From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Roberto Spadim
Sent: Sunday, 13 April, 2014 13:53
The problem isn't new features the problem is how to write tests that should
find security
problems and tests to find bugs
A false dichotomy, as
2014-04-14 10:02 GMT-03:00 Michael Wojcik michael.woj...@microfocus.com:
From: owner-openssl-us...@openssl.org [mailto:
owner-openssl-us...@openssl.org] On Behalf Of Roberto Spadim
Sent: Sunday, 13 April, 2014 13:53
The problem isn't new features the problem is how to write tests that
Hi,
I wasn't really sure where to ask this, but I think this list is
appropriate.
While having read so much about heartbleed, one question stays
unanswered for me all the time:
What's the use of this heartbeat extension? I mean not the theoretical
use (I can imagine that) but the use in
On 13 Apr 2014, at 12:25 PM, Hanno Böck ha...@hboeck.de wrote:
I wasn't really sure where to ask this, but I think this list is
appropriate.
While having read so much about heartbleed, one question stays
unanswered for me all the time:
What's the use of this heartbeat extension? I mean not
On Sun, 13 Apr 2014 13:12:41 +0200
Graham Leggett minf...@sharp.fm wrote:
On 13 Apr 2014, at 12:25 PM, Hanno Böck ha...@hboeck.de wrote:
Is there any software out there that doees anything with heatbeat?
And more specifically: If there is, is it using TCP or UDP?
The RFC answers this:
On Sun, Apr 13, 2014 at 7:49 AM, Hanno Böck ha...@hboeck.de wrote:
On Sun, 13 Apr 2014 13:12:41 +0200
Graham Leggett minf...@sharp.fm wrote:
On 13 Apr 2014, at 12:25 PM, Hanno Böck ha...@hboeck.de wrote:
Is there any software out there that doees anything with heatbeat?
And more
Graham Leggett wrote:
On 13 Apr 2014, at 12:25 PM, Hanno Böck ha...@hboeck.de wrote:
I wasn't really sure where to ask this, but I think this list is
appropriate.
While having read so much about heartbleed, one question stays
unanswered for me all the time:
What's the use of this
On 13 Apr 2014, at 2:04 PM, Michael Ströder mich...@stroeder.com wrote:
No, it does *not* answer the question.
The question was: Who is currently using it?
Just to clarify any possible confusion, whether or not a piece of software
actively uses the heartbeat makes no difference to the bug,
Graham Leggett wrote:
On 13 Apr 2014, at 2:04 PM, Michael Ströder mich...@stroeder.com wrote:
No, it does *not* answer the question.
The question was: Who is currently using it?
Just to clarify any possible confusion, whether or not a piece of software
actively uses the heartbeat makes no
Just to clarify any possible confusion, whether or not a piece of software
actively uses the heartbeat makes no difference to the bug, you are still
vulnerable simply by virtue of the feature being there. Make sure that if
you are using an effected version of openssl, you patch openssl.
I
On 04/13/2014 10:54 AM, Michael Ströder wrote:
...
A clarifying note especially to OpenSSL developers:
Many thanks for your work and I feel your pain these days.
But maybe it's the right time to think about putting two feet on the brake
pedal against the feature bloat.
I heartily agree.
That is the state of software industry today, so no surprises there.
Organizations who spend time and effort on fixing code (generic usage) are far
and few in between (close to being non-existent).
-Amarendra
--
sent via 100% recycled electrons from my mobile command center.
On Apr 13, 2014,
The problem isn't new features the problem is how to write tests that
should find security problems and tests to find bugs
Em domingo, 13 de abril de 2014, ag@gmail amarendra.godb...@gmail.com
escreveu:
That is the state of software industry today, so no surprises there.
Organizations who
13 matches
Mail list logo