[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]
- Subject: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]
- From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)
- Date: Fri, 11 Apr 2014 20:49:47 -0400
- In-reply-to: Your message of "Sat, 12 Apr 2014 07:56:01 +1000." <[email protected]>
- References: <[email protected]> <CAP-guGVNRhBusApvVCmcjCG0oc=JU6OAGK7-HX_y2gU5nrwbeA@mail.gmail.com> <[email protected]>
On Sat, 12 Apr 2014 07:56:01 +1000, Matt Palmer said:
> The interesting thing to me is that the article claims the NSA have been
> using this for "over two years", but 1.0.1 (the first vulnerable version)
> was only released on 14 Mar 2012. That means that either:
> * The NSA found it *amazingly* quickly (they're very good at what they do,
> but I don't believe them have superhuman talents); or
You seriously think the NSA *isn't* watching the commits to security-relevant
open source? Remember - it was a bonehead bug, it's *not* unreasonable for
somebody who was auditing the code to spot it. Heck, there's a good chance that
automated tools could have spotted it.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 848 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20140411/b4e14af3/attachment.bin>