

3 SSL vulnerability discovered in 3 months, anything wrong?  - 0xo

-Apple&#x27;s Goto Fail
-GnuTLS certificate issue
- OpenSSL Heartbleed<p>It may be a coincidence but they all have something in common:<p>- affects SSL.
- &#x27;simple&#x27; coding error.
- had been there for a long time.
- flaw affects the fundamental feature of SSL. Affects certificates specifically while not needing anything at all in the third.<p>It may just be paranoia but there are very disturbing flaws.<p>OR<p>Maybe people have a very bad coding and &#x27;auditing&#x27; habit.<p>At an age where there are so many privacy and surveillance issues, it gets worrisome.
======
tptacek
_Gozer the Traveler. He will come in one of the pre-chosen forms. During the
rectification of the Vuldrini, the traveler came as a large and moving Torg!
Then, during the third reconciliation of the last of the McKetrick
supplicants, they chose a new form for him: that of a giant Slor! Many Shuvs
and Zuuls knew what it was to be roasted in the depths of the Slor that day, I
can tell you!_

------
glimcat
Security vulnerabilities are often found in clusters, whether because of
heightened attention or simply because coincidence & cognitive bias.

~~~
anthony_franco
Exactly. Similar thing happened to Rails last year. One big vulnerability
discovery led to a couple more being discovered soon afterwards.

