Sometimes you get what you pay for. Certainly puts a dent in the
peer-reviewed code is more secure mantra.

Gerrit

-----Original Message-----
From: PDML [mailto:pdml-boun...@pdml.net] On Behalf Of Darren Addy
Sent: Thursday, April 10, 2014 1:50 PM
To: Pentax-Discuss Mail List
Subject: Re: Heartbleed

I found a local internet service provider (and web host) that was vulnerable
and alerted them.

Interesting that this DOES NOT affect the Windows web server (IIS).
Probably the first time in history that IIS web admins are happy that they
manage a Microsoft product.

On Thu, Apr 10, 2014 at 12:02 PM, Darren Addy <pixelsmi...@gmail.com> wrote:
> That's a very good point Steve. (I generally consider anything that I 
> haven't already thought of as a Good Point).
> : )
>
> Now who in the world do we think might have the resources to store 
> huge amounts of encrypted internet traffic? [COUGH! nsa COUGH!] 
> http://www.buzzfeed.com/charliewarzel/the-nsa-and-the-real-problem-beh
> ind-the-heartbleed-security
>
>
>
> On Thu, Apr 10, 2014 at 11:54 AM, steve harley <p...@paper-ape.com> wrote:
>> on 2014-04-10 10:29 Darren Addy wrote
>>
>>> What the HeartBleed Attack Really Means:
>>>
>>> http://www.newyorker.com/online/blogs/elements/2014/04/the-internets
>>> -telltale-heartbleed.html
>>
>>
>> it's amusing to see the media rush to explain Heartbleed; perhaps it 
>> will increase technical literacy and cause an appropriate correction 
>> in the trust we have for internet services
>>
>> that article is surprisingly good, but it misses slightly on what it 
>> calls a "worst-case scenario" -- the worst case is that some entities 
>> stored huge amounts of encrypted internet traffic, even from before 
>> the date the bug was introduced into OpenSSL, and now Heartbleed has 
>> been used to get the keys to unlock that trove
>>
>> also unstated is how Heartbleed will encourage more entities to store 
>> as much encrypted traffic as possible on the expectation that there 
>> will be other bugs to get the newer keys
>>
>>
>>
>>
>> --
>> PDML Pentax-Discuss Mail List
>> PDML@pdml.net
>> http://pdml.net/mailman/listinfo/pdml_pdml.net
>> to UNSUBSCRIBE from the PDML, please visit the link directly above 
>> and follow the directions.
>
>
>
> --
> Photographers must learn not to be ashamed to have their photographs 
> look like photographs.
> ~ Alfred Stieglitz



--
Photographers must learn not to be ashamed to have their photographs look
like photographs.
~ Alfred Stieglitz

--
PDML Pentax-Discuss Mail List
PDML@pdml.net
http://pdml.net/mailman/listinfo/pdml_pdml.net
to UNSUBSCRIBE from the PDML, please visit the link directly above and
follow the directions.


-- 
PDML Pentax-Discuss Mail List
PDML@pdml.net
http://pdml.net/mailman/listinfo/pdml_pdml.net
to UNSUBSCRIBE from the PDML, please visit the link directly above and follow 
the directions.

Reply via email to