nanog mailing list archives
RE: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]
From: Thijs Stuurman <Thijs.Stuurman () is nl>
Date: Mon, 14 Apr 2014 14:55:49 +0000
I applaud their effort but please see https://blogs.akamai.com/2014/04/heartbleed-update-v3.html & http://lekkertech.net/akamai.txt Kind regards / Vriendelijke groet, IS Group Thijs Stuurman -----Oorspronkelijk bericht----- Van: Niels Bakker [mailto:niels=nanog () bakker net] Verzonden: Sunday, April 13, 2014 6:53 PM Aan: nanog () nanog org Onderwerp: Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] * randy () psg com (Randy Bush) [Sun 13 Apr 2014, 16:52 CEST]:
the point of open source is that the community is supposed to be doing this. we failed.Versus all of the closed source bugs that nobody can know of or do anything about?for those you can blame the vendor.
BSAFE is almost worse if you go by the recent advisories that have been released about it. Many vendors incorporated OpenSSL into their products and sold the result for commercial profit without doing (in retrospect) enough due diligence. Besides, having a third party to blame doesn't make our data safer... At least one vendor, Akamai is helping out now: http://marc.info/?l=openssl-users&m=139723710923076&w=2 I hope other vendors will follow suit.
this one is owned by the community. it falls on us to try to lower the probability of a next one by actively auditing source as our civic duty.
I donated some money to the OpenSSL project and hope others will do, or have already done, the same. It's clear that they are internet infrastructure and need more support. -- Niels.
Current thread:
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years], (continued)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] TGLASSEY (Apr 14)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Matthew Petach (Apr 14)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Bengt Larsson (Apr 13)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Randy Bush (Apr 13)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Michael Thomas (Apr 13)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Randy Bush (Apr 13)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Michael Thomas (Apr 13)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] John Levine (Apr 13)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Niels Bakker (Apr 13)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Warren Bailey (Apr 13)
- RE: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Thijs Stuurman (Apr 14)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Scott Howard (Apr 14)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Patrick W. Gilmore (Apr 14)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] William Herrin (Apr 14)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Doug Barton (Apr 14)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] bmanning (Apr 14)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Scott Howard (Apr 14)
- Message not available
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Larry Sheldon (Apr 14)
- Message not available
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Larry Sheldon (Apr 14)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Mark Seiden (Apr 14)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Randy Bush (Apr 14)