OpenSSL after Heartbleed

Posted May 2, 2017 10:55 UTC (Tue) by pizza (subscriber, #46)
In reply to: OpenSSL after Heartbleed by citypw
Parent article: OpenSSL after Heartbleed

> How can you explain to the customers about those "massive" exploits defeated KSPP just in a couple of months?

What does this have to do with OpenSSL/Heartbleed and grsec's utter inability to mitigate it or its effects?

> S0rry I'm very practical about security.

FWIW, you have yet to actually demonstrate this.

OpenSSL after Heartbleed

Posted May 2, 2017 14:14 UTC (Tue) by citypw (guest, #82661) [Link]

>> How can you explain to the customers about those "massive" exploits defeated KSPP just in a couple of months?
> What does this have to do with OpenSSL/Heartbleed and grsec's utter inability to mitigate it or its effects?
You didn't answer the question. Btw, I never said PaX/Grsec could mitigate Heartbleed-like issue. Speaking of OpenSSL, I think the media drew your attention on what they want you to see. I was an OpenSSL/GnuTLS maintainer for OpenSuSE/SLES for a while and I know( even I'm not good at crypto stuff) there are potentially bigger impact from some vulns has to be audited and then formed as part of security baseline in some data center. You can google it if your country don't block it though.

>> S0rry I'm very practical about security.
> FWIW, you have yet to actually demonstrate this.
Oh, this is so hard that I can't desmonstrate it. You win, congrats;-)