Patrick Figel 🐣 is a user on mastodon.at. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.
Patrick Figel 🐣 @pfigel

Oh for fuck's sake, OpenSSL. Just when I was starting to think they'd finally gotten their shit together

· Web · 47 · 29
Patrick Figel 🐣 @pfigel

(source: seclists.org/oss-sec/2018/q2/5)

Steph @kurisu@iscute.moe
@pfigel what vuln? What's that SS of?
Patrick Figel 🐣 @pfigel

@kurisu sorry, that's seclists.org/oss-sec/2018/q2/5

Steph @kurisu@iscute.moe
@pfigel ffs openssl
steelman @steelman@mstdn.io

@pfigel @angristan Timing attacks are pretty nasty. If all the CPU makers were not able to avoid them, I'll be the last to blame this hugely underfunded, compared to their importance, project.

Patrick Figel 🐣 @pfigel

@steelman @angristan definitely don't blame them for the bug existing at all, but refusing to fix until an exploit is available is not what I'd be hoping for from them post-Heartbleed, especially considering a fork with even less backing managed to fix it right away

steelman @steelman@mstdn.io

@pfigel @steelman @angristan It seems nreasonable, but… yes, it seems unreasonable.

kayyo @riking@social.wxcafe.net

@pfigel OpenBSD showing they have competent project management once again

igor, the blessed algorithm @hirojin@mastodon.social

@riking @pfigel i don't know why, but this sounds like a terrifying threat

rysiek ✅ @rysiek@mastodon.social

@pfigel link to original/source?

Alexander Bochmann @galaxis@mastodon.infra.de

@rysiek @pfigel This was on oss-sec recently, I think @phessler linked to the original yesterday: seclists.org/oss-sec/2018/q2/5

rysiek ✅ @rysiek@mastodon.social

@galaxis @pfigel @phessler ah, so that's during RSA key generation only?

/me puts down his server update deployment ion cannon

Okay.

Just don't generate RSA keys on cloud servers I guess? ;)

mastodon.at powered by Mastodon