Dňa 16. 4. 2014 1:50 Charles Kroeger wrote / napísal(a): > At this point, the probability is close to one that every target has had > its private keys extracted by multiple intelligence agencies. The real > question is whether or not someone deliberately inserted this bug into > OpenSSL, and has had two years of unfettered access to everything. My > guess is accident, but I have no proof.
(please, i am not sure with some English terms below, thanks) Very good question! On the word, there are questions if the NSA (and similar) knew about this for long time or not. IMHO, if they didn't knew about this vulnerability for months, then they aren't doing their job as good. Back to proper question. Was this vulnerability done by mistake? My C knowledge is very low, but i understand, that this was stupid mistake. If this stupid mistake can be done in Internet's essential crypto library, then something is wrong! Very wrong. Nobody check the quality of the code? Nobody realize tests? Need i learn C, to i can check this by myself? If this vulnerability comes not from newbie and was made by intent, thing are worse than wrong. Then it is an attack to alone fundamental of the free/open software. And what community about this? Where are information, from who this vulnerability arrived? It is experienced expert or it is a novice? Contribute this person to another (especially security) projects too? What this person tell about this? And more and more another questions are left unanswered. It is a time to fearing? regards
0xA8050C7E.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
