[ PRIVACY Forum ] Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping
Tom Morris
blueneon at gmail.com
Wed Mar 5 23:11:53 UTC 2014
Been spending most of the day scrubbing away that vuln in my facility
here.... now here's the fun part: imagine just how many embedded devices
(most of which get orphaned from a software maintenance perspective the
moment they hit the store shelves) are gonna have this flaw. There's been
the discussion of crappy home broadband CPE...
Only a matter of time before someone fakes the certificate and breaks a
"trusted" software update method, or heck... a dns explot + fake
certificate = several million compromised payment card terminals.
On Wed, Mar 5, 2014 at 4:58 PM, jim deleskie <deleskie at gmail.com> wrote:
> Doing some serious adjusting of my tinfoil today over his :)
>
> -jim
>
>
> On Wed, Mar 5, 2014 at 5:03 PM, Jay Ashworth <jra at baylink.com> wrote:
>
> > ----- Original Message -----
> > > From: "Leo Bicknell" <bicknell at ufp.org>
> >
> > > On Mar 4, 2014, at 9:07 PM, Jay Ashworth <jra at baylink.com> wrote:
> > >
> > > > Is this the *same* bug that just broke in Apple code last week?
> > >
> > > No, the Apple bug was the existence of an /extra/ "goto fail;".
> > >
> > > The GnuTLS bug was that it was /missing/ a "goto fail;".
> > >
> > > I'm figuring the same developer worked on both, and just put the line
> > > in the wrong repository. :)
> >
> > Those who speculate that these bugs happened at the behest of the NSA
> > would probably agree with you.
> >
> > Cheers,
> > -- jra
> > --
> > Jay R. Ashworth Baylink
> > jra at baylink.com
> > Designer The Things I Think RFC
> > 2100
> > Ashworth & Associates http://www.bcp38.info 2000 Land
> > Rover DII
> > St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647
> > 1274
> >
> >
>
--
--
Tom Morris, KG4CYX
Mad Scientist and Operations Manager, WDNA-FM 88.9 Miami - Serious Jazz!
786-228-7087
151.820 Megacycles
More information about the NANOG
mailing list