Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: heartbleed OpenSSL bug CVE-2014-0160

From: "Ivan .Heca" <ivanhec () gmail com>
Date: Fri, 11 Apr 2014 19:20:52 +1000
to be fair to Bruce, here is his entire post on the subject

https://www.schneier.com/blog/archives/2014/04/heartbleed.html


On Fri, Apr 11, 2014 at 4:32 PM, Paul Vixie <paul () redbarn org> wrote:




Paul Vixie wrote:

Michal Zalewski wrote:



http://m.smh.com.au/it-pro/security-it/man-who-introduced-serious-heartbleed-security-flaw-denies-he-inserted-it-deliberately-20140410-zqta1.html




when the internet moved out of academia and into the larger population,
we got tabloids and ambulance chasers in the deal. ick.


speaking of ambulance chasers, in the above-referenced article, THIS
little gem:

"On a scale of one to 10, it is an 11," renowned security expert Bruce
Schneier said of the bug.

really bruce? on a scale of doesn't-matter-at-all to
worst-thing-you-could-have-previously-imagined, a read only exploit is
even worse than that? no remote file modification, no root shell, no
non-root shell, no data-modification, no arbitrary file system reads...
just a read only heap exploit, and it's worse than anything you could
have previously fucking imagined?

gentlemen and ladies, we have met the enemy, and they are our egos.

vixie


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/



_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Previous By Date Next
Previous By Thread Next

Current thread: