I agree Gerrit (on the dent in the reputation of the Open Source peer-reviewed code movement). I think that this is the part of this story that I haven't SEEN yet? Who/where did the insecure code addition COME FROM and why was there the failure to catch it at the time of its being rolled into the official release?
On the other hand, one could successfully argue that the only reason it was CAUGHT AT ALL was because it was Open Source code. How many security problems are there in "get what you pay for" proprietary code that are THERE but simply haven't been discovered or exploited yet (or at least the exploitation has not been discovered yet). Even after this "failure" I feel more secure, at the end of the day, with the Open Source code than the proprietary. On Thu, Apr 10, 2014 at 1:51 PM, Gerrit Visser <gerrit...@psgv.ca> wrote: > Sometimes you get what you pay for. Certainly puts a dent in the > peer-reviewed code is more secure mantra. > > Gerrit > > -----Original Message----- > From: PDML [mailto:pdml-boun...@pdml.net] On Behalf Of Darren Addy > Sent: Thursday, April 10, 2014 1:50 PM > To: Pentax-Discuss Mail List > Subject: Re: Heartbleed > > I found a local internet service provider (and web host) that was vulnerable > and alerted them. > > Interesting that this DOES NOT affect the Windows web server (IIS). > Probably the first time in history that IIS web admins are happy that they > manage a Microsoft product. > > On Thu, Apr 10, 2014 at 12:02 PM, Darren Addy <pixelsmi...@gmail.com> wrote: >> That's a very good point Steve. (I generally consider anything that I >> haven't already thought of as a Good Point). >> : ) >> >> Now who in the world do we think might have the resources to store >> huge amounts of encrypted internet traffic? [COUGH! nsa COUGH!] >> http://www.buzzfeed.com/charliewarzel/the-nsa-and-the-real-problem-beh >> ind-the-heartbleed-security >> >> >> >> On Thu, Apr 10, 2014 at 11:54 AM, steve harley <p...@paper-ape.com> wrote: >>> on 2014-04-10 10:29 Darren Addy wrote >>> >>>> What the HeartBleed Attack Really Means: >>>> >>>> http://www.newyorker.com/online/blogs/elements/2014/04/the-internets >>>> -telltale-heartbleed.html >>> >>> >>> it's amusing to see the media rush to explain Heartbleed; perhaps it >>> will increase technical literacy and cause an appropriate correction >>> in the trust we have for internet services >>> >>> that article is surprisingly good, but it misses slightly on what it >>> calls a "worst-case scenario" -- the worst case is that some entities >>> stored huge amounts of encrypted internet traffic, even from before >>> the date the bug was introduced into OpenSSL, and now Heartbleed has >>> been used to get the keys to unlock that trove >>> >>> also unstated is how Heartbleed will encourage more entities to store >>> as much encrypted traffic as possible on the expectation that there >>> will be other bugs to get the newer keys >>> >>> >>> >>> >>> -- >>> PDML Pentax-Discuss Mail List >>> PDML@pdml.net >>> http://pdml.net/mailman/listinfo/pdml_pdml.net >>> to UNSUBSCRIBE from the PDML, please visit the link directly above >>> and follow the directions. >> >> >> >> -- >> Photographers must learn not to be ashamed to have their photographs >> look like photographs. >> ~ Alfred Stieglitz > > > > -- > Photographers must learn not to be ashamed to have their photographs look > like photographs. > ~ Alfred Stieglitz > > -- > PDML Pentax-Discuss Mail List > PDML@pdml.net > http://pdml.net/mailman/listinfo/pdml_pdml.net > to UNSUBSCRIBE from the PDML, please visit the link directly above and > follow the directions. > > > -- > PDML Pentax-Discuss Mail List > PDML@pdml.net > http://pdml.net/mailman/listinfo/pdml_pdml.net > to UNSUBSCRIBE from the PDML, please visit the link directly above and follow > the directions. -- Photographers must learn not to be ashamed to have their photographs look like photographs. ~ Alfred Stieglitz -- PDML Pentax-Discuss Mail List PDML@pdml.net http://pdml.net/mailman/listinfo/pdml_pdml.net to UNSUBSCRIBE from the PDML, please visit the link directly above and follow the directions.
