Re: The Revenge of Buffer Overflows
Alejandro Tejada wrote: And finally: http://mashable.com/2014/04/10/heartbleed-programmer/ ... It would be better if more people helped improving it, Seggelmann told Mashable via email. It doesn’t really matter if companies benefitting from it provided some support, or if people do it in their spare time. However, if everybody just keeps using it and thinks somebody else will eventually take care of it, it won’t work. The more people look at it, the less likely errors like this occur. That applies equally well to testing LiveCode. -- Richard Gaskin Fourth World LiveCode training and consulting: http://www.fourthworld.com Webzine for LiveCode developers: http://www.LiveCodeJournal.com Follow me on Twitter: http://twitter.com/FourthWorldSys ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
Re: The Revenge of Buffer Overflows
Ha! http://i.imgur.com/0mbh6xE.jpg -- Mark Wieder ahsoftw...@gmail.com ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
Re: The Revenge of Buffer Overflows
Thank you for that. I actually did laugh out loud. Having spent the last few days getting everybody new certificates I relate to this on a deep and personal level... ;) Regards, Heather On 11 Apr 2014, at 17:00, Mark Wieder wrote: Ha! http://i.imgur.com/0mbh6xE.jpg -- Mark Wieder ahsoftw...@gmail.com ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode Heather Laine Customer Services Manager http://www.livecode.com/ ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
Re: The Revenge of Buffer Overflows
Ben- Friday, April 11, 2014, 10:29:12 AM, you wrote: While we're on comic responses to Heartbleed, the latest xkcd is the most concise explanation of the bug I've seen. http://xkcd.com/1354/ (I can't vouch for its accuracy.) Exactly. Randall's got it right - here's a short video explaining what's behind this. http://info.elastica.net/2014/04/openssl-heartbeat-vulnerability/ -- -Mark Wieder ahsoftw...@gmail.com This communication may be unlawfully collected and stored by the National Security Agency (NSA) in secret. The parties to this email do not consent to the retrieving or storing of this communication and any related metadata, as well as printing, copying, re-transmitting, disseminating, or otherwise using it. If you believe you have received this communication in error, please delete it immediately. ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
Re: The Revenge of Buffer Overflows
And finally: http://mashable.com/2014/04/10/heartbleed-programmer/ Programmer Robin Seggelmann says he wrote the code for the part of OpenSSL that led to Heartbleed. But it was an accident. He submitted the code to the OpenSSL project and other members reviewed it. Seggelmann later added another piece of code for a new feature, which the members then added. It was this added feature that introduced the bug. It would be better if more people helped improving it, Seggelmann told Mashable via email. It doesn’t really matter if companies benefitting from it provided some support, or if people do it in their spare time. However, if everybody just keeps using it and thinks somebody else will eventually take care of it, it won’t work. The more people look at it, the less likely errors like this occur. -- View this message in context: http://runtime-revolution.278305.n4.nabble.com/The-Revenge-of-Buffer-Overflows-tp4678133p4678193.html Sent from the Revolution - User mailing list archive at Nabble.com. ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
The Revenge of Buffer Overflows
A single line of code: memcpy(bp, pl, payload); produced a data breach of unexpected consequences... http://gizmodo.com/how-heartbleed-works-the-code-behind-the-internets-se-1561341209/all -- View this message in context: http://runtime-revolution.278305.n4.nabble.com/The-Revenge-of-Buffer-Overflows-tp4678133.html Sent from the Revolution - User mailing list archive at Nabble.com. ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
Re: The Revenge of Buffer Overflows
Alejandro Tejada wrote: A single line of code: memcpy(bp, pl, payload); produced a data breach of unexpected consequences... http://gizmodo.com/how-heartbleed-works-the-code-behind-the-internets-se-1561341209/all Scott Raney's opinion on buffer overflows: https://www.mail-archive.com/metacard@lists.runrev.com/msg02659.html :) -- Richard Gaskin Fourth World LiveCode training and consulting: http://www.fourthworld.com Webzine for LiveCode developers: http://www.LiveCodeJournal.com Follow me on Twitter: http://twitter.com/FourthWorldSys ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
Re: The Revenge of Buffer Overflows
Richard Gaskin wrote Scott Raney's opinion on buffer overflows: lt;https://www.mail-archive.com/ metacard@.runrev /msg02659.htmlgt; Many thanks for posting this message from Scott Raney. From this message, I found the Top 25 software errors: http://www.sans.org/top25-software-errors/ And Buffer Overflows is at the top in his category: Risky Resource Management http://cwe.mitre.org/top25/index.html#CWE-120 This incident just generates more questions: Who made this specific change in the OpenSSL code? Did he actually knew the consequences of the changes that he committed? Why nobody else noticed, until now? Who knows what evil lurks in the source of trusted software? Al -- View this message in context: http://runtime-revolution.278305.n4.nabble.com/The-Revenge-of-Buffer-Overflows-tp4678133p4678137.html Sent from the Revolution - User mailing list archive at Nabble.com. ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode