[Cryptography] The Heartbleed Bug is a serious vulnerability in OpenSSL
ianG
iang at iang.org
Tue Apr 8 15:42:10 EDT 2014
On 8/04/2014 20:18 pm, tpb-crypto at laposte.net wrote:
>> Message du 08/04/14 18:44
>> De : "ianG"
>>
>> E.g., if we cannot show any damages from this breach, it isn't worth
>> spending a penny on it to fix! Yes, that's outrageous and will be
>> widely ignored ... but it is economically and scientifically sound, at
>> some level.
>>
>
> So, let's wait until another 40 million credit cards are stolen, then we prove this method was used exactly, then we will try to fix it in all deployments ... yeah, seems reasonable.
Well, be blind if you like. But 40 million stolen credit cards are
measurable, are damages, and are directly relatable by statistical
models to theft damages.
My advice is when you have a number like 40m in front of you, then you
should DO SOMETHING. Spend a penny, dude!
iang
More information about the cryptography
mailing list