Serious OpenSSL vulnerability
Ian Malone
ibmalone at gmail.com
Fri Apr 11 09:33:56 UTC 2014
On 11 April 2014 10:11, Ian Malone <ibmalone at gmail.com> wrote:
> On 11 April 2014 01:45, David <dgboles at gmail.com> wrote:
>> On 4/10/2014 8:28 PM, Ian Malone wrote:
>>> On 11 April 2014 00:55, David <dgboles at gmail.com> wrote:
>>>
>>>>
>>>> Sure. I would not really *greatly* care about tech sites password. I
>>>> would be (was) concerned about my 'money' sites. The sites had to used
>>>> openssl. Which would be any Apache and another one that I can not recall
>>>> at the moment.
>>>>
>>>> But? This time the 'ten feet tall and bullet proof because I use Linux'
>>>> Bull$$hit failed. This one is Linux centered. Period. A programer
>>>> created this and added it to the code. And 'free and a no money'
>>>> supported program mistake not caught for about two years.
>>>
>>> You know OpenSSL is not Linux? And that IIS could equally have had this bug?
>>> http://en.wikipedia.org/wiki/Code_Red_%28computer_worm%29 (also a good
>>> reminder for anyone who thinks vulnerabilities in the news is news)
>>>
>>> It's also not true:
>>>> A group of nice people working part time for nothing. No real
>>>> resources. People with real jobs that pay. Families. And 'part time
>>>> support'. I tip my hat but? Sad.
>>> OpenSSL do support contracts and many of the developers offer
>>> consultancy services. Painting it as something done as a part-time
>>> hobby is a bit misleading.
>>> (And why 'sad' exactly? Also N.B. it's often an insult in British English)
>>>
>>
>>
>> Wow! Really?? Then you really need to talk to everyone that is saying
>> that. Now!!
>>
>
> Thought I'd provide the information. Do with it what you will.
>
PS: I have no idea where you are from and try to assume people are
decent human beings until proven otherwise.
--
imalone
http://ibmalone.blogspot.co.uk
More information about the users
mailing list