Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 15 Oct 2014 06:13:26 +0000
From: mancha <mancha1@...o.com>
To: oss-security@...ts.openwall.com
Subject: Re: Truly scary SSL 3.0 vuln to be revealed soon:

On Wed, Oct 15, 2014 at 05:28:34AM +0000, Sona Sarmadi wrote:

Hanno was sharing already-public information.

Adam Langley tweeted it at Tue Oct 14 22:28:32 UTC 2014 [1] and Hanno
emailed the news to oss-sec 12 minutes and change later. I didn't check
to see if there were even earlier public disclosures than agl's.

Someone is owed an apology.

--mancha

[1] https://twitter.com/agl__/status/522151998502617088

PS Ugh, top-posting.

> Thanks Hanno,
> 
> A reflection: Maybe we shouldn't post  information like this here or
> somewhere else which is not published yet even if the information has
> leak out? Although all members here are reliable but it is still an
> open mailing list and we should be careful and act more responsible. 
> 
> Cheers Sona
> 
> > It's out:
> > 
> > https://www.openssl.org/~bodo/ssl-poodle.pdf
> > http://googleonlinesecurity.blogspot.de/2014/10/this-poodle-bites-
> > exploiting-ssl-30.html
> > 
> > My conclusion stays the same: Disable SSLv3.
> > 
> > -- Hanno Böck http://hboeck.de/
> > 
> > mail/jabber: hanno@...eck.de GPG: BBB51E42

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ