[kwlug-disc] Stronger SSH keys and SSL certificates

CrankyOldBugger crankyoldbugger at gmail.com
Tue Apr 22 12:17:05 EDT 2014

Interesting line in
from OpenSSL Software Foundation President Steve Marquess:

[As for Heartbleed], "the mystery is not that a few overworked volunteers
missed this bug," Marquess wrote. "The mystery is why it hasn’t happened
more often."

On 22 April 2014 09:37, Giles Malet <gdmalet at gmail.com> wrote:

> On 04/22/2014 03:42 AM, unsolicited wrote:
>> So, now not only are you postulating that the NSA has injected source
>> code into OpenSSL, and successfully had it accepted world wide for all
>> compile from source repositories (otherwise there would be no point,
>> there would be nothing on the other side of the connection for the NSA
>> to exploit), you are suggesting that simultaneously they have done so
>> into gcc to accept and hide the exploit.  [...]
> I said none of that. Could you please keep your attributions correct. I
> merely pointed out that one of your assertions is factually incorrect.
> g
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20140422/759ba944/attachment.html>

More information about the kwlug-disc mailing list