[Klug-general] SSL bug
Karl Lattimer
karl at qdh.org.uk
Fri May 23 06:32:02 BST 2008
On Thu, 2008-05-22 at 23:58 +0100, Martin A. Brooks wrote:
> Karl Lattimer wrote:
> > This is the biggest flaw in history, it has perpetuated onto millions of
> > systems, and isn't so easy to clean it up.
> >
>
> Not even close. Try the "love bug" virus and Melissa, circa 2000 for
> starters.
>
> > The fact of the matter is debian will never be used by any businesses that
> > depend on security again, it will be removed from all major companies and
> > as the dilbert comic says "Debian, you can never be sure" this is now the
> > strap line people will use to describe it. The brand is damaged beyond
> > repair.
> >
>
> Speaking as someone who runs a company that exclusively uses Debian on
> production servers, I can cheerfully tell you that you're wrong. I have
> a new mail filtering node coming on line in the next day or so, it's
> running Debian, as the one due next month will be too.
>
> Debian messed up, sure, but they then did exactly the right thing. No
> denials, no excuses, just a public announcement alongside a fix.
>
> Do you have a link to the Dilbert you mention? I don't recall that one.
>
http://metasploit.com/users/hdm/tools/debian-openssl/pmeo9hcjp7aw9.jpg
This is doing the rounds... So brand == 0
Just because you still put your faith in something like that doesn't
mean anyone with any sense will, big companies don't risk it.
I can tell you now that I wouldn't buy a service from you, after you've
admitted you use debian. Do you advertise this fact?
K,
More information about the Kent
mailing list