Full Disclosure mailing list archives
Re: heartbleed OpenSSL bug CVE-2014-0160
From: Ferenc Kovacs <tyra3l () gmail com>
Date: Fri, 11 Apr 2014 17:32:30 +0200
On Fri, Apr 11, 2014 at 5:29 PM, Michal Zalewski <lcamtuf () coredump cx>wrote:
> 1. inclusive of [1..3] above2. replace all operating systems 3. audit or replace all user dataAnd also burn the hardware, given that if you're assuming the worst-case scenario, all your firmware is now replaced with that of Roomba. I mean, it's a very cool bug. I'm jealous of Neel. But it's also one of the most weird PR cycles I have seen in recent history and I don't think it happened entirely on its own. I think it's funny that apparently the first thing Codenomicon did was to register heartbleed.com on Saturday - and then waited with contacting OpenSSL for at least two more days, as if that mattered less.
don't forget coming up with the cool name and logo, and putting together the site itself. while they ran out of the time to notify the distros, so they can build and publish the fixed versions before the news gets out. -- Ferenc Kovács @Tyr43l - http://tyrael.hu _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Re: heartbleed OpenSSL bug CVE-2014-0160, (continued)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Ivan .Heca (Apr 10)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Michal Zalewski (Apr 10)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Paul Vixie (Apr 10)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Paul Vixie (Apr 10)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Ivan .Heca (Apr 11)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Brandon Perry (Apr 11)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Marco Davids (priv) (Apr 11)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Juergen Christoffel (Apr 11)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Paul Vixie (Apr 11)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Michal Zalewski (Apr 11)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Ferenc Kovacs (Apr 11)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Manuel Tiago Pereira (Apr 11)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Schmidt, Michael (Apr 11)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Afonso Araújo Neto (Apr 11)
- Message not available
- Re: heartbleed OpenSSL bug CVE-2014-0160 Ricardo Iramar dos Santos (Apr 11)
- Re: heartbleed OpenSSL bug CVE-2014-0160 HaCKsPy (Apr 11)
- Andrew "Weev" Auernheimer's Conviction Thrown Out g () 1337 io (Apr 11)
- Re: Andrew "Weev" Auernheimer's Conviction Thrown Out Jeffrey Paul (Apr 11)
- Re: Andrew "Weev" Auernheimer's Conviction Thrown Out Groundworks Technologies Advisories (Apr 11)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Michal Zalewski (Apr 11)