on 2014-04-10 10:29 Darren Addy wrote
What the HeartBleed Attack Really Means: http://www.newyorker.com/online/blogs/elements/2014/04/the-internets-telltale-heartbleed.html
it's amusing to see the media rush to explain Heartbleed; perhaps it will increase technical literacy and cause an appropriate correction in the trust we have for internet services
that article is surprisingly good, but it misses slightly on what it calls a "worst-case scenario" — the worst case is that some entities stored huge amounts of encrypted internet traffic, even from before the date the bug was introduced into OpenSSL, and now Heartbleed has been used to get the keys to unlock that trove
also unstated is how Heartbleed will encourage more entities to store as much encrypted traffic as possible on the expectation that there will be other bugs to get the newer keys
-- PDML Pentax-Discuss Mail List PDML@pdml.net http://pdml.net/mailman/listinfo/pdml_pdml.net to UNSUBSCRIBE from the PDML, please visit the link directly above and follow the directions.
