[171000] in North American Network Operators' Group
Re: DMARC -> CERT?
daemon@ATHENA.MIT.EDU (Scott Howard)
Mon Apr 14 18:32:36 2014
In-Reply-To: <CACnPsNWiSRtQbhgtjMdAmDdH7cUtjt8mDLa3DHKQ+b=zQu_mUQ@mail.gmail.com>
Date: Mon, 14 Apr 2014 15:32:13 -0700
From: Scott Howard <scott@doc.net.au>
To: Jim Popovitch <jimpop@gmail.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mon, Apr 14, 2014 at 3:21 PM, Scott Howard <scott@doc.net.au> wrote:
>
> 7-April: OpenSSL's *public* advisory (after a full week of private
>> notifications, of which yahoo surely was one tech company in on the
>> early notifications)
>>
>
> Given that many of their main services were vulnerable at the time of
> public disclosure, I think that's a very large assumption to make...
>
Based on the article below it would appear that Yahoo did NOT know about
Heartbleed at the time of public disclosure.
http://www.smh.com.au/it-pro/security-it/heartbleed-disclosure-timeline-who-knew-what-and-when-20140414-zqurk.html
Scott
