[Klug-general] SSL bug
Karl Lattimer
karl at qdh.org.uk
Fri May 23 08:34:12 BST 2008
On Fri, 23 May 2008 07:35:36 +0100, "Martin A. Brooks"
<martin at antibodymx.net> wrote:
> Karl Lattimer wrote:
>>> Not even close. Try the "love bug" virus and Melissa, circa 2000 for
>>> starters.
>>>
>>
>> Neither melissa or the love bug were actually actively exploiting a
>> security hole.
>>
>
> Erm, yes, they were. People are a security hole too.
We are of course talking in the context of computing, people are dumb,
that's a fact, but when we're faced with an issue which is purely in the
field of cryptography, in a forum that is concerned with computing I'd
expect people to assume context is fairly obvious.
>> They counted on human stupidity. They don't even compare on that scale.
>>
>
> This ssh problem also counts on human stupidity now. There's a known
> serious security problem, let's hope few people drag their heels over
> fixing it.
Well, there are servers that have my key on that I can no longer log into
because I don't know their address, and that the people who now run them
don't know that I have a compromised key on the server...
There are tendrils left over, its not necessarily down to people to know
where all of their keys are. Or be able to contact everyone which has those
keys. And I don't think you can really compare opening
"loveletterforyou.txt.vbs" to carefully removing effected keys from
servers. There's stupidity then there's oversight.
>> Plus they were written in vbs.
>
> And?
It just amuses me. Someone wrote a virus in one of the most crippled
languages the world has ever seen.
K,
More information about the Kent
mailing list