Martin Mielke said the following on 12/31/2008 10:37 AM:
Hi all,
I'm sending this to both the users list and the off-topic one as it has a rather big impact:
http://hackaday.com/2008/12/30/25c3-hackers-completely-break-ssl-using-200-p...
See also http://www.washingtonpost.com/wp-dyn/content/article/2008/12/30/AR2008123001056_2.html?hpid=moreheadlines&sid=ST2008123001136 <quote> Appelbaum said that his group's attorneys advised against giving Verisign advance notice, citing the possibility that the company could convince a judge that it was in the best interests of public safety to prevent the researchers from publicly presenting their findings. "Our lawyers advised us that telling the CA about this increases the chances of us getting into serious legal trouble that may ultimately prevent us from speaking about it," Appelbaum said. </quote> You may recall that Boston Transit used a court order to prevent MIT researchers presenting about security flaws in the Oyster (?) swipe-card system. I seem to recall thatt some voting machine companies also have this beleif that covering up their flaws is good for the general public. -- "The Singapore government isn't interested in controlling information, but wants a gradual phase-in of services to protect ourselves. It's not to control, but to protect the citizens of Singapore. In our society, you can state your views, but they have to be correct." - Ernie Hai, coordinator of the Singapore Government Internet Project -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org