Neel Mehta of Google Security discovered the flaw on march 21st. They created a patch for OpenSSL on the same day. Google submitted this patch for inclusion to OpenSSL, and simultaneously distributed the patch file to some major distros such as Red Hat and apply it to their own servers.
On or before March 31st, CloudFlare gets the patch file and applies it. They blogged about it, giving the first public notice of the problem.
April 1, Google notifies the OpenSSL team of the vulnerability.
So, Google didn't immediately go directly to the public, but did immediately go to the major players. This is actually the right way to do it -- give the major vectors a chance to patch things up before making the world (and all the bad guys) aware of the vulnerability.
It took 10 days from the time of discovery to the time the world was notified, and they had the fix already in hand when they did so. Google did good on this.
Not a good reason at all. First, due to the nature of the exploit, it's incredibly difficult to determine if it was actually used. No trace is left, no red flags appear in any logs, etc. The only way to tell is through inference. Second, there have been a number of breaches that imply that Heartbleed was successfully used.
Let's be a bit rational here. they could use the app to spy on you and those around you. That they request those permissions doesn't really mean the will do so. It means that they're asking you to trust them.
First, who's "he"? I was talking about a group of people, not an individual.
Second, by "the masses," I did not mean "voters". I meant "the entire population of the Earth." And yes, for a long time, the government did get away with this particular deception.
The use of the word "gullibility" is highly misleading, and that's why I take exception to it. Unless you equate "trust" with "gullibility," in which case we'll just have to disagree on this point. That the trust is rapidly evaporating, both among US citizens and the rest of the world, indicates to me that people aren't as gullible as some would suppose.
And I believe that it does violate the Constitution, for pretty much the same reasoning as the article states. Fair enough.
Two points, though: first, although what the SC has to say settles the matter in terms of law, I don't think that it settles the matter in terms of truth. Just because the SC says something is Constitutional doesn't automatically mean it really is Constitutional. Even the SC has reversed themselves a number of times on what is or is not Constitutional.
Second, the behavior of the US from the latter part of the 20th century to the present day clearly shows that it considers the entire planet to be within the jurisdiction of US laws.
You can't be serious. There are two main problems with this...
1) If the NSA finds an exploit, so will criminal crackers. It won't stay a secret.
2) If Cisco equipment uses an exploit, Huawei (and all other similar companies), as well as criminal crackers, will find it as soon as they reverse engineer the Cisco equipment (which all groups do whenever a new model is released). It won't stay secret.
No matter what, these exploits won't stay secret. The NSA is even behind the curve in finding them -- they purchase most of them form the black and gray markets. By keeping any exploit a secret, the only thing that's accomplished is that critical infrastructure and everyone using it is left vulnerable to an exploit they may not know about but all the crooks do.
"What you don't seem to get is that it's the collective value of HBO shows that should sell the concept. A single show may be the tipping point for some people, but really, there is a lot on the channel and you likely would want it for that."
Everybody gets that point. Perhaps the point you're missing is that there are a lot of people that who want to watch GoT and also who have no interest whatsoever in any other cable offerings, HBO or not.
Nobody is actually going to subscribe to cable to watch GoT. That's not the point of the math. The point of the math is to show how high the barrier is for people who want GoT and only GoT. This high barrier encourages piracy. (It doesn't justify it, so no need to go there). If HBO wanted to reduce the amount of GoT piracy, they would do well to provide a way to watch it that doesn't cost $50 per episode.
"Think before you reply."
Physician, heal thyself. Especially before slinging around insults based on your own lack of understanding.
The fuss is that they are tasked with both spying, which entails using exploits, and with protecting the network, which entails disclosing weaknesses.
These two task are mutually exclusive. So all we get is them exploiting the network and keeping those exploits a secret, which means those exploits won't get fixed as quickly, if ever, which means that the entire security of the net is endangered by the NSA.
Re: Re: Sure, if you consider being able to choose whether you want to be shot in your right foot or left foot a 'democratic'-style choice.
The election system is intentionally geared to severely disadvantage all third parties. Just getting a third part on the ballot is an enormous task. Once there, the advantages of the two primary parties are so huge that it's incredibly difficult to even get the word out in an effective way. You're excluded from major debates, you have a disadvantage in terms of getting air time, etc.