nanog mailing list archives
Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]
From: William Herrin <bill () herrin us>
Date: Fri, 11 Apr 2014 21:03:10 -0400
On Fri, Apr 11, 2014 at 6:27 PM, Peter Kristolaitis <alter3d () alter3d ca> wrote:
I would imagine that federal contractors have to adhere to FIPS 140-2 standards (or some similar requirement) for sensitive environments, and none of the affected OpenSSL versions were certified to any FIPS standard... the last version that WAS certified (0.9.8j) is only rated to Level 1, which, being the lowest possible rating, I suspect is not permitted for use by NSA contractors -- they're probably required to use level 3 or 4 for everything.
Some of the time, sure. And some of the time they buy Red Hat Linux off the shelf like everybody else. They have budgets too. They can't do everything at the highest protection level. Or did you think they were above and immune to the ordinary business realities of the 21st century? Regards, Bill Herrin -- William D. Herrin ................ herrin () dirtside com bill () herrin us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
Current thread:
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years], (continued)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Jason Iannone (Apr 16)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Glen Turner (Apr 16)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Barry Shein (Apr 16)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] TGLASSEY (Apr 16)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Scott Howard (Apr 16)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Barry Shein (Apr 16)
- Message not available
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Larry Sheldon (Apr 16)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Scott Howard (Apr 16)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Warren Bailey (Apr 11)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] William Herrin (Apr 11)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Scott Howard (Apr 15)