nanog mailing list archives
Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]
From: Michael Thomas <mike () mtcc com>
Date: Mon, 14 Apr 2014 16:14:17 -0700
On 4/14/14 4:06 PM, Randy Bush wrote:
for those you can blame the vendor. this one is owned by the community. it falls on us to try to lower the probability of a next one by actively auditing source as our civic duty.is that kind of like jury duty? if only it were more like literature, which we could read for enjoyment.true. also, as someone whacked me, far too many networkers can not read code at all.
It's much, much worse than that. I can still read code plenty fine, but bugs can be extremely obscure, and triply so with convoluted security code where people are actively going after you to find problems in most inventive ways. Openssl, etc, probably need to be treated more like Mars Landers than the typical github forkfest. Mike
Current thread:
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years], (continued)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Scott Howard (Apr 14)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Patrick W. Gilmore (Apr 14)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] William Herrin (Apr 14)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Doug Barton (Apr 14)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] bmanning (Apr 14)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Scott Howard (Apr 14)
- Message not available
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Larry Sheldon (Apr 14)
- Message not available
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Larry Sheldon (Apr 14)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Mark Seiden (Apr 14)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Randy Bush (Apr 14)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Michael Thomas (Apr 14)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Nathan Angelacos (Apr 14)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Michael Thomas (Apr 14)
- RE: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Matthew Black (Apr 14)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Simon Perreault (Apr 14)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] TGLASSEY (Apr 14)
- Message not available
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Larry Sheldon (Apr 14)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Seth David Schoen (Apr 14)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] John Levine (Apr 14)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Doug Barton (Apr 14)
- Re: [[Infowarrior] - NSA blah blah blah blah.... bmanning (Apr 14)