On Wednesday, April 9, 2014 10:29:06 AM UTC-7, Austin William Wright wrote: > > the act that default Node.js is unaffected was a complete coincidence >
I wouldn't describe this as a *complete* coincidence: I've been using the term "80% dumb luck" to describe it. While the decision to disable heartbeats was an entirely pragmatic one based around compatibility rather than security, both this hole and the bug which inadvertently saved Node have the same root cause: heartbeats have been an under-used and under-examined feature of SSL/TLS. -- -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
