nanog mailing list archives
Re: [ PRIVACY Forum ] Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping
From: Tom Morris <blueneon () gmail com>
Date: Wed, 5 Mar 2014 18:11:53 -0500
Been spending most of the day scrubbing away that vuln in my facility here.... now here's the fun part: imagine just how many embedded devices (most of which get orphaned from a software maintenance perspective the moment they hit the store shelves) are gonna have this flaw. There's been the discussion of crappy home broadband CPE... Only a matter of time before someone fakes the certificate and breaks a "trusted" software update method, or heck... a dns explot + fake certificate = several million compromised payment card terminals. On Wed, Mar 5, 2014 at 4:58 PM, jim deleskie <deleskie () gmail com> wrote:
Doing some serious adjusting of my tinfoil today over his :) -jim On Wed, Mar 5, 2014 at 5:03 PM, Jay Ashworth <jra () baylink com> wrote:----- Original Message -----From: "Leo Bicknell" <bicknell () ufp org>On Mar 4, 2014, at 9:07 PM, Jay Ashworth <jra () baylink com> wrote:Is this the *same* bug that just broke in Apple code last week?No, the Apple bug was the existence of an /extra/ "goto fail;". The GnuTLS bug was that it was /missing/ a "goto fail;". I'm figuring the same developer worked on both, and just put the line in the wrong repository. :)Those who speculate that these bugs happened at the behest of the NSA would probably agree with you. Cheers, -- jra -- Jay R. Ashworth Baylink jra () baylink com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
-- -- Tom Morris, KG4CYX Mad Scientist and Operations Manager, WDNA-FM 88.9 Miami - Serious Jazz! 786-228-7087 151.820 Megacycles
Current thread:
- Fwd: [ PRIVACY Forum ] Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping Jay Ashworth (Mar 04)
- Re: Fwd: [ PRIVACY Forum ] Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping Matt Palmer (Mar 04)
- Re: [ PRIVACY Forum ] Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping Leo Bicknell (Mar 05)
- Re: [ PRIVACY Forum ] Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping Jay Ashworth (Mar 05)
- Re: [ PRIVACY Forum ] Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping jim deleskie (Mar 05)
- Re: [ PRIVACY Forum ] Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping Tom Morris (Mar 05)
- Re: [ PRIVACY Forum ] Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping Jay Ashworth (Mar 05)