[Cryptography] It's GnuTLS's turn: "Critical new bug in crypto library leaves Linux, apps open to drive-by attacks"
dan at geer.org
dan at geer.org
Wed Jun 4 21:15:21 EDT 2014
Tom Mitchell writes:
| > "A recently discovered bug in the GnuTLS cryptographic code library puts
| > users of Linux and hundreds of other open source packages at risk of
| > surreptitious malware attacks until they incorporate a fix developers
| > quietly pushed out late last week."
| >
| >
| This has large implications for embedded software....
| Appliances are notoriously long lived and not profitable to maintain.
| I have numerous wifi routers that can only be used in islolation.
| I have a growing pile of phones and tablet hardware that are no
| longer getting updates from the vendor.... In some cases AT&T
| blocks Samsung from updating Samsung designed hardware.
|
| They are locked or closed source and closed hardware so I cannot ---.
Agreed, and on the record:
Security of Things (speech)
http://geer.tinho.net/geer.secot.7v14.txt
On Abandonment, IEEE S&P, July/August 2013
http://geer.tinho.net/ieee/ieee.sp.geer.1307.pdf
The current situation is flatly untenable.
--dan
More information about the cryptography
mailing list