[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

Subject: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]
From: johnl at iecc.com (John Levine)
Date: 13 Apr 2014 21:18:57 -0000
In-reply-to: <[email protected]>

>And we all know how well civic duty works as a motivator. If we really 
>want to do something
>constructive, convince the corpro-takers to open their wallets to fund 
>those auditing functions.

For once, I agree with Mike.  (Twice in one year?)

Considering how widely openssl is used, and how important it is, it's
shameful how little support it gets.

I'd also point out that auditing security code is hard, and auditing
SSL/TLS code is extremely hard because the spec depends on a lot of
unusually arcane algorithms, and its implementation is almost
perversely complex (that means PKI and ASN.1.)  So random programmer
eyes are much less likely to find useful stuff than people who have
spent a while learning about the technology.

http://jl.ly/Internet/openssl.html

R's,
John

References:
- [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]
  - From: mike at mtcc.com (Michael Thomas)

Prev by Date: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]
Next by Date: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]
Previous by thread: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]
Next by thread: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]
Index(es):
- Date
- Thread