[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability

To: list@xxxxxxxxxxxxx
Subject: Re: [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability
From: Martijn Grooten <martijn@xxxxxxxxxxxxxxxxxx>
Date: Tue, 8 Apr 2014 18:20:19 +0000
Content-disposition: inline
Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dcglug.org.uk; s=1396810045; h=Sender:Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:List-Unsubscribe:List-Id:Reply-To:Subject:In-Reply-To:MIME-Version:References:Message-ID:To:From:Date; bh=UYtaOu/xWurtS9Cgd5UA9s4avgXg5iornPRu/YL6pnQ=; b=qLdtZqF9KdZPEfkp4e//xJq9voYQ81n2JlOT3lGqvL43mCj5IvjPOrtwKtzXiAYtvlGX2mzYHd3gEf549gEaoEmMN4bn//oy6ObOTUl3pzwnIiHrisiLgn1tV2ckp31yC0ahJWi84bRJj3WrKXpymUOoomZHOt7ABv3V0TkBpSs=;
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=lapsedordinary.net; s=mail; t=1396981219; bh=Irz8rtam7XwNJzv9tv1jmAU+PoArEvpYkZurzXMw4NM=; h=Date:From:To:Subject:Message-ID:References:MIME-Version: Content-Type:In-Reply-To; b=tfy5iFTMFg/TFZMixpcJp1xVzFBRDy5whQcxvsx0P2xv35txwnHuyWMTFz3DQOjx1 gVtROwCZ/iI5rgU6RQhF7UeyYXCv8XcKolePVTDWg3BXphX3mWwSeMXo60a5s/a/Kc ytDvkRPgtKegkkjVQxo9D3T3SxVZi8aHTrIlqlls=

On Tue, Apr 08, 2014 at 07:14:13PM +0100, Simon Waters wrote:
> On 08/04/14 17:57, bad apple wrote:
> > 
> > I bloody wish Google (or any other company with a huge Linux footprint)
> > would actually put their hands in the pockets
> 
> "and Neel Mehta of Google Security, who first reported it to the OpenSSL
> team"

This. And the fact that Google offers bug bounties for vulnerabilities
in open source projects:

http://www.theregister.co.uk/2013/10/10/google_open_source_bug_bounties/

The point that big companies that rely on OpenSSL should think about
funding the projects has been made by others though, such as at the end
of this blog:

http://blog.cryptographyengineering.com/2014/04/attack-of-week-openssl-heartbleed.html

It would be awesome if this were to happen.

Martijn.

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq

Follow-up: Re: [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability
- From: Simon Waters

References:
- [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability
  - From: Martijn Grooten
- Re: [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability
  - From: bad apple
- Re: [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability
  - From: Martijn Grooten
- Re: [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability
  - From: bad apple
- Re: [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability
  - From: Martijn Grooten
- Re: [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability
  - From: bad apple
- Re: [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability
  - From: Martijn Grooten
- Re: [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability
  - From: bad apple
- Re: [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability
  - From: Simon Waters

Prev by Date: Re: [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability
Next by Date: Re: [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability
Previous by thread: Re: [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability
Next by thread: Re: [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability
Index(es):
- Date
- Thread