Beefy Boxes and Bandwidth Generously Provided by pair Networks
Welcome to the Monastery

Re^2: Should I recompile SSL CPAN modules now?

by hardburn (Abbot)
on Apr 08, 2014 at 20:48 UTC ( #1081565=note: print w/replies, xml ) Need Help??

in reply to Re: Should I recompile SSL CPAN modules now?
in thread Should I recompile SSL CPAN modules now?

Backdoors imply they were there on purpose. In fact, OpenSSL is just a big mess.

"There is no shame in being self-taught, only in not trying to learn in the first place." -- Atrus, Myst: The Book of D'ni.

  • Comment on Re^2: Should I recompile SSL CPAN modules now?

Replies are listed 'Best First'.
Re^3: Should I recompile SSL CPAN modules now?
by zentara (Archbishop) on Apr 09, 2014 at 14:42 UTC
    Isn't the excuse that it's all a big mess the easiest way to provide a cover story for putting in backdoors? I mean look at Microsoft Windows. There was a news release about a year ago which said that just about any Microsoft system gets infected within 30 minutes of being online. Is Microsoft code that big of a mess?

    I'm not really a human, but I play one on earth.
    Old Perl Programmer Haiku ................... flash japh

      Of course it is that big of a mess. If it were competently written backdoors it wouldnít be vulnerable to script kiddie probe hijinx. Wikipedia says Win has only 10s of millions of lines of code but IIRC the figure could be considered over 2 billion because Explorer and the Office suite is tied so deeply into parts of the OS. (Updated accidentally, no actual change.)

        < 2 cents>
        Oh well, we can't stop the government from snooping, can we? So I'm just glad those programmers in Finland and at Google announced what everyone has been suspecting for a long time .... that 128 bit encryption has been broken by the government.

        . Of course, people always have the right to setup their own stronger encryption systems. As a matter of fact, it is now recomended that all encryptions be done on a separate computer, which has never been connected to the internet. Then, transfer the already encrypted file to a networked computer for sending. A common sense precaution, it would seem to me, if privacy is an issue for you.

        I really don't know who wrote the SSL library with the bug, but with all the geniuses at Cat Tech and MIT, they couldn't get a decent team together for this important task? I wonder is BSD or FreeBSD affected by this, and I ask because supposedly they were developed by the University of California at Berkeley, under the supervision of qualified professors.

        Like I said, it really dosn't matter. They probably have drones now that can silently hover over your office and record your keystrokes thru the square wave pulses they generate.

        Not to go too far off topic on this, but from what has been going on in the news lately, regarding the government forcing coders into placing backdoors in their software, or be put out of business. I speak of course of that man who had some public key software system going, who closed his company rather than comply.

        So it seems that if you really do have an unbreakable system, the government shuts you down.

        Another example, is about 15 years ago, some college professor came up with realtime matrix-on-a-chip system, which worked so well to scramble audio, they shut him down.

        So.... there does seem to be historical precedense to the fact that the government allows you to encrypt only with tools they can break. It sort of looks obvious to me, and I find it pathetic that they charge the supposedly best coders with sheer incompetence. But that is just my opinion. Like I said, they probably don't care now, as drones can collect better intelligence. Just my 2 cents.

        I'm not really a human, but I play one on earth.
        Old Perl Programmer Haiku ................... flash japh
      As seductive as conspiracy theories can be, I generally hold to Hanlon's razor.


Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1081565]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (7)
As of 2019-09-19 07:06 GMT
Find Nodes?
    Voting Booth?
    The room is dark, and your next move is ...

    Results (240 votes). Check out past polls.