> Message du 08/04/14 21:42 > De : "ianG" > A : [email protected], [email protected], > [email protected] > Copie à : > Objet : Re: [Cryptography] The Heartbleed Bug is a serious vulnerability in > OpenSSL > > On 8/04/2014 20:18 pm, [email protected] wrote: > >> Message du 08/04/14 18:44 > >> De : "ianG" > >> > >> E.g., if we cannot show any damages from this breach, it isn't worth > >> spending a penny on it to fix! Yes, that's outrageous and will be > >> widely ignored ... but it is economically and scientifically sound, at > >> some level. > >> > > > > So, let's wait until another 40 million credit cards are stolen, then we > > prove this method was used exactly, then we will try to fix it in all > > deployments ... yeah, seems reasonable. > > > Well, be blind if you like. But 40 million stolen credit cards are > measurable, are damages, and are directly relatable by statistical > models to theft damages. > > My advice is when you have a number like 40m in front of you, then you > should DO SOMETHING. Spend a penny, dude! >
Your first advice is extremely dangerous and preposterous, I was being sardonic in my comment, but let's get this straight. You said you control a quite famous bug list. I should not ask this here, but considering the situation we found ourselves regarding encryption infrastructure abuse from the part of US government ... I'm just curious and can't resist it. How much are you being paid to give such dangerous and preposterous advice? Or, who are your handlers? _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
