[tor-talk] [cryptography] The Heartbleed Bug is a serious vulnerability in OpenSSL

tpb-crypto at laposte.net tpb-crypto at laposte.net
Thu Apr 10 13:51:46 PDT 2014



> Message du 10/04/14 22:42
> De : "rysiek" 
> A : cypherpunks at cpunks.org
> Copie à : 
> Objet : Re: [tor-talk] [cryptography] The Heartbleed Bug is a serious vulnerability in OpenSSL
>

> Dnia czwartek, 10 kwietnia 2014 16:26:46 Juan Garofalo pisze:
> > --On Thursday, April 10, 2014 3:46 AM -0400 grarpamp 
> > 
> > wrote:
> > > On Wed, Apr 9, 2014 at 2:29 PM, Christopher J. Walters
> > >  >
> > > 
> > >> It makes me wonder if the NSA was involved in inserting this bug into
> > >> OpenSSL clients and servers.
> > > 
> > > That would be 2+ years of amazing win on NSA part [1]. Any unlikely
> > > impropriety would come out soon. More likely reality... opensource
> > > people are busy and good humans and coding mistakes happen.
> > 
> > Oh. And what about the constant babbling stating that open source is
> > oh-so-great security-wise because lots of people can look at the code bla
> > bla bla bla bla. Bla!
> 
> Well, they can. Doesn't mean they do. Time to get the message out there: 
> "start bloody looking at the code".
> 
> -- 
> Pozdr
> rysiek>
> [ signature.asc (0.3 Ko) ]

There is one reason why this bug came to light, we can see the source code. Otherwise it could be exploited for decades instead of two years and nobody would ever notice it.




More information about the cypherpunks mailing list