Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

[bmanning]

On Mon, Apr 14, 2014 at 03:59:21PM -0400, Patrick W. Gilmore wrote:
> On Apr 14, 2014, at 15:47 , Scott Howard <sc...@doc.net.au> wrote:
> > On Sun, Apr 13, 2014 at 9:52 AM, Niels Bakker 
> > <niels=na...@bakker.net>wrote:
> 
> >> At least one vendor, Akamai is helping out now:
> >> http://marc.info/?l=openssl-users&m=139723710923076&w=2
> >> I hope other vendors will follow suit.
> > 
> > 
> > Although it appears they may now be regretting doing so...
> > 
> > http://www.techworld.com.au/article/542813/akamai_admits_its_openssl_patch_faulty_reissues_keys/
> > 
> > (Of course, the end result is positive, but...)
> 
> [NOTE: I'll just remind everyone up front that I worked at Akamai for a very 
> long time, so take my comments with however many grains of salt you feel 
> appropriate.]
> 
> If the only thing that happens when a large company steps up to help the open 
> source community is ridicule and/or derision, one should probably not in the 
> same breath ask why no companies are publishing any code.
> 
> I applaud Akamai for trying, for being courageous enough to post code, and 
> for bucking the trend so many other companies are following by being more 
> secretive every year.
> 
> Or we can flame anyone who tries, then wonder why no one is trying.
> 
> -- 
> TTFN,
> patrick
> 

        well, if $vendor publishes code frags, the code  must have been vetted 
and ready for 
        _my_ environment so i'll just cut/paste and then when it doesn't work, 
its their 
        fault for leading me down the primrose path...

        $vendor, that why I pay you... to read my mind!  darn it.

/bill