OT: looking for help remembering name/info about security bug
Paul Koning
paulkoning at comcast.net
Tue Jan 11 14:11:54 CST 2022
No, Heartbleed was a protocol specification error, where if you implemented what the spec said you automatically produced a security bug.
paul
> On Jan 11, 2022, at 3:02 PM, Jonathan Katz via cctalk <cctalk at classiccmp.org> wrote:
>
> Heartbleed?
>
>
> On Tue, 11 Jan 2022 at 20:00, Hauke Fath via cctalk <cctalk at classiccmp.org>
> wrote:
>
>> On Mon, 10 Jan 2022 22:04:33 -0800, Stan Sieler via cctalk wrote:
>>> It may have been that either the routine wasn't getting called when it
>>> should, or that the programmer misinterpreted what the return value
>> meant.
>>
>> The Debian 4 OpenSSL disaster comes to mind, where IIRC a know-it-all
>> package manager beautified the source and reduced the effective length
>> of any generated keys to 32 bit. But that was more like 15 yrs ago...
>>
>> Cheerio,
>> Hauke
>>
>> --
>> Hauke Fath <hauke at Espresso.Rhein-Neckar.DE>
>> Linnéweg 7
>> 64342 Seeheim-Jugenheim
>> Germany
>>
> --
> -Jon
> +44 7792 149029
More information about the cctalk
mailing list