The NSA ain't all that clever, but some of the contractors they hire
might be.
On 4/8/2014 11:20 AM, Tim Bray wrote:
Yeah, you’re right; e.g. my own tbray.org server is fine because it’s
been up for 1080 days and has openssl 0.9.8. My estimation of NSA’s
cleverness is a little lower than yours, I bet it was a surprise to
them too. Someone should ask Snowden ;)
On Tue, Apr 8, 2014 at 7:51 AM, Igor Roshchin <[email protected]> wrote:
Tim,
Thanks a lot for the heads-up.
Apparently, I saw it here before I saw it through the "proper" channels.
Strictly speaking it is not a "zero-day", as it was introduced in the
version 1.0.1, and the earlier versions are not vulnerable.
(I haven't seen any discussion of this yet, but I wouldn't be too
surprised if the NSA had known about this bug way before the disclosure.)
Cheers,
Igor
On 4/7/2014 8:13 PM, Tim Bray wrote:
In the unlikely event that any of you run https-enabled web sites and
haven't visited heartbleed.com today, get thee over there post-haste
and find out what version of OpenSSL you're running and consider
replacing your certs, stat.
I'm not sure I've ever seen a more damaging zero-day.
--
PDML Pentax-Discuss Mail List
[email protected]
http://pdml.net/mailman/listinfo/pdml_pdml.net
to UNSUBSCRIBE from the PDML, please visit the link directly above and follow
the directions.
--
PDML Pentax-Discuss Mail List
[email protected]
http://pdml.net/mailman/listinfo/pdml_pdml.net
to UNSUBSCRIBE from the PDML, please visit the link directly above and follow
the directions.
