On 4/10/2014 8:28 PM, Ian Malone wrote:
On 11 April 2014 00:55, David dgboles@gmail.com wrote:
Sure. I would not really *greatly* care about tech sites password. I would be (was) concerned about my 'money' sites. The sites had to used openssl. Which would be any Apache and another one that I can not recall at the moment.
But? This time the 'ten feet tall and bullet proof because I use Linux' Bull$$hit failed. This one is Linux centered. Period. A programer created this and added it to the code. And 'free and a no money' supported program mistake not caught for about two years.
You know OpenSSL is not Linux? And that IIS could equally have had this bug? http://en.wikipedia.org/wiki/Code_Red_%28computer_worm%29 (also a good reminder for anyone who thinks vulnerabilities in the news is news)
It's also not true:
A group of nice people working part time for nothing. No real resources. People with real jobs that pay. Families. And 'part time support'. I tip my hat but? Sad.
OpenSSL do support contracts and many of the developers offer consultancy services. Painting it as something done as a part-time hobby is a bit misleading. (And why 'sad' exactly? Also N.B. it's often an insult in British English)
Wow! Really?? Then you really need to talk to everyone that is saying that. Now!!