nanog mailing list archives

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

From: Michael Thomas <mike () mtcc com>
Date: Mon, 14 Apr 2014 16:14:17 -0700

On 4/14/14 4:06 PM, Randy Bush wrote:

for those you can blame the vendor.  this one is owned by the
community.  it falls on us to try to lower the probability of a next
one by actively auditing source as our civic duty.

is that kind of like jury duty?  if only it were more like literature,
which we could read for enjoyment.

true.  also, as someone whacked me, far too many networkers can not read
code at all.


It's much, much worse than that. I can still read code plenty fine, but bugs can be
extremely obscure, and triply so with convoluted security code where people are
actively going after you to find problems in most inventive ways. Openssl, etc,
probably need to be treated more like Mars Landers than the typical github forkfest.

Mike

Current thread:

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years], (continued)
- - - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Scott Howard (Apr 14)
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Patrick W. Gilmore (Apr 14)
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] William Herrin (Apr 14)
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Doug Barton (Apr 14)
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] bmanning (Apr 14)
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Scott Howard (Apr 14)
    - Message not available
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Larry Sheldon (Apr 14)
    - Message not available
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Larry Sheldon (Apr 14)
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Mark Seiden (Apr 14)
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Randy Bush (Apr 14)
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Michael Thomas (Apr 14)
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Nathan Angelacos (Apr 14)
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Michael Thomas (Apr 14)
    - RE: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Matthew Black (Apr 14)
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Simon Perreault (Apr 14)
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] TGLASSEY (Apr 14)
    - Message not available
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Larry Sheldon (Apr 14)
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Seth David Schoen (Apr 14)
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] John Levine (Apr 14)
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Doug Barton (Apr 14)
    - Re: [[Infowarrior] - NSA blah blah blah blah.... bmanning (Apr 14)

(Thread continues...)