[wplug] OpenSSL security vulnerability

Tom Rhodes trhodes at FreeBSD.org
Thu May 15 19:15:47 EDT 2008


On Thu, 15 May 2008 16:02:36 -0400
Christopher DeMarco <demarco at maya.com> wrote:

> On Thu, May 15, 2008 at 03:49:36PM +0200, Patrick Wagstrom wrote:
> 
> > possible key space to 2^15 keys instead of 2^1024 possible keys.
> > Yeah, it took two years for people to realize this.
> 
> I ordinarily don't read Slashdot, but this caught my eye:
> 
>     Lesson#1: It's best to not change code you do not understand
>     without getting it reviewed by people who (are supposed to)
>     understand the code.
> 
>     Lesson#2: If you write code that deliberately does weird things
>     like wanting to read unitialised memory, PUT A COMMENT so that
>     people other than you have a fighting chance with your code.
> 

I don't read slashdot for a small handful of reasons.  But
there is definitely a few things I could say with regards
to this.  One is that comments are extremely important, and
have saved me a lot of problems.  You never know if the author
is doing something stupid deliberately or if they're just a nut.

-- 
Tom Rhodes


More information about the wplug mailing list