From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00
	autolearn=unavailable autolearn_force=no version=3.4.4
Path: 
 eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!news.eternal-september.org!news.eternal-september.org!news.eternal-september.org!feeder.eternal-september.org!newsfeed1.swip.net!newsfeed.arcor.de!newsspool4.arcor-online.net!news.arcor.de.POSTED!not-for-mail
Date: Wed, 23 Apr 2014 10:20:36 +0200
From: Georg Bauhaus <rm-host.bauhaus@maps.futureapps.de>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9;
 rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
Newsgroups: comp.lang.ada
Subject: Re: OpenSSL development (Heartbleed)
References: <-OGdnezdYpRWFc_OnZ2dnUVZ_vednZ2d@giganews.com>
 <535297f1$0$6715$9b4e6d93@newsspool3.arcor-online.net>
 <op.xekmrhmiule2fv@cardamome>
 <5352a585$0$6707$9b4e6d93@newsspool3.arcor-online.net>
 <lj4ath$c6i$1@loke.gir.dk>
 <535688a0$0$6721$9b4e6d93@newsspool3.arcor-online.net>
 <19mxjybev4fc9.1fkxznem326v8$.dlg@40tude.net> <lj671n$bj6$1@dont-email.me>
 <1ottu3pw9hxl1.i1h7v3r51vk0.dlg@40tude.net>
 <slrnlleked.i0l.lithiumcat@nat.rebma.instinctive.eu>
 <6xpjk44lobfz.fctt93m75u47$.dlg@40tude.net>
 <slrnllerjr.i0l.lithiumcat@nat.rebma.instinctive.eu>
 <1vxwm495minb6$.wm25x1fswshx.dlg@40tude.net>
In-Reply-To: <1vxwm495minb6$.wm25x1fswshx.dlg@40tude.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Message-ID: <535777d5$0$6712$9b4e6d93@newsspool2.arcor-online.net>
Organization: Arcor
NNTP-Posting-Date: 23 Apr 2014 10:20:37 CEST
NNTP-Posting-Host: ee96003c.newsspool2.arcor-online.net
X-Trace: 
 DXC=Z64dGPRHGfDlU`@c^jLCbJA9EHlD;3YcB4Fo<]lROoRA8kF<OcfhCOKS]UcL3d7f3CPCY\c7>ejVH<0O3ncWeXZL@E6`GmHdnmA
X-Complaints-To: usenet-abuse@arcor.de
Xref: news.eternal-september.org comp.lang.ada:19518
Date: 2014-04-23T10:20:37+02:00
List-Id: <comp.lang.ada>

On 23/04/14 10:04, Dmitry A. Kazakov wrote:
> To my limited knowledge it sent some dumps of the server's memory. Again, a
> silly Boy Scout's question, how a*transport*  layer could even come to
> this?
>
> To me this looks a protocol layer encapsulation fault. (Not a big wonder
> considering the huge mess web protocols represent.)

Some have found it suspicious that a "ping" like thing
would transport anything, making this appear to be a backdoor.
See fefe's blog, for example (German, Apr 9).

"(...). Aus meiner Sicht riecht das wie eine Backdoor, es schmeckt
wie eine Backdoor, es hat die Konsistenz einer Backdoor,
und es sieht aus wie eine Backdoor".

"(...). From my point of view it smells like a backdoor, it tastes
like a backdoor, it has the texture of a backdoor,
and it looks like a backdoor".


This comment has been address by the OpenSSL author,
a little later (ibd.).