[170896] in North American Network Operators' Group
Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Fri Apr 11 20:51:27 2014
To: Matt Palmer <mpalmer@hezmatt.org>
In-Reply-To: Your message of "Sat, 12 Apr 2014 07:56:01 +1000."
<20140411215601.GW15800@hezmatt.org>
From: Valdis.Kletnieks@vt.edu
Date: Fri, 11 Apr 2014 20:49:47 -0400
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--==_Exmh_1397263787_2047P
Content-Type: text/plain; charset=us-ascii
On Sat, 12 Apr 2014 07:56:01 +1000, Matt Palmer said:
> The interesting thing to me is that the article claims the NSA have been
> using this for "over two years", but 1.0.1 (the first vulnerable version)
> was only released on 14 Mar 2012. That means that either:
> * The NSA found it *amazingly* quickly (they're very good at what they do,
> but I don't believe them have superhuman talents); or
You seriously think the NSA *isn't* watching the commits to security-relevant
open source? Remember - it was a bonehead bug, it's *not* unreasonable for
somebody who was auditing the code to spot it. Heck, there's a good chance that
automated tools could have spotted it.
--==_Exmh_1397263787_2047P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Exmh version 2.5 07/13/2001
iQIVAwUBU0iNqwdmEQWDXROgAQK19w//a1R2gIf6rhvMHdIvanrqcTuYshYt4bCT
MaFdtefjdqfkX0N9iIPCKNAZEEZok4xuS/TIDUnhax0j6XoXxq0Rc0SitUvJ1nQQ
NhhjR33y5piHffn5xQttByuS4ktQiDBXGNiL3JJMfBG8P8LAPZO2JWdW/TXZnq2q
ZVcSTReizUNJnU1aumWiaUImmuWuNhsuWQeklzy/NNi2GMwJM6Gk4hcVpQQh1UyW
08bEN5Nul6ZfRDdVp8EhLZ/bMNjwgTiyEO0Dq2EqFgVd8f3FXU2SkVTyZ11WBfgg
XoSyuUptlcRsHkqwDimqQbKV+fQByjMEEbF6kOhH2LTTfYzo9oY50p7+kydseyiM
mUefWdNVSjLsntIgQdoQSgcGVmvv+ld9WKWk3s6OlNMDV9An0VybR3UA3ya2Xxbf
rprsXyssx7Ifm2r8XeQDqor4yNrvQE4FHMh/9uM+Hqqq9+vcKyR3nsqz5sGkrePo
KejaYI4203qzQeayTgLg3faVCNHoz3p8ukynT0YB8Dei/w39LGdXj1xkdnKN0VCi
8kgQTdbYK7U46ir6w2NXiIyhKfxl0rfQr57NHFw2nqlujHRLJQpARk/zgyCs+/Fm
Z9Z5nhO9WubVH2mKoZfNBylq8oypGunOg/WhPy25Te0PU6djI+20G30hhY1akZvh
dqHcTsHYxro=
=h5fm
-----END PGP SIGNATURE-----
--==_Exmh_1397263787_2047P--
