nanog mailing list archives

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

From: "John Levine" <johnl () iecc com>
Date: 13 Apr 2014 21:18:57 -0000

And we all know how well civic duty works as a motivator. If we really 
want to do something
constructive, convince the corpro-takers to open their wallets to fund 
those auditing functions.


For once, I agree with Mike.  (Twice in one year?)

Considering how widely openssl is used, and how important it is, it's
shameful how little support it gets.

I'd also point out that auditing security code is hard, and auditing
SSL/TLS code is extremely hard because the spec depends on a lot of
unusually arcane algorithms, and its implementation is almost
perversely complex (that means PKI and ASN.1.)  So random programmer
eyes are much less likely to find useful stuff than people who have
spent a while learning about the technology.

http://jl.ly/Internet/openssl.html

R's,
John

Current thread:

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years], (continued)
- - - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Valdis . Kletnieks (Apr 11)
    - RE: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Frank Bulk (Apr 11)
    - RE: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Warren Bailey (Apr 11)
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] TGLASSEY (Apr 14)
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Matthew Petach (Apr 14)
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Bengt Larsson (Apr 13)
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Randy Bush (Apr 13)
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Michael Thomas (Apr 13)
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Randy Bush (Apr 13)
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Michael Thomas (Apr 13)
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] John Levine (Apr 13)
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Niels Bakker (Apr 13)
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Warren Bailey (Apr 13)
    - RE: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Thijs Stuurman (Apr 14)
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Scott Howard (Apr 14)
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Patrick W. Gilmore (Apr 14)
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] William Herrin (Apr 14)
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Doug Barton (Apr 14)
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] bmanning (Apr 14)
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Scott Howard (Apr 14)
    - Message not available
    - Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Larry Sheldon (Apr 14)

(Thread continues...)