we suspect...everyone. Everything.

Cypher

- -- 
Want to communicate with me privately?
Find my PGP public key here:
http://pgp.mit.edu/pks/lookup?op=get&search=0x5BAEB5B2FA26826B

Fingerprint: 6728 40CE 35EE 0BF3 2E15 C7CC 5BAE B5B2 FA26 826B

-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTSC4qAAoJEFuutbL6JoJrbIYQAJCMlCI7rpWZq/yUuVFZOmpW
dO1QxMF1Gz0KA+MFBc5eiKzWsYbggY6jGfufiaWPDgV7fpmdirkz2enbEro6VFqN
kOQded5v72g+cHDJjb4xcsK3J/k+RKeOxQxrNd8XeiqxGAqLlScDos+LGeOOee1f
Dgefk/uQ1g/8O3sYz+uQhTyRWy+oEfSr1WUCvPYO1MiQcGt2BSC3S5RxMNKyj1XG
so+pIKtrMJq842Rxl8OBJEAHpK7o4AnN9ealHpa6o+4nUR8C4WrN+T+rwnvpuZOI
ujfWO6bEMfmGtNxOiZY3FfiJTLILrD4Ebiy28sJp6FkT53Kvvh7Bk4jdB5HJFSBh
T4RzsOE5dEcGKIUrkA1W0Ct+SxZY167rFpKKzG4D95onN4EDHkZANm+bq24NxMf7
oB2rm6F1WCb5T2IRFzUiMln0brNGmp1jM9Y4jHRvc7Nsk+X9Xrq0lGoMKiWXqa2j
XWQvgdQe3xPods/HRrEThHOJf9zg3YoxdeLmCJvUm459nHjiswOFSEobuYhbroFz
Gx9fNyQxy2V2rCY8Yl7vE8qXp6L0S8pylZdeveyXrcKUc4jL3FOKYkEm5Exm9Rmg
teI+NvbmUsO8AdEV3v70gvT6pjZr62gxWOjkbRX4LIHIq3eTZJ9+XyrVRGiLx+YU
RNu3H/lUDe49yCmtd6O1
=8cIX
-----END PGP SIGNATURE-----