A little while ago, Tavis Ormandy twitterated about an OpenSSL bug he reported. This didn’t sound good, so I took a look.

more...

“Snowden had a fall back question: “Can it be conclusively proven that you’re not the greatest leader in human history?“” - steven_metz

“Told Snowden Russia does NOT collect data of millions of citizens. Instead we collect the actual citizens. In camps. Long as they can work.” - ViktorInEnglish

“I think the keyword there is “uncontrolled”. It’s totally controlled. They target everyone individually. It’s not “mass”” - thegrugq

The only thing better than remembering the past is reliving it.

more...

“Instead, he seems to have seized an opportunity to poke a giant bear with a stick. The bear then ate him and his users.” - tptacek

About two days ago, I was poking around with OpenSSL to find a way to mitigate Heartbleed. I soon discovered that in its default config, OpenSSL ships with exploit mitigation countermeasures, and when I disabled the countermeasures, OpenSSL stopped working entirely. That sounds pretty bad, but at the time I was too frustrated to go on. Last night I returned to the scene of the crime.

more...

About two years ago, OpenSSL introduced a new feature that you’ve never used or even heard about until yesterday, after somebody discovered a bug that could be used to read process memory.

more...

One of the obvious ideas I (and several others had) as soon as signify was released was to extend it to do more. After all, no program is complete until it can read email. Or at least munge up your email real bad.

more...

Received an email this morning about a package containing a large amount of cash being held by DHL (yippee!). As befits important email of a security sensitive nature, they tried to sign the message, or at least I think that’s what they were trying to do.

To: tedu@cvs.openbsd.org, hmac-ripemd160-etm@openssh.com

While it’s comforting to see that they chose the more secure encrypt-then-mac construction, RIPEMD-160 is hardly cutting edge. As such, I’m not sure I can trust this message.

A comparison of some CPUs using my favorite benchmark, md5 -t.

Dell CS24, Xeon L5450 @ 2.5GHz

Time   = 0.242135 seconds
Speed  = 412992751.977203 bytes/second

Thinkpad T430s, i5-3320M @ 2.6GHz (plus turbo)

Time   = 0.184372 seconds
Speed  = 542381706.549801 bytes/second

Thinkpad X200s, Core2 @ 1.8GHz

Time   = 0.325009 seconds
Speed  = 307683787.218200 bytes/second

Thinkpad X1 Carbon, i5-5300U @ 2.3GHz

Time   = 0.206281 seconds
Speed  = 484775621.603541 bytes/second

No name router, Atom @ 1.8GHz

Time   = 0.399222 seconds
Speed  = 250487197.599331 bytes/second

Sun T5120, T2 @ 1.2GHz

Time   = 1.809987 seconds
Speed  = 55249015.600665 bytes/second

BeagleBone Black, ARM Cortex A8

Time   = 1.373115 seconds
Speed  = 72827112.077284 bytes/second

EdgeRouter Lite, Octeon @ 500MHz

Time   = 2.198556 seconds
Speed  = 45484399.760570 bytes/second

Intel “Braswell” Celeron N3050 @ 1.6GHz

Time   = 0.334014 seconds
Speed  = 299388648.380008 bytes/second

A short note about my Dell CS24 to accompany the post about the Sun T5120.

more...