[tor-talk] [cryptography] The Heartbleed Bug is a serious vulnerability in OpenSSL
tpb-crypto at laposte.net
tpb-crypto at laposte.net
Fri Apr 11 17:48:42 PDT 2014
> Message du 11/04/14 20:33
> De : "Cypher"
>
> I agree that there is no proof that this bug was introduced on purpose
> and it might be a simple oversight (no matter what it looks like or
> could be). We have to keep in mind that one of the things spies do is
> sow suspicion and doubt - it's a powerful weapon! All these
> vulnerabilities we're finding in critical software /might just be/
> mistakes and oversights. Or they might be deliberate attacks by the
> NSA/GCHQ. Part of the power these agencies wield is that /we'll likely
> never know/ and so we suspect...everyone. Everything.
>
Too many bugs, in too many convenient places. One or two may be a coincidence, several of them like it appears to be the case, is not. We know who did it and now even if it is a coincidence, the culprit will be pointed at the NSA.
The timing the code was included in the tree cannot be a coincidence. There's one more thing we have to look at. When nobody is paying attention, someone is trying to sneak bad code.
The NSA mandate was to protect the people, not to make them vulnerable. Disbanding such a rogue organization would be the right thing to do.
More information about the cypherpunks
mailing list