drjbhl
Ramblings of an old Doc
Follow up to ‘FREAK’ and ‘Heartbleed’: NCC Group to audit OpenSSL for Security holes
Published on March 8, 2015 By DrJBHL In Personal Computing

 

Well, I can’t help but say, “Fine…BUT…” to this little gem in the ZDNet article:

"While the audit won't cover every single corner of the codebase, we believe it will be a useful component of the broader efforts being undertaken to improve OpenSSL's engineering and security. This is a fairly large audit, so we expect the preliminary results to start coming out towards the beginning of the summer after we coordinate with the OpenSSL team." - Thomas Ritter, a principal security engineer at NCC

Why do a partial job? Why not do it correctly and completely?

The FREAK defect came from the NSA’s influencing Netscape to use 40 bit encryption instead of 128 in an effort to catch more ‘intelligence’. Sort of like the choice to use the right nets and a few of them to catch the right fish instead of hundreds of nets all over to catch every fish and then sort out the catch…wasteful and dangerous.

The result? All of us being vulnerable to their ‘benificent’ screening…and maybe that was the original goal. Only the result was quite different: Using second rate materials in the foundation (and that’s what OpenSSL is, have no doubt) will weaken the entire house, not just part of it. How much financial damage has been done to the little guy himself and through corporations and government agencies to him indirectly? Trillions of dollars and compromised/lost identities, nest eggs, homes…

So PLEASE: Do it ONCE. Do it COMPLETELY and do it the best way you know how.

Which brings me in a round about way to software in general.

There’s too much compromise in the rush to bring it to market before it’s ready AND secure. The same for medicines, and even “news” reporting. The rush to market (not knocking the free enterprise system) is problematic and has bad results…or certainly less than ideal ones.

So please: Take your time and do it right. And how about looking at all the rest of the critical security elements of the browsers, etc. How about really doing the right thing for a change? After all, we’re not “consumers”. We’re people, and we deserve better.

Source:

http://www.zdnet.com/article/ncc-group-to-audit-openssl-for-security-holes/


Popular Articles in this Category
Safe and free software download sites for windows
Keep an Eye Out!
A new and more functional PC Manager widget from MS
Popular Articles from DrJBHL
Safe and free software download sites for windows
A new and more functional PC Manager widget from MS
Comments
1
ElanaAhova
on Mar 08, 2015

If they really believed that fully and more rigorous audit, (etc.) they would increase their associates' bottom line (profits to largest shareholders) they would.  I won't hold my breath.

 

Meta
Views
» 7769
Comments
» 1
Category
» Personal Computing
Comment
Recent Article Comments
Let's see your political mem...
LightStar Design Windowblind...
Let's start a New Jammin Thr...
A day in the Life of Odditie...
Safe and free software downl...
Veterans Day
A new and more functional PC...
Post your joy
AI Art Thread: 2022
WD Black Internal and Extern...
Sponsored Links
Terms of Service Privacy Policy About Us Contact Us Stardock.com
© 2024 Stardock Corporation. All rights reserved.
JoeUser v1.0.0.0