[kwlug-disc] Stronger SSH keys and SSL certificates

CrankyOldBugger crankyoldbugger at gmail.com
Tue Apr 22 12:17:05 EDT 2014


Interesting line in
http://arstechnica.com/information-technology/2014/04/openssl-code-beyond-repair-claims-creator-of-libressl-fork/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+arstechnica%2Findex+%28Ars+Technica+-+All+content%29,
from OpenSSL Software Foundation President Steve Marquess:

[As for Heartbleed], "the mystery is not that a few overworked volunteers
missed this bug," Marquess wrote. "The mystery is why it hasn’t happened
more often."




On 22 April 2014 09:37, Giles Malet <gdmalet at gmail.com> wrote:

> On 04/22/2014 03:42 AM, unsolicited wrote:
>
>> So, now not only are you postulating that the NSA has injected source
>> code into OpenSSL, and successfully had it accepted world wide for all
>> compile from source repositories (otherwise there would be no point,
>> there would be nothing on the other side of the connection for the NSA
>> to exploit), you are suggesting that simultaneously they have done so
>> into gcc to accept and hide the exploit.  [...]
>>
>
> I said none of that. Could you please keep your attributions correct. I
> merely pointed out that one of your assertions is factually incorrect.
>
> g
>
>
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20140422/759ba944/attachment.html>


More information about the kwlug-disc mailing list