2. Score another 1 up for interpreted languages that handle array
allocation cleanly. This is more or less a buffer overflow, in a wider
sense.
Virtually the same bug can occur (and has occurred) in memory-safe
languages due to buffer reuse.
Go was mentioned elsewhere in this thread, so
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 11/04/14 23:51, ianG wrote:
2. Score another 1 up for interpreted languages that handle array
allocation cleanly. This is more or less a buffer overflow, in a
wider sense.
Not just interpreted languages - a modern compiled language such as
On 4/11/14, ianG i...@iang.org wrote:
On 11/04/2014 17:50 pm, Jeffrey Walton wrote:
http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html
The U.S. National Security Agency knew for at least two years about a
flaw in the way that many websites
On 11/04/2014 19:36 pm, Arshad Noor wrote:
On 04/11/2014 03:51 PM, ianG wrote:
On 11/04/2014 17:50 pm, Jeffrey Walton wrote:
http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html
The U.S. National Security Agency knew for at least two years
I'm guessing open source just makes it more likely the bug will
eventually be published.
If one assumes that failures will happen, then open source is to
be preferred insofar as in that case (the collective) we can learn
something from said failures. That being so, then the more one
depends
On 04/12/2014 08:33 AM, ianG wrote:
Open source makes this *everyone at risk*.
I would argue that a single closed-source operating system has
done more damage, cumulatively, over the last 20 years than all
FOSS combined (no hard evidence, just gut-instinct and personal
observations).
But
On 04/12/2014 08:59 AM, d...@geer.org wrote:
I'm guessing open source just makes it more likely the bug will
eventually be published.
If one assumes that failures will happen, then open source is to
be preferred insofar as in that case (the collective) we can learn
something from said
So I trust EFF's analysis more here. However this is newer than the latest
article I've seen from EFF. So, where's Bloomberg's technical analysis on
the subject?
On Apr 11, 2014 5:50 PM, Jeffrey Walton noloa...@gmail.com wrote:
On 11/04/2014 17:50 pm, Jeffrey Walton wrote:
http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html
The U.S. National Security Agency knew for at least two years about a
flaw in the way that many websites send sensitive information, now
dubbed
On 04/11/2014 03:51 PM, ianG wrote:
On 11/04/2014 17:50 pm, Jeffrey Walton wrote:
http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html
The U.S. National Security Agency knew for at least two years about a
flaw in the way that many websites send
10 matches
Mail list logo
