Forgot your password?
typodupeerror

Comment: Re:Original premise is false (Score 1) 582

by F.Ultra (#46765839) Attached to: How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

No the bug was found because some one was looking at the code. In fact it was a company developing a static code analyzer that used the available source of OpenSSL to test their analyzer that found it, interestingly enough also a Security Engineer from Google found it at roughly the same time. So yes it was found exactly because people where looking at the sources.

Had this been close source then none of the above would have found it.

Comment: Re:Wat? (Score 1) 582

by F.Ultra (#46765819) Attached to: How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?
Not really ad-hoc, in protocols such as this which is well defined any way, you know that there is a lenght. Playing tricks with that length to see what the server does is black hat 101. In my youth I used this to create cracks for copy protected games, if we have had access to the source code of these games it would still have been faster for us to attack the protocols, and I'm sure that black hats attacking systems such as these feels the same these days. Hard to explain the enormous exploits in the wild for closed sources otherwise don't you think?

Comment: Re:Wat? (Score 1) 582

by F.Ultra (#46765787) Attached to: How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

Thas was becaue Codenomicon tried to develop a scanner cabable of catching errors such as this. Which is another side of the many eyeballs, i.e companies such as these uses the large amount of available source to develop and fine tune their scanners and we the community thus gets a free analysis of the sources.

Comment: Re:Duh (Score 1) 818

by F.Ultra (#46765327) Attached to: Study Finds US Is an Oligarchy, Not a Democracy
Yes the public referendums are not mandatory for the politicians to obey in Sweden, that is not the same as "results are often discarded". If we look at the large referendums done since 1922 I can think of only one who was disregarded and that was to keep the left side traffic. In some eyes the nuclear referendum was also discarded but in reality it was followed, that we now 30 years later changed our minds a bit is not the same as discaring the result of the referendum.

Comment: Re:Wat? (Score 4, Insightful) 582

by F.Ultra (#46761495) Attached to: How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?
You seriously think that black hats bother with reading millions of lines of code in the hope of finding an exploit when all they have to do is play with the data sent to services/applications and see if it misbehaves. Which is why exploits are equally found among closed and open softwares.

Is your job running? You'd better go catch it!

Working...