nanog mailing list archives

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

From: Larry Sheldon <LarrySheldon () cox net>
Date: Mon, 14 Apr 2014 18:02:12 -0500

On 4/14/2014 9:38 AM, Matthew Black wrote:

Shouldn't a decent OS scrub RAM and disk sectors before allocating
them to processes, unless that process enters processor privileged
mode and sets a call flag? I recall digging through disk sectors on
RSTS/E to look for passwords and other interesting stuff over 30
years ago.

I have been out of the loop for quite a while but my strongly heldbelief is that such scrubbing would be an enormous (and intolerable)overhead in any but a classified system running up around "secret" orhigher. (I know of a system in Silicon Valley where they would bring uscore dumps to print because their system was down so hard.

The dump program would take about a third of a box of fanfold and stackit, still blank, as I recall, in the stacker.

Seems like the law of the land was "If you did not set the value, youcan make no assumptions about it."


--
Requiescas in pace o email           Two identifying characteristics
                                        of System Administrators:
Ex turpi causa non oritur actio      Infallibility, and the ability to
                                        learn from their mistakes.
                                          (Adapted from Stephen Pinker)

Current thread:

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years], (continued)
- - - Message not available
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Larry Sheldon (Apr 14)
    - Message not available
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Larry Sheldon (Apr 14)
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Mark Seiden (Apr 14)
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Randy Bush (Apr 14)
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Michael Thomas (Apr 14)
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Nathan Angelacos (Apr 14)
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Michael Thomas (Apr 14)
    - RE: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Matthew Black (Apr 14)
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Simon Perreault (Apr 14)
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] TGLASSEY (Apr 14)
    - Message not available
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Larry Sheldon (Apr 14)
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Seth David Schoen (Apr 14)
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] John Levine (Apr 14)
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Doug Barton (Apr 14)
    - Re: [[Infowarrior] - NSA blah blah blah blah.... bmanning (Apr 14)
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Matthew Petach (Apr 14)
    - RE: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Matthew Black (Apr 15)
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Glen Wiley (Apr 15)
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Scott Howard (Apr 15)
    - RE: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Barry Shein (Apr 15)
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Jason Iannone (Apr 16)

(Thread continues...)