[169608] in North American Network Operators' Group
Re: [ PRIVACY Forum ] Critical crypto bug leaves Linux, hundreds of
daemon@ATHENA.MIT.EDU (Tom Morris)
Wed Mar 5 18:12:40 2014
In-Reply-To: <CAJL_ZMMisM-WiaJROpYmKgPx8DPuhgBdJB4FkRfQzgXMB0zc5w@mail.gmail.com>
From: Tom Morris <blueneon@gmail.com>
Date: Wed, 5 Mar 2014 18:11:53 -0500
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Been spending most of the day scrubbing away that vuln in my facility
here.... now here's the fun part: imagine just how many embedded devices
(most of which get orphaned from a software maintenance perspective the
moment they hit the store shelves) are gonna have this flaw. There's been
the discussion of crappy home broadband CPE...
Only a matter of time before someone fakes the certificate and breaks a
"trusted" software update method, or heck... a dns explot + fake
certificate = several million compromised payment card terminals.
On Wed, Mar 5, 2014 at 4:58 PM, jim deleskie <deleskie@gmail.com> wrote:
> Doing some serious adjusting of my tinfoil today over his :)
>
> -jim
>
>
> On Wed, Mar 5, 2014 at 5:03 PM, Jay Ashworth <jra@baylink.com> wrote:
>
> > ----- Original Message -----
> > > From: "Leo Bicknell" <bicknell@ufp.org>
> >
> > > On Mar 4, 2014, at 9:07 PM, Jay Ashworth <jra@baylink.com> wrote:
> > >
> > > > Is this the *same* bug that just broke in Apple code last week?
> > >
> > > No, the Apple bug was the existence of an /extra/ "goto fail;".
> > >
> > > The GnuTLS bug was that it was /missing/ a "goto fail;".
> > >
> > > I'm figuring the same developer worked on both, and just put the line
> > > in the wrong repository. :)
> >
> > Those who speculate that these bugs happened at the behest of the NSA
> > would probably agree with you.
> >
> > Cheers,
> > -- jra
> > --
> > Jay R. Ashworth Baylink
> > jra@baylink.com
> > Designer The Things I Think RFC
> > 2100
> > Ashworth & Associates http://www.bcp38.info 2000 Land
> > Rover DII
> > St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647
> > 1274
> >
> >
>
--
--
Tom Morris, KG4CYX
Mad Scientist and Operations Manager, WDNA-FM 88.9 Miami - Serious Jazz!
786-228-7087
151.820 Megacycles
