[AusNOG] Heartbleed Bug
Damian Guppy
the.damo at gmail.com
Wed Apr 9 02:22:45 EST 2014
On Tue, Apr 8, 2014 at 12:01 PM, Tim Groeneveld <tim at timg.ws> wrote:
> CloudFlare said that they knew about this a week before most other people?
>
> http://blog.cloudflare.com/staying-ahead-of-openssl-vulnerabilities
>
> That's just plain rude!
>
How so? They are one of the largest OpenSSL users, and they would have been
notified privately early along with the other big guys on the internet like
Google, Facebook, Yahoo, Microsoft, maybe the banks etc. If they had let
everyone know publicly without first giving adequate time to the big guys
then we could have been in a situation where skiddies were running around
compromising popular sites before those sites had a chance to implement the
fix. This bug was already 2 years old, an extra week isnt going to add much
more damage on top of that.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140409/0cabec40/attachment.html>
More information about the AusNOG
mailing list