laurent420 - Slashdot User

Comment Re:Whatever you may think ... (Score 5, Informative) 447

by grub on Thursday April 10, 2014 @10:58PM (#46721719) Attached to: Heartbleed Coder: Bug In OpenSSL Was an Honest Mistake

From the proof-of-concept page I mentioned above.

Conclusion It is quite obvious in light of the recent revelations from Snowden that this weakness was introduced by purpose by the NSA. It is very elegant and leaks its complete internal state in only 32 bytes of output, which is very impressive knowing it takes 32 bytes of input as a seed.

Here is the Github repo for the PoC code.

This PRNG is not the NSA making a crypto system stronger ala DES, it's a backdoor.

Comment Re:Whatever you may think ... (Score 3, Interesting) 447

by grub on Thursday April 10, 2014 @09:32PM (#46721227) Attached to: Heartbleed Coder: Bug In OpenSSL Was an Honest Mistake

[sorry, link screwed up in my reply, should have checked more closely.]

There is also a nice proof-of-concept backdoor with a link to the github repo.

Comment Re:Whatever you may think ... (Score 4, Informative) 447

by grub on Thursday April 10, 2014 @09:30PM (#46721219) Attached to: Heartbleed Coder: Bug In OpenSSL Was an Honest Mistake

RSA has denied having knowledge of the backdoor, says NSA tricked them, and has never denied the $10M payout. Some of Snowden's leaks mention it.
Reuters has a summary

proof-of-concept backdoor with a link to the github repo.

None of that is a smoking gun, but there is enough smoke to tell me there is a fire.

Comment Re:Whatever you may think ... (Score 5, Insightful) 447

by grub on Thursday April 10, 2014 @09:10PM (#46721009) Attached to: Heartbleed Coder: Bug In OpenSSL Was an Honest Mistake

Boy, if there's one thing that could ever kill Open Source it would be being held legally liable for a commit with a bug in it.

It burns me that RSA is not held liable for their $10M NSA backdoor in Dual_EC_DRBG PRNG. Customers should be flocking in droves but RSA gives enough swag at conferences that the suits don't care.

Your privacy sold off for $10M and some mouse pads.

Comment Re:Names! (Score 4, Informative) 447

by grub on Thursday April 10, 2014 @08:59PM (#46720933) Attached to: Heartbleed Coder: Bug In OpenSSL Was an Honest Mistake

PR: 2658 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Support for TLS/DTLS heartbeats.

Have a look for yourself. The reviewer "steve" is Stephen Henson.

Comment Re:It's not just the implementation (Score 5, Informative) 447

by grub on Thursday April 10, 2014 @08:41PM (#46720777) Attached to: Heartbleed Coder: Bug In OpenSSL Was an Honest Mistake

and all running on top of TCP

Not necessarily. OpenVPN is an SSL VPN which defaults to UDP/1194.

Comment Good today, crap tomorrow. (Score 1) 641

by grub on Tuesday April 08, 2014 @09:14AM (#46693009) Attached to: Meet the Diehards Who Refuse To Move On From Windows XP

I don't buy the "good today, crap tomorrow" mentality. XP still has a massive installed base. This will open the door for entrepreneurial geeks to create their own security and stability patches.

Diid Symantec or Macafee say they were dropping XP support? Nope, it's a huge cash cow for them.

Comment So... (Score 1) 96

by grub on Friday April 04, 2014 @05:55PM (#46665319) Attached to: The Amazon Fire TV Is Kind of a Mess

... I shouldn't sell our two AppleTVs?

Comment Re:Hoax? (Score 1) 142

by grub on Friday April 04, 2014 @10:13AM (#46660503) Attached to: Skydiver's Helmet Cam Captures a Falling Meteor

The astrophysicists at Adobe told me that it looks 'shopped.

Comment Re:Preaching to the choir? (Score 5, Funny) 353

by grub on Thursday April 03, 2014 @07:15PM (#46655679) Attached to: An SSD for Your Current Computer May Save the Cost of a New One (Video)

If you can afford it, your computer's RAM should be maxed out to 640KB.

Comment Re:How, exactly, do we know? (Score 3, Funny) 127

by grub on Thursday April 03, 2014 @07:10PM (#46655591) Attached to: New US Atomic Clock Goes Live

Every day at noon they compare it to the sundial out back.

Comment All that accuracy... (Score 2) 127

by grub on Thursday April 03, 2014 @07:08PM (#46655569) Attached to: New US Atomic Clock Goes Live

... but they will still have to manually adjust for DST twice a year.

Comment Really? (Score 1) 180

by Nexzus on Wednesday April 02, 2014 @02:06PM (#46641279) Attached to: Amazon Launches Android-Powered 'Fire TV' For Streaming and Gaming

Fire TV? Coming from the Fire Box perhaps?

Sigh. Almost as bad as XBone.

Comment Re:Don't they already? (Score 1) 518

by grub on Tuesday April 01, 2014 @08:47AM (#46629383) Attached to: Department of Transportation Makes Rear View Cameras Mandatory

We picked up a new car in September. Everything we looked at had cameras and they weren't super-expensive like a Ferrari. Granted we didn't look at Kia or the like. You can't see cameras when in traffic.

Comment Don't they already? (Score 1) 518

by grub on Tuesday April 01, 2014 @08:26AM (#46629235) Attached to: Department of Transportation Makes Rear View Cameras Mandatory

What cars don't have rear view cameras these days?

Slashdot Top Deals