• Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

Security Catastrophe: have you changed your passwords?

Collapse
X
  •  
  • Filter
  • Time
  • Show
Clear All
new posts

    #31
    Originally posted by scooterscot View Post
    That's a quality issue not a failure. The software was doing what it was told to do. The failure, as it nearly always is, was the overpaid software engineer.
    Haha, that's the weakest attempt to backtrack I've ever seen. I think you know full well you've moved the argument to something entirely different.

    I said all hardware sucks - the best you can up with is that fast jets have to have 2 different sets of hardware with different components, just in case one of them does indeed suck. Mechanical and electronic things break - that is a FACT. Every single piece of equipment will break one day.

    And by your definition of failure - no software can ever fail then, can it?

    NATS technical failure impact ‘critical’ | Air Traffic Management | Air Traffic Management - ATM and CMS Industry online, the latest air traffic control industry, CAA, ANSP, SESAR and NEXTGEN news, events, supplier directory and magazine

    Comment


      #32
      Here is the guy that wrote the code ..

      Here is the guy that wrote the code, I sure wouldn't like to be him right now, there weren't any measures for memcpy (or equivalent) buffer checking, apparently the code was written in Ruby (although not 100% sure on this).

      LinuxTag 2013 - Press - News Archive


      I hope he's ok, its one thing having the finger pointed at you within the privacy of a company and its another when its a global scale finger pointing exercise directed towards you.

      Here is an interesting article with the usual Geek comments at the bottom of the web page:

      Anatomy of OpenSSL's Heartbleed: How four bytes trigger terrible bug

      Also the link original posted in this thread had a nice tool to check whether or not a given website has had the OpenSSL server patch installed on it, I dunno how reliable it is though, itv.com isn't working for me for example:

      Test your server for Heartbleed (CVE-2014-0160)

      Comment


        #33
        Originally posted by vwdan View Post
        Haha, that's the weakest attempt to backtrack I've ever seen. I think you know full well you've moved the argument to something entirely different.
        So you yield?

        Originally posted by vwdan View Post
        I said all hardware sucks - the best you can up with is that fast jets have to have 2 different sets of hardware with different components, just in case one of them does indeed suck. Mechanical and electronic things break - that is a FACT. Every single piece of equipment will break one day.
        Fatigue was discovered here first. Remember this boys & girls. Remember this day.

        Originally posted by vwdan View Post
        And by your definition of failure - no software can ever fail then, can it?
        I think you're making the assumption failure has something to do with an unwanted event occurring in a given specification. Of every software failure I've encountered it is nothing to do with the software and everything to do with a change in the specification during it's deployment. An increased cable length causes delay in data transmission bringing about data corruption for example.

        I think you need to re-skill. Pronto.
        "Never argue with stupid people, they will drag you down to their level and beat you with experience". Mark Twain

        Comment


          #34
          Originally posted by scooterscot View Post
          I think you're making the assumption failure has something to do with an unwanted event occurring in a given specification. Of every software failure I've encountered it is nothing to do with the software and everything to do with a change in the specification during it's deployment. An increased cable length causes delay in data transmission bringing about data corruption for example.

          I think you need to re-skill. Pronto.
          Except that wasn't the case with the radiation thing, nor the Patriot Missile Defence system that was discussed here the other day.

          You made statements (in response to a tongue in cheek comment) that have simply been demonstrably untrue. You have nothing to back your claims and the best you can do is attempt to redefine what has already been said.

          Comment


            #35
            Still not sure what we should do. In the DM one expert says what NF did above, that changing pwds now before you are sure the servers are safe is not a good idea. Maybe wait till banks etc put up a message.

            Also seem to recall that I have openSSL on my machine as part of install of Ultrafunk Popcorn mail thing.
            bloggoth

            If everything isn't black and white, I say, 'Why the hell not?'
            John Wayne (My guru, not to be confused with my beloved prophet Jeremy Clarkson)

            Comment


              #36
              Originally posted by vwdan View Post
              Except that wasn't the case with the radiation thing, nor the Patriot Missile Defence system that was discussed here the other day.

              You made statements (in response to a tongue in cheek comment) that have simply been demonstrably untrue. You have nothing to back your claims and the best you can do is attempt to redefine what has already been said.
              Proof comes with the models I construct, the HASS / HALT tests, and a hefty invoice.

              If you're good at something don't educate people for free. Unless you're one of those hippy types.
              "Never argue with stupid people, they will drag you down to their level and beat you with experience". Mark Twain

              Comment


                #37
                Originally posted by scooterscot View Post
                Proof comes with the models I construct, the HASS / HALT tests, and a hefty invoice.

                If you're good at something don't educate people for free. Unless you're one of those hippy types.
                Ah, the good old "I could prove that I'm right, but I won't". Okay then, thanks for playing, princess.

                Comment


                  #38
                  Originally posted by vwdan View Post
                  Ah, the good old "I could prove that I'm right, but I won't". Okay then, thanks for playing, princess.
                  Ah the 'I can get on life by proving my gelatinous existence is something worthwhile sliding under the office door each morning for' card.
                  "Never argue with stupid people, they will drag you down to their level and beat you with experience". Mark Twain

                  Comment


                    #39
                    Originally posted by scooterscot View Post
                    Ah the 'I can get on life by proving my gelatinous existence is something worthwhile sliding under the office door each morning for' card.
                    Wanna make out?

                    Comment


                      #40
                      Originally posted by vwdan View Post
                      Wanna make out?
                      Ah ma bitch.
                      "Never argue with stupid people, they will drag you down to their level and beat you with experience". Mark Twain

                      Comment

                      Working...
                      X