[Cryptography] The Heartbleed Bug is a serious vulnerability in OpenSSL
tpb-crypto at laposte.net
tpb-crypto at laposte.net
Tue Apr 8 16:02:24 EDT 2014
> Message du 08/04/14 21:42
> De : "ianG"
> A : tpb-crypto at laposte.net, cryptography at metzdowd.com, cryptography at randombit.net
> Copie à :
> Objet : Re: [Cryptography] The Heartbleed Bug is a serious vulnerability in OpenSSL
>
> On 8/04/2014 20:18 pm, tpb-crypto at laposte.net wrote:
> >> Message du 08/04/14 18:44
> >> De : "ianG"
> >>
> >> E.g., if we cannot show any damages from this breach, it isn't worth
> >> spending a penny on it to fix! Yes, that's outrageous and will be
> >> widely ignored ... but it is economically and scientifically sound, at
> >> some level.
> >>
> >
> > So, let's wait until another 40 million credit cards are stolen, then we prove this method was used exactly, then we will try to fix it in all deployments ... yeah, seems reasonable.
>
>
> Well, be blind if you like. But 40 million stolen credit cards are
> measurable, are damages, and are directly relatable by statistical
> models to theft damages.
>
> My advice is when you have a number like 40m in front of you, then you
> should DO SOMETHING. Spend a penny, dude!
>
Your first advice is extremely dangerous and preposterous, I was being sardonic in my comment, but let's get this straight.
You said you control a quite famous bug list. I should not ask this here, but considering the situation we found ourselves regarding encryption infrastructure abuse from the part of US government ... I'm just curious and can't resist it.
How much are you being paid to give such dangerous and preposterous advice? Or, who are your handlers?
More information about the cryptography
mailing list