Date: Wed, 15 Oct 2014 06:13:26 +0000 From: mancha <mancha1@...o.com> To: oss-security@...ts.openwall.com Subject: Re: Truly scary SSL 3.0 vuln to be revealed soon: On Wed, Oct 15, 2014 at 05:28:34AM +0000, Sona Sarmadi wrote: Hanno was sharing already-public information. Adam Langley tweeted it at Tue Oct 14 22:28:32 UTC 2014  and Hanno emailed the news to oss-sec 12 minutes and change later. I didn't check to see if there were even earlier public disclosures than agl's. Someone is owed an apology. --mancha  https://twitter.com/agl__/status/522151998502617088 PS Ugh, top-posting. > Thanks Hanno, > > A reflection: Maybe we shouldn't post information like this here or > somewhere else which is not published yet even if the information has > leak out? Although all members here are reliable but it is still an > open mailing list and we should be careful and act more responsible. > > Cheers Sona > > > It's out: > > > > https://www.openssl.org/~bodo/ssl-poodle.pdf > > http://googleonlinesecurity.blogspot.de/2014/10/this-poodle-bites- > > exploiting-ssl-30.html > > > > My conclusion stays the same: Disable SSLv3. > > > > -- Hanno Böck http://hboeck.de/ > > > > mail/jabber: hanno@...eck.de GPG: BBB51E42 Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ