[tor-talk] [cryptography] The Heartbleed Bug is a serious vulnerability in OpenSSL
The Doctor
drwho at virtadpt.net
Fri Apr 11 10:04:38 PDT 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 04/11/2014 06:07 AM, tpb-crypto at laposte.net wrote:
> It could have been inserted into the OpenSSL repository through a
> backdoor... or why would the spies by so interested in hacking
> professors that
deal with
> crypto and whose word is trusted by the masses? Like they did to a
Belgian
For just that reason, perhaps? Because they're experts, the work and
word of whom are trusted? That would be the first place I'd expect
most people to look last.
> It may be possible that Segelmann did his job correctly, that the
> reviewer did his job correctly, but someone unknown may have
> changed it just a
little bit
> before delivery. What ya fellow coders think?
The timing of the commit in question is most interesting, indeed:
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4817504d069b4c5082161b02a22116ad75f822b1
...the date and time of the year when people are least likely to be
sitting at their computers watching for and reviewing commits. Only
better time would probably have been at 2359 hours UTC.
- --
The Doctor [412/724/301/703] [ZS]
Developer, Project Byzantium: http://project-byzantium.org/
PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1
WWW: https://drwho.virtadpt.net/
WWPMD? (What Would Paul Muad'dib Do?)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEAREKAAYFAlNIIKYACgkQO9j/K4B7F8F3jwCgke6jqiBTm7DQrQrq7OyeEnD2
zEgAn155/V3TLOKjhlSI8X/gg65+gP84
=mCzP
-----END PGP SIGNATURE-----
More information about the cypherpunks
mailing list