Discussion:
HeartBleed Roundup
(too old to reply)
Thad Floryan
2014-04-24 09:14:58 UTC
Permalink
Raw Message
Obama states NSA must reveal bugs like Heartbleed unless they help the
NSA:

http://www.wired.com/2014/04/obama-zero-day/

Excellent timeline with links to many additional articles:

http://www.jupiterbroadcasting.com/55342/time-to-kill-openssl-techsnap-158/

OpenBSD founder wants to bin buggy OpenSSL library, launches fork:

http://www.theregister.co.uk/2014/04/22/openssl_fork_libressl/

" OpenBSD founder Theo de Raadt has created a fork of OpenSSL, the
" widely used open source cryptographic software library that
" contained the notorious Heartbleed security vulnerability.
"
" OpenSSL has suffered from a lack of funding and code contributions
" despite being used in websites and products by many of the world's
" biggest and richest corporations. Further Reading Heartbleed
" developer explains OpenSSL mistake that put Web at risk
"
" "Trivial" coding error in open source project wasn't intentional,
" report says.
"
" The decision to fork OpenSSL is bound to be controversial given that
" OpenSSL powers hundreds of thousands of Web servers. When asked why
" he wanted to start over instead of helping to make OpenSSL better,
" de Raadt said the existing code is too much of a mess.
"
http://arstechnica.com/information-technology/2014/04/openssl-code-beyond-repair-claims-creator-of-libressl-fork/
Keith Keller
2014-04-24 15:01:15 UTC
Permalink
Raw Message
Post by Thad Floryan
Obama states NSA must reveal bugs like Heartbleed unless they help the
Umm, wouldn't they all help the NSA? This seems like meaningless
pandering.
I called it!
Post by Thad Floryan
" The decision to fork OpenSSL is bound to be controversial given that
" OpenSSL powers hundreds of thousands of Web servers. When asked why
" he wanted to start over instead of helping to make OpenSSL better,
" de Raadt said the existing code is too much of a mess.
If he's really starting over, and not reusing the OpenSSL code base, is
it really a fork?

--keith
--
kkeller-***@wombat.san-francisco.ca.us
(try just my userid to email me)
AOLSFAQ=http://www.therockgarden.ca/aolsfaq.txt
see X- headers for PGP signature information
b***@MIX.COM
2014-04-24 16:04:25 UTC
Permalink
Raw Message
Post by Thad Floryan
http://www.theregister.co.uk/2014/04/22/openssl_fork_libressl/
Theo can get in line, right behind Apple...

http://appleinsider.com/articles/14/04/18/how-apple-dodged-the-heartbleed-bullet

| In 2011, Apple told its developers that it would be deprecating
| OS X's Common Data Security Architecture including OpenSSL,
| describing it as an outdated relic of the late 1990s.

Billy Y..

Loading...