Forgot your password?
typodupeerror

Comment: Re:*Yawn* I'll Wait for the Mint Edition (Score 0) 177

by YourMissionForToday (#46782637) Attached to: Ubuntu Linux 14.04 LTS Trusty Tahr Released

Yes, it's in one monolithic file.

Try making a minor typo in the syntax, then restart networking. You will lose all network connectivity on ALL interfaces.

Fix your typo and try to start networking again. It won't work until you reboot.

Or you can try adding your config to one of the seemingly infinite network config subdirectories (ifup.d, post-ifup.d, etc). Make the same typo anywhere in the subdirectories and you'll still mess up all networking and have to reboot.

I guess this is acceptable if you haven't used any OS besides Windows 98. For the rest of us it's maddening.

Comment: Ted Unangst's article (Score 4, Informative) 304

by grub (#46758065) Attached to: OpenBSD Team Cleaning Up OpenSSL

Ted Unangst wrote a good article called "analysis of openssl freelist reuse"

His analysis:

This bug would have been utterly trivial to detect when introduced had the OpenSSL developers bothered testing with a normal malloc (not even a security focused malloc, just one that frees memory every now and again). Instead, it lay dormant for years until I went looking for a way to disable their Heartbleed accelerating custom allocator.

it's a very good read.

+ - NSA said to have used Heartbleed bug for years->

Submitted by grub
grub (11606) writes "The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said.

The NSA’s decision to keep the bug secret in pursuit of national security interests threatens to renew the rancorous debate over the role of the government’s top computer experts."

Link to Original Source

Comment: Re:Whatever you may think ... (Score 5, Informative) 446

by grub (#46721719) Attached to: Heartbleed Coder: Bug In OpenSSL Was an Honest Mistake

From the proof-of-concept page I mentioned above.

Conclusion

It is quite obvious in light of the recent revelations from Snowden that this weakness was introduced by purpose by the NSA. It is very elegant and leaks its complete internal state in only 32 bytes of output, which is very impressive knowing it takes 32 bytes of input as a seed.

Here is the Github repo for the PoC code.

This PRNG is not the NSA making a crypto system stronger ala DES, it's a backdoor.

Stellar rays prove fibbing never pays. Embezzlement is another matter.

Working...