On Fri, 11 Apr 2014, Richard Hector wrote: > Heartbleed isn't a problem with the encryption though; the encryption > didn't get broken. Any protocol could probably potentially suffer from a > buffer overflow due to a bug in the software. Given this one leaked info > from the server process, who's to say it wouldn't leak your one-time pad?
Today's Washington Post has an article where the author of the bug admits he missed validating a variable that holds a length when he submitted a new feature to OpenSSL along with some bug fixes. The other devs who reviewed his code missed that, too. It was an oversight, not a deliberate action. We all have these senior moments when coding, regardless of our age. :-) Rich -- Richard B. Shepard, Ph.D. | Have knowledge, will travel. Applied Ecosystem Services, Inc. | www.appl-ecosys.com Voice: 503-667-4517 Fax: 503-667-8863 ------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees _______________________________________________ Ledger-smb-users mailing list Ledger-smb-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ledger-smb-users
