[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [debian-knoppix] I'll walk to the bank! WAS: OpenSSL 0.9.7b

On Thu, Apr 17, 2003 at 09:49:57PM -0400, Gilles Pelletier said:
> And what's a bug fix supposed to mean when OpenSSL workings are hidden 
> from the user: either it works or it doesn't. If it doesn't it's a 
> security hole. 

It is entirely possible (and, unfortunately, even likely) that
everything appears to work from the user's standpoint, but that there
are in fact holes in the security.  The majority of web users are
probably using web browsers that still use SSLv2, which is an inherently
flawed protocol.  It's also unlikely that all the problems in OpenSSL
have been discovered by the white hats yet.

Shawn McMahon     | Let every nation know, whether it wishes us well or ill,
EIV Consulting    | that we shall pay any price, bear any burden, meet any
UNIX and Linux	  | hardship, support any friend, oppose any foe, to assure
http://www.eiv.com| the survival and the success of liberty. - JFK

Attachment: pgpE2yY6uboKf.pgp
Description: PGP signature

Reply to: