Ya fits our initial thought. I would find this attack very hard on a busy server.
OpenBSD is being well OpenBSD
no surprise on the OpenBSD stuff
Just saw this today (released yesterday):
BSD is just forking OpenSSL, not really doing anything too ground breaking.
I am shocked there hasn’t bee another Java 0day out so people can move on.
Did you see some of the changes? They’re making some pretty radical changes to it. It’s not out of the ordinary for something like that to happen, but it’s interesting. They’ll regret it in the long run though. It’s a knee jerk reaction.
So the BSD project has gotten full effort now that they keep uncovering really scary items in OpenSSL. A basic understanding of code may help make some be more entertaining/scary.
“Remove non-posix support. Why is OPENSSL_isservice even here? Is this a crypto library or a generic platform abstraction library? “A hack to make Visual C++ 5.0 work correctly” … time to upgrade.”— tedu
Not a fork they are doing refactoring on steroids and it will a.) usefully improve openssl or b.) break openssl and be adandonware.
I fear much of what there doing won’t be useful for mainline inclusion since they are saying fuck-it to all the ports they don’t care about, which is classic Theo and OpenBSD behaviour.
It is nice to see that a FOSS project realized they need a full time dev and project management team for something that runs such a large part of the web. Hopefully what they start is a project that continues on.
Wells it official OpenBSD forked it…
Great article :tup: