Search:  

 
theme to white backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Tech and Talk » OS and Software » All Things Unix » Heads Up: Debian OpenSSL RNG Vuln CVE-2008-0166
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Forum FAQ ·Attitude Adjustment ·Linux docs ·DistroWatch ·OPLM ·FreeBSD Handbook
Gentoo revokes developer rights of 3, Cabal suspected. »
« Which is more stable and reliable UNIX OS?  
AuthorAll Replies


Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA

reply to Cabal
Re: Heads Up: Debian OpenSSL RNG Vuln CVE-2008-0166

said by Cabal See Profile :

I know people hate to comment their code, but maybe intentionally using uninitialized memory would be a good opportunity for that sort of thing.
Funny you should mention that
to forum · permalink · · 2008-05-13 11:37:16 · Reply to this


Cabal
Premium
join:2007-01-21
Boston, MA

reply to deblin
quote:
Usually it is bad to have any kind of dependency on uninitialised memory, but OpenSSL happens to include a rare case when its OK, or even a good idea: its randomness pool. Adding uninitialised memory to it can do no harm and might do some good, which is why we do it.
I know people hate to comment their code, but maybe intentionally using uninitialized memory would be a good opportunity for that sort of thing.
--
Interested in open source engine management for your Subaru?
to forum · permalink · · 2008-05-13 11:12:03 · Reply to this


deblin
Dark Side of the Moon
Premium,MVM
join:2001-09-01
Middletown, DE

reply to BeesTea
Thanks for the info.

Just stumbled upon this. Interesting point, not sure I entirely agree with it. But certainly in this case the author makes a good point.
--
»hillaryis404.org/
to forum · permalink · · 2008-05-13 10:39:05 · Reply to this


BeesTea
Network Janitor
Premium,VIP
join:2003-03-08
00000		reply to Steve
That's the attack as I understand it exactly. Thanks!
to forum · permalink · · 2008-05-13 10:12:55 · Reply to this
Forums » Tech and Talk » OS and Software » All Things UnixGentoo revokes developer rights of 3, Cabal suspected. »
« Which is more stable and reliable UNIX OS?  

Tuesday, 01-Dec 12:59:27 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.republican-creole
page compression OFF
Most commented news this week
· [62] Baltimore To Ban Lazy Cable Installs
· [54] Broadband Killed The Game Console
· [38] Rural Carriers Quickly Embracing Fiber
· [37] Rogers Unveils The ISP Dream Model
· [33] AT&T Top Lobbyist Cicconi Has His Feelings Hurt
· [31] Charter Exits Chapter 11
· [28] Comcast Releasing Promised Usage Meter
· [24] Midcontinent Socked With Easement Lawsuit
· [16] Vivendi Agrees, Comcast/NBC Deal Soon
· [12] ACTA: Global Three Strikes
Most people now reading
· Heating - my dad gave me this advice... [Home Repair & Improvement]
· Windows 7 boot manager editing questions [Microsoft Help]
· Data Usage Meter Launched [Comcast HSI]
· [Rant] called out sick! [Rants, Raves, and Praise]
· Is Microsoft Technet ok to use for my family PC's? [Microsoft Help]
· Why Criminals (Hackers) Must Not Be Rewarded [Security]
· IMG 1.7 (IMG Updates and Discussion) [Verizon FIOS TV]
· buying a one way ticket [General Questions]
· [OOL] Youtube not loading [OptimumOnline]
· Prevx says MS Nov 10 patches causing BSOD problems [Security]