Well, I can't confirm they did it back in 2001, but I do recall they were still on it in 2005 or so.
It could prevent the security breach -- in England, Chip and PIN cards cannot be swiped in the presence of a Chip and PIN terminal.
But, yeah, it's kinda funny how things turn out.
patch -p0 < 005_openssl.patch.sig
I just tweeted him to ask if he'll be switching back to OpenBSD now.
https://twitter.com/Mcnst/stat...
(DJB is known as @hashbreaker on Twitter.)
5.5 base signify pubkey: RWRGy8gxk9N9314J0gh9U02lA7s8i6ITajJiNgxQOndvXvM5ZPX+nQ9h
5.5 fw signify pubkey: RWTdVOhdk5qyNktv0iGV6OpaVfogGxTYc1bbkaUhFlExmclYvpJR/opO
5.5 pkg signify pubkey: RWQQC1M9dhm/tja/ktitJs/QVI1kGTQr7W7jtUmdZ4uTp+4yZJ6RRHb5
You're referring to the exploit-mitigation-mitigation in OpenSSL, which indeed couldn't be disabled, as per tedu@openbsd, but OPENSSL_NO_HEARTBEATS was a separate option that noone has volunteered to claim of not working.
OPENSSL_NO_HEARTBEATS has since been made the default and only option in LibreSSL, and the heartbeats were removed.
Didn't Target already had Chip and Pin back in 2005 or 2004? What happened to all of those?
I remember I got a Chip and Pin card from Fleet around that time (just on the edge of them being acquired by B of A); Fleet has even sent me a free card reader, which I've never used, actually.
"Luke, I'm yer father, eh. Come over to the dark side, you hoser." -- Dave Thomas, "Strange Brew"