[wplug] OpenSSL security vulnerability
Christopher DeMarco
demarco at maya.com
Thu May 15 16:02:36 EDT 2008
On Thu, May 15, 2008 at 03:49:36PM +0200, Patrick Wagstrom wrote:
> possible key space to 2^15 keys instead of 2^1024 possible keys.
> Yeah, it took two years for people to realize this.
I ordinarily don't read Slashdot, but this caught my eye:
Lesson#1: It's best to not change code you do not understand
without getting it reviewed by people who (are supposed to)
understand the code.
Lesson#2: If you write code that deliberately does weird things
like wanting to read unitialised memory, PUT A COMMENT so that
people other than you have a fighting chance with your code.
Amen.
--
Christopher DeMarco <demarco at maya.com>
IT Director
MAYA Group
+1-412-488-2900
More information about the wplug
mailing list