Discussion:
HeartBleed Roundup
(too old to reply)
Thad Floryan
2014-04-24 09:14:58 UTC
Permalink
Obama states NSA must reveal bugs like Heartbleed unless they help the
NSA:

http://www.wired.com/2014/04/obama-zero-day/

Excellent timeline with links to many additional articles:

http://www.jupiterbroadcasting.com/55342/time-to-kill-openssl-techsnap-158/

OpenBSD founder wants to bin buggy OpenSSL library, launches fork:

http://www.theregister.co.uk/2014/04/22/openssl_fork_libressl/

" OpenBSD founder Theo de Raadt has created a fork of OpenSSL, the
" widely used open source cryptographic software library that
" contained the notorious Heartbleed security vulnerability.
"
" OpenSSL has suffered from a lack of funding and code contributions
" despite being used in websites and products by many of the world's
" biggest and richest corporations. Further Reading Heartbleed
" developer explains OpenSSL mistake that put Web at risk
"
" "Trivial" coding error in open source project wasn't intentional,
" report says.
"
" The decision to fork OpenSSL is bound to be controversial given that
" OpenSSL powers hundreds of thousands of Web servers. When asked why
" he wanted to start over instead of helping to make OpenSSL better,
" de Raadt said the existing code is too much of a mess.
"
http://arstechnica.com/information-technology/2014/04/openssl-code-beyond-repair-claims-creator-of-libressl-fork/
Keith Keller
2014-04-24 15:01:15 UTC
Permalink
Post by Thad Floryan
Obama states NSA must reveal bugs like Heartbleed unless they help the
Umm, wouldn't they all help the NSA? This seems like meaningless
pandering.
I called it!
Post by Thad Floryan
" The decision to fork OpenSSL is bound to be controversial given that
" OpenSSL powers hundreds of thousands of Web servers. When asked why
" he wanted to start over instead of helping to make OpenSSL better,
" de Raadt said the existing code is too much of a mess.
If he's really starting over, and not reusing the OpenSSL code base, is
it really a fork?

--keith
--
kkeller-***@wombat.san-francisco.ca.us
(try just my userid to email me)
AOLSFAQ=http://www.therockgarden.ca/aolsfaq.txt
see X- headers for PGP signature information
b***@MIX.COM
2014-04-24 16:04:25 UTC
Permalink
Post by Thad Floryan
http://www.theregister.co.uk/2014/04/22/openssl_fork_libressl/
Theo can get in line, right behind Apple...

http://appleinsider.com/articles/14/04/18/how-apple-dodged-the-heartbleed-bullet

| In 2011, Apple told its developers that it would be deprecating
| OS X's Common Data Security Architecture including OpenSSL,
| describing it as an outdated relic of the late 1990s.

Billy Y..

Loading...