nanog mailing list archives
Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]
From: Valdis.Kletnieks () vt edu
Date: Fri, 11 Apr 2014 20:49:47 -0400
On Sat, 12 Apr 2014 07:56:01 +1000, Matt Palmer said:
The interesting thing to me is that the article claims the NSA have been using this for "over two years", but 1.0.1 (the first vulnerable version) was only released on 14 Mar 2012. That means that either:
* The NSA found it *amazingly* quickly (they're very good at what they do, but I don't believe them have superhuman talents); or
You seriously think the NSA *isn't* watching the commits to security-relevant open source? Remember - it was a bonehead bug, it's *not* unreasonable for somebody who was auditing the code to spot it. Heck, there's a good chance that automated tools could have spotted it.
Attachment:
_bin
Description:
Current thread:
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years], (continued)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Stephen Frost (Apr 11)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Chris Adams (Apr 11)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] William Herrin (Apr 11)
- RE: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Matthew Black (Apr 14)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Donald Eastlake (Apr 14)
- RE: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Matthew Black (Apr 14)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Mike A (Apr 18)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] William Herrin (Apr 11)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Valdis . Kletnieks (Apr 11)
- RE: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Frank Bulk (Apr 11)
- RE: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Warren Bailey (Apr 11)