Re: heartbleed OpenSSL bug CVE-2014-0160

[Ferenc Kovacs <tyra3l () gmail com>]

On Fri, Apr 11, 2014 at 5:29 PM, Michal Zalewski <lcamtuf () coredump cx>wrote:

>   > 1. inclusive of [1..3] above
> > 2. replace all operating systems
> > 3. audit or replace all user data
>
> And also burn the hardware, given that if you're assuming the
> worst-case scenario, all your firmware is now replaced with that of
> Roomba.
>
> I mean, it's a very cool bug. I'm jealous of Neel.
>
> But it's also one of the most weird PR cycles I have seen in recent
> history and I don't think it happened entirely on its own. I think
> it's funny that apparently the first thing Codenomicon did was to
> register heartbleed.com on Saturday - and then waited with contacting
> OpenSSL for at least two more days, as if that mattered less.

don't forget coming up with the cool name and logo, and putting together
the site itself.
while they ran out of the time to notify the distros, so they can build and
publish the fixed versions before the news gets out.

-- 
Ferenc Kovács
@Tyr43l - http://tyrael.hu

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/