Serious OpenSSL vulnerability
Ian Malone
ibmalone at gmail.com
Fri Apr 11 00:28:28 UTC 2014
On 11 April 2014 00:55, David <dgboles at gmail.com> wrote:
>
> Sure. I would not really *greatly* care about tech sites password. I
> would be (was) concerned about my 'money' sites. The sites had to used
> openssl. Which would be any Apache and another one that I can not recall
> at the moment.
>
> But? This time the 'ten feet tall and bullet proof because I use Linux'
> Bull$$hit failed. This one is Linux centered. Period. A programer
> created this and added it to the code. And 'free and a no money'
> supported program mistake not caught for about two years.
You know OpenSSL is not Linux? And that IIS could equally have had this bug?
http://en.wikipedia.org/wiki/Code_Red_%28computer_worm%29 (also a good
reminder for anyone who thinks vulnerabilities in the news is news)
It's also not true:
> A group of nice people working part time for nothing. No real
> resources. People with real jobs that pay. Families. And 'part time
> support'. I tip my hat but? Sad.
OpenSSL do support contracts and many of the developers offer
consultancy services. Painting it as something done as a part-time
hobby is a bit misleading.
(And why 'sad' exactly? Also N.B. it's often an insult in British English)
--
imalone
http://ibmalone.blogspot.co.uk
More information about the users
mailing list