On Tue, 17 Aug 2010, Jeremy wrote: > When ssh/ssl had a hole a couple years ago that rendered it ineffective > (200k possible keys), that alone meant almost everyone was vulnerable. > And it was caused by just a simple programming mistake. I wonder when it was first discovered. I mean, there are probably many governments with computer scientists working their butts off to discover things like this that give them an advantage. Once they find it, they don't tell anyone. Once about 10 years ago I was a few minutes late to teach a class at Mizzou. I apologized to the students telling them that Chinese "hackers" had broken into my computer and I was cleaning it up. They didn't seem to believe my excuse, but it was quite true. They don't realize that chinese hackers tried to break into their computers too, but they didn't happen to have the security hole and they had no way to detect the attempt on their port. I think it was ingreslock on Solaris that time. That was the last time I failed to patch my system very quickly and I've had 10 years with no cracks, as far as I can tell. > Considering the power of bot nets, if they aren't run by governments, or > at least infiltrated by govts, then it is alsmost negligence. I think they are. Something like 90% of our computers have a huge backdoor open to Microsoft to change the system at will. Am I the only one who doesn't like that? Mike