| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAH-PCH4kq7w+2T7-2o8L4g1XamUc4v1UqPyFU2OkGZJb5g7OBg@mail.gmail.com> Date: Fri, 11 Apr 2014 17:32:30 +0200 From: Ferenc Kovacs <tyra3l@...il.com> To: Michal Zalewski <lcamtuf@...edump.cx> Cc: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org>, Juergen Christoffel <jc@...er.net> Subject: Re: [FD] heartbleed OpenSSL bug CVE-2014-0160 On Fri, Apr 11, 2014 at 5:29 PM, Michal Zalewski <lcamtuf@...edump.cx>wrote: > > 1. inclusive of [1..3] above > > 2. replace all operating systems > > 3. audit or replace all user data > > And also burn the hardware, given that if you're assuming the > worst-case scenario, all your firmware is now replaced with that of > Roomba. > > I mean, it's a very cool bug. I'm jealous of Neel. > > But it's also one of the most weird PR cycles I have seen in recent > history and I don't think it happened entirely on its own. I think > it's funny that apparently the first thing Codenomicon did was to > register heartbleed.com on Saturday - and then waited with contacting > OpenSSL for at least two more days, as if that mattered less. > don't forget coming up with the cool name and logo, and putting together the site itself. while they ran out of the time to notify the distros, so they can build and publish the fixed versions before the news gets out. -- Ferenc Kovács @Tyr43l - http://tyrael.hu _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists