And it's exactly as bad as stated.

1,095 registered users | 1 active user | 0 LpH | Statistics
Login | Create New User

Welcome to IWETHEY!

Post #388,542 by pwhysall 4/14/14 7:36:53 AM Reply	And it's exactly as bad as stated. CloudFlare have challenged people to extract their private keys. Mission accomplished, by two people: http://www.engadget....dflare-challenge/ OK, so this was a stupid buffer overflow. But wait! There's more! The OpenSSL software actually and intentionally circumvents the system malloc, that, in the case of OpenBSD at least, would have prevented this flaw from being the giant clusterfuck it actually is: Reddit: http://www.reddit.co...ploit_mitigation/ The inimitable Theo on the openbsd.misc list on Gmane: http://article.gmane...enbsd.misc/211963 Analysis of what's wrong (answer: everything) with OpenSSL's memory allocator: http://www.tedunangs...sl-freelist-reuse Article describing the general utter shittiness of OpenSSL's code: https://www.peereboo...html/openssl.html
Post #388,550 by a6l6e6x 4/14/14 12:33:20 PM Reply	Damn! So, it wasn't the A Team assigned to develop and maintain critical infrastructure that is SSL. Alex ÂThere is a cult of ignorance in the United States, and there has always been. The strain of anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that "my ignorance is just as good as your knowledge.Â -- Isaac Asimov
Post #388,599 by static 4/15/14 10:32:00 PM Reply	Irony. That last site has a self-signed certificate. Wade. Just Add Story http://justaddstory.wordpress.com/

Heartbleed and OpenSSL - (folkert) - (27) - April 8, 2014, 10:09:41 AM EDT

Re: Heartbleed and OpenSSL - (pwhysall) - (6) - April 8, 2014, 05:52:36 PM EDT

#1353 - (Another Scott) - (1) - April 9, 2014, 08:24:36 AM EDT

:0) -NT - (mmoffitt) - April 9, 2014, 08:43:36 AM EDT

Well dammit -NT - (drook) - April 9, 2014, 11:12:36 AM EDT

It is even more fun than that - (scoenye) - (1) - April 9, 2014, 06:42:50 PM EDT

Look for "pacemaker" as related to heartbleed... - (folkert) - April 10, 2014, 01:53:52 AM EDT

Amazing... - (folkert) - April 10, 2014, 01:47:49 AM EDT

It now has its own website.. - (Ashton) - (2) - April 9, 2014, 04:50:04 PM EDT

Most damning point IMO - (drook) - (1) - April 9, 2014, 05:01:17 PM EDT

Yes... this. ^^^ -NT - (folkert) - April 10, 2014, 01:52:43 AM EDT

XKCD is cool today - (drook) - (1) - April 11, 2014, 01:34:52 PM EDT

wow - (crazy) - April 11, 2014, 01:50:42 PM EDT

SJMN: White House and NSA deny they knew about it. - (Another Scott) - (10) - April 11, 2014, 09:31:33 PM EDT

Re: SJMN: White House and NSA deny they knew about it. - (pwhysall) - (9) - April 14, 2014, 07:29:44 AM EDT

I find this comment at Wonkette plausible. - (Another Scott) - (4) - April 14, 2014, 08:04:31 AM EDT

Note the followup if you use Chrome. - (Another Scott) - (3) - April 14, 2014, 08:56:04 AM EDT

So Google doesn't understand the implications of... - (a6l6e6x) - (2) - April 14, 2014, 12:18:46 PM EDT

Deliberately turned off as of 2012 - (scoenye) - (1) - April 15, 2014, 06:44:12 PM EDT

I wonder if "Lifelock" is getting a spike in business... :-( -NT - (Another Scott) - April 15, 2014, 07:19:35 PM EDT

Hola Peter.. Query: - (Ashton) - (3) - April 14, 2014, 08:18:39 PM EDT

Re: Hola Peter.. Query: - (pwhysall) - (2) - April 15, 2014, 03:42:33 AM EDT

hehe. -NT - (Another Scott) - April 15, 2014, 08:27:48 AM EDT

No they wouldn't ... they've got Policies -NT - (drook) - April 15, 2014, 08:37:53 AM EDT

And it's exactly as bad as stated. - (pwhysall) - (2) - April 14, 2014, 07:36:53 AM EDT

Damn! - (a6l6e6x) - April 14, 2014, 12:33:20 PM EDT

Irony. - (static) - April 15, 2014, 10:32:00 PM EDT

Possible nasty side effect on Debian if OpenSWAN is used - (scoenye) - April 15, 2014, 07:05:35 PM EDT

iwethey.org

If I bought someone a G5 and they did this to it, I'd break their face.
104 ms