or Connect
New Posts  All Forums:

Posts by mstone

How's the popcorn Soli?
That is tin foil hat territory so I can't speculate on that. All I know is that if I was in the knowledgeable position that Google was in I would have notified Cisco and Juniper first because like with any cyber threat, we always try to stop the attack as far upstream as possible and they didn't do that so I hold them accountable for negligence against public safety.
If you consider Akamai and CloudFlare as bigs and the federal government, banks, router / infrastructure providers and social media as not big then I consider you confused.
I was unaware that OpenSSL required any NDAs. It was my understanding that only Google was requiring NDAs. I said a few weeks not several, but perhaps I should have said a couple weeks.
I've already speculated why Google might want to withhold the info from their competitors. As far as OpenSSL and Redhat, they each learned of the problem one and two days respectively before it went public and the reason for the delay was that the leader of the OpenSSL team lives in India and the alert was sent to him while he was asleep and the other members of the OpenSSL committee did not want to overstep their authority until he was able to awake. By the time that...
Which backbone? It wouldn't be a huge leap to wonder if Google planned to never inform it's competitors even though those competitors also represent many of Google's users. Could it be that Google would like nothing better than having the media publicize that the likes of Yahoo was compromised, which is exactly what happened? So much for Google being concerned about the security of their users first. It is also suspicious why Akamai lied about how they learned of the bug...
The same number as all of Google's, Microsoft's and Apple's data center servers combined. Zero!
Except they didn't tell any governments, any of the big social networks, banks, or the infrastructure providers. Why?
But they never did tell them and they didn't tell Cisco and Juniper either who could have cut the vulnerability off at the edge routers. Google has proven once again they cannot be trusted. If the NSA was exploiting it then they are liars and that will definitely come back to bite them - Snowden duex. Although it is curious why the NSA wasn't the one to discover this months ago. That is the sort of thing they are supposed to be monitoring for our safety.
They didn't leave out anything of the sort. They say that Codenomicon also discovered it more than two weeks later if you can call that discovered. Codenomicon was just the first to publicize it. The fact that Codenomicon bought the Heartbleed.com domain name on April 5 when they learned of the bug, a full 2 weeks after it was discovered which could lead some to suspicion that they have some agenda to spin the timeline differently.
New Posts  All Forums: