Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: A New Round Of OpenSSL Vulnerabilities Discovered

Hybrid View

  1. #1
    Join Date
    Jan 2007
    Posts
    15,194

    Default A New Round Of OpenSSL Vulnerabilities Discovered

    Phoronix: A New Round Of OpenSSL Vulnerabilities Discovered

    Further fallout from the Heartbleed bug has occurred with another set of security vulnerabilities now being disclosed for OpenSSL...

    http://www.phoronix.com/vr.php?view=MTcxMTI

  2. #2
    Join Date
    Apr 2010
    Posts
    22

    Cool Brace yourself

    ... HPSB (Hewlet-Packard Security Bulletins) are comming!

    Last time (Heartbleed) i counted 66 on bugtraq

  3. #3
    Join Date
    Oct 2007
    Posts
    1,290

    Default

    I wonder how long the NSA has known about these...

  4. #4
    Join Date
    Jun 2012
    Posts
    361

    Default

    So, can we put to bad the argument of "OSS is by nature more secure" argument now?

  5. #5
    Join Date
    Mar 2009
    Location
    Hellas
    Posts
    1,099

    Default

    Quote Originally Posted by gamerk2 View Post
    So, can we put to bad the argument of "OSS is by nature more secure" argument now?
    Not at all.
    If so many vulnerabilities are to be found in an open piece of software like openssl, I do not dare to think what happens in the heart of a proprietary package...
    Last edited by Apopas; 06-05-2014 at 12:39 PM.

  6. #6
    Join Date
    Sep 2012
    Posts
    755

    Default

    Quote Originally Posted by gamerk2 View Post
    So, can we put to bad the argument of "OSS is by nature more secure" argument now?
    A closed source project with as many developer as OpenSSL (ie, very small project), would never have ended up in as much machines as OpenSSL did, even if it was free. Mostly because it would be neither auditable nor accountable, in other word, in a sense, too insecure.
    As such, it's quite difficult to reach a comparative conclusions when comparable non-OSS projects don't exist.

  7. #7
    Join Date
    Apr 2010
    Posts
    22

    Default

    Quote Originally Posted by erendorn View Post
    A closed source project with as many developer as OpenSSL (ie, very small project), would never have ended up in as much machines as OpenSSL did, even if it was free. Mostly because it would be neither auditable nor accountable, in other word, in a sense, too insecure.
    As such, it's quite difficult to reach a comparative conclusions when comparable non-OSS projects don't exist.

    Bullshit alaaaaaarm.

    You being paid by Microsoft or by Apple?

    Open source = auditible & accountable. You can always trace the path one has made an error, and nobody will deny it or play the blame game as happens most of the time in most multibillion corps.

    - Oh, is that a security hole? I'm so sorry, must have been something the intern introduced. Wasn't my fault mr. chief executive.
    - Is that so? Well, ok then. We'll sell it as a feature, not a bug.

    Once again, bullshite.

  8. #8
    Join Date
    Dec 2010
    Posts
    1,194

    Default

    Quote Originally Posted by gamerk2 View Post
    So, can we put to bad the argument of "OSS is by nature more secure" argument now?
    So you'd say a proprietary tls implementation would fix such bugs earlier?

  9. #9
    Join Date
    May 2007
    Location
    Nurnberg.
    Posts
    327

    Default

    Quote Originally Posted by gamerk2 View Post
    So, can we put to bad the argument of "OSS is by nature more secure" argument now?
    Have you ever looked at BIOS code? Because if you had, that would've told you that at the other end of the openness spectrum things are unbelievably broken.

    Proprietary software will be somewhere between open source and BIOS code.

    Also, have you ever looked at vendor driver code?

    If you had done any of those two above, you would never have dared state what you just stated.

  10. #10
    Join Date
    Jul 2010
    Posts
    507

    Default

    Quote Originally Posted by gamerk2 View Post
    So, can we put to bad the argument of "OSS is by nature more secure" argument now?
    LOL. This report is actually an example of why open source is more secure. You have here multiple independent developers looking at the source and reporting bugs, and helping fix them. Would the same be possible with a ssl blob?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •