Full Disclosure mailing list archives
Re: heartbleed OpenSSL bug CVE-2014-0160
From: Michal Zalewski <lcamtuf () coredump cx>
Date: Fri, 11 Apr 2014 16:26:16 -0700
http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html
Uh huh. And here's a fairly unequivocal rebuttal: http://icontherecord.tumblr.com/post/82416436703/statement-on-bloomberg-news-story-that-nsa-knew There's not a whole lot of wiggle room. It's possible that the statement is an outright lie, but as much as I never expected to be saying that, I'm more inclined to side with the NSA than with "unnamed sources" in online journalism. The latter has gone kind of bonkers post-Snowden, mixing legitimate (and sometimes very concerning) revelations with a remarkable amount of drivel.
Don't you guys feel that in the last 12 months, there are very many bugs related to SSL showing up ?
Um, probably not? /mz _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Re: heartbleed OpenSSL bug CVE-2014-0160, (continued)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Ferenc Kovacs (Apr 11)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Manuel Tiago Pereira (Apr 11)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Schmidt, Michael (Apr 11)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Afonso Araújo Neto (Apr 11)
- Message not available
- Re: heartbleed OpenSSL bug CVE-2014-0160 Ricardo Iramar dos Santos (Apr 11)
- Re: heartbleed OpenSSL bug CVE-2014-0160 HaCKsPy (Apr 11)
- Andrew "Weev" Auernheimer's Conviction Thrown Out g () 1337 io (Apr 11)
- Re: Andrew "Weev" Auernheimer's Conviction Thrown Out Jeffrey Paul (Apr 11)
- Re: Andrew "Weev" Auernheimer's Conviction Thrown Out Groundworks Technologies Advisories (Apr 11)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Michal Zalewski (Apr 11)