[[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]
LarrySheldon at cox.net
Wed Apr 16 23:12:50 UTC 2014
On 4/16/2014 4:34 PM, Jason Iannone wrote:
> I can't cite chapter and verse but I seem to remember this zeroing
> problem was solved decades ago by just introducing a bit which said
> this chunk of memory or disk is new (to this process) and not zeroed
> but if there's any attempt to actually access it then read it back as
> if it were filled with zeros, or alternatively zero it.
> Isn't that a result of the language? Low level languages give that
> power to the author rather than assuming any responsibility. Hacker
> News had a fairly in-depth discussion regarding the nature of C with
> some convincing opinions as to why it's not exactly the right tool to
> build this sort of system with. The gist, forcing the author of a
> monster like OpenSSL to manage memory is a problem.
I dropped out of the discussion because I couldn't get a foot-hold, but
I would like to know this:
If the hardware (as has been suggested) or the OS does any of this, how
do diagnostic routine in or running under the OS work?
Requiescas in pace o email Two identifying characteristics
of System Administrators:
Ex turpi causa non oritur actio Infallibility, and the ability to
learn from their mistakes.
(Adapted from Stephen Pinker)
More information about the NANOG