[Klug-general] SSL bug

J D Freeman klug at quixotic.org.uk
Thu May 22 13:43:28 BST 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, May 22, 2008 at 08:33:59AM -0400, Karl Lattimer wrote:
> Never in my life have I claimed apple invented email... I may have said
> something like that sarcastically... But seriously, email has been around a
> lot longer than apple.
> 
> I think you can call that libelous. 

http://mailman.lug.org.uk/pipermail/kent/2007-January/001716.html 
and my followup
http://mailman.lug.org.uk/pipermail/kent/2007-January/001718.html

> I don't need to quote something online when I'm surrounded by real
> professionals all day long. Remember I do work for one of the worlds
> biggest companies.

Yes, and I have worked for for one of the worlds biggest companies, and
for a few other large companies, this doesn't necessarily make me more
able to make unbacked up claims.

So, I ask again, retract your statement or provide a source for your
claim.

> > You are making it out that this is the first, last, and only time a bug
> > like this will every occur. I think we are fair to say this is not the
> > case. There are a greater number of, IMHO, more dangerous bugs in
> > machines running other distro's and OS's than this bug in debian.
> 
> Name one? Other than the one I've named below.
> 
> The only comparable flaw I know of is the SSH monkey in the middle attack,
> which only affects protocol version 1 and still requires that you have a
> way to inject into the route.

You are looking at the flaws in a single tool. What about flaws that
have occured in other things? What about the recent bug where people
could inject random code into worldpays pages? What about the similiar
bug in paypal. I would suggest Paypal has more money and more users
than debian. 

Not to mention the almost limitless bugs in the various windows
releases.

> LOL, stripped the rest of the email because you've lost in even attempting
> to continue to defend.

If you so wish.

> This _IS_ the biggest flaw in history, deal with it.

You are still failing to back this claim up with evidence. Its like me
claiming I have invented faster than light travel. The claim is
worthless until I show you my spaceship flying faster than light.

Stop evading the question and put something on the table.

J
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFINWpv42M0lILkmGIRAiYqAJ4rH0of24QbqxL9u55Fv1drRbZ+awCcChxu
ft2ILdeEZMkDFMKxnjSsAKY=
=vN5m
-----END PGP SIGNATURE-----

More information about the Kent mailing list