lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 25 Apr 2014 12:04:32 -0700 From: Michal Zalewski <lcamtuf@...edump.cx> To: Jann Horn <jann@...jh.net> Cc: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org> Subject: Re: [FD] Legitimacy of new Heartbleed exploit? > It's bullshit. They say: 'A missing bounds check in the handling of the > variable "DOPENSSL_NO_HEARTBEATS"'. That's not a variable, the "D" is > not actually part of the name, and it's a compile-time macro that > configures whether heartbeats will be compiled in or not. And because > it's a compile-time thing, it's nothing that an attacker could ever > influence. That's what the NSA would say. /mz _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists