[171012] in North American Network Operators' Group
Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]
daemon@ATHENA.MIT.EDU (Larry Sheldon)
Mon Apr 14 21:00:37 2014
Date: Mon, 14 Apr 2014 20:00:12 -0500
From: Larry Sheldon <LarrySheldon@cox.net>
CC: "nanog@nanog.org" <nanog@nanog.org>
In-Reply-To: <q0qV1n00c0QDhZs010qWEG>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 4/14/2014 7:50 PM, John Levine wrote:
> In article <534C68F4.305@cox.net> you write:
>> On 4/14/2014 9:38 AM, Matthew Black wrote:
>>> Shouldn't a decent OS scrub RAM and disk sectors before allocating
>>> them to processes, unless that process enters processor privileged
>>> mode and sets a call flag? I recall digging through disk sectors on
>>> RSTS/E to look for passwords and other interesting stuff over 30
>>> years ago.
>>
>> I have been out of the loop for quite a while but my strongly held
>> belief is that such scrubbing would be an enormous (and intolerable)
>> overhead ...
>
> It must be quite a while. Unix systems have routinely cleared the RAM
> and disk allocated to programs since the earliest days.
>
> Pre-VM OS/360 may not have.
HP-UX did not. Exec8 (OS1100) did not. What ever it was we ran on the
1401s and 360/30s (and 9300s) did not.
We manually zeroed core on the 707xs but even then we knew it was a
wasted 3 minutes because that was only done before the firs run of the
day and might not happen again for several days (because each daily
cycle took several days in some offices).
MS-DOS and Windows (even still?) were notorious for not hurting
"deleted" files.
Is the heartbleed bug not proof positive that it is not being done today?
--
Requiescas in pace o email Two identifying characteristics
of System Administrators:
Ex turpi causa non oritur actio Infallibility, and the ability to
learn from their mistakes.
(Adapted from Stephen Pinker)
