Has anyone started a list of embedded devices vulnerable to #heartbleed and wether they can or cannot be patched yet?
-
-
@attritionorg@StephenBattista@spacerog indeed. just looking to stand on the shoulders of giants :) -
@iamthecavalry@StephenBattista@spacerog yeah, we can't take the weight. too many stand on us. and stomp all over us.
End of conversation
New conversation -
-
-
@attritionorg@iamthecavalry@spacerog You are right. Quick CVE look-up shows not once a year, still not stellar with 7 in the last decade. -
@StephenBattista@iamthecavalry@spacerog don't appear relevant to the RCE debate, but remember CVE missing 3 OpenSSL from last few years.
End of conversation
New conversation -
-
-
@attritionorg@iamthecavalry@spacerog Not once a year CVE 2010-3864, 2010-2939, 2010-0742, CVE-2007-4995, 2007-5135 2006-3738, 2003-0545 -
@StephenBattista@iamthecavalry@spacerog 2010-2939 is use-after-free DoS according to some analysis. 2010-0742 is c/d or user-assisted. -
@attritionorg@iamthecavalry@spacerog Also concepts change, OpenSSL uses longs for time. Welcome to 2038's Y2K problem.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.