Yes. They are called probe requests, and can be easily intercepted and viewed. Multiple programs exist to grab these requests off the air and stand up wireless networks with that SSID.[1]
The large volume of vulnerabilities coming out of OpenSSL are worrying, but it likely reflects the increased effort being put into auditing and fuzzing the code after Heartbleed. What is more worrying is the many other critical pieces of software that have nowhere near the level of scrutiny that OpenSSL is receiving currently.
Searching for vulnerabilities is just like mining for gold: you go for the richest veins first and OpenSSL is deployed widely enough and in enough places where it really matters that it is currently a priority item.
I guess until a couple of weeks ago OpenSSL was 'one of many other critical pieces of software that have nowhere near the level of scrutiny that WordPress (and I know you don't meant Wordpress) is receiving currently'. So we'll see a re-focusing on other software when people feel that either the OpenSSL well of exploits has at least temporarily dried up or when something else that is crucial breaks.
But as long as vulnerabilities in OpenSSL are discovered at this rate it seems to be an effort well-spent, and we will all reap the benefit of that effort.
Heartbleed really shook the IT world, I don't know anybody in operations that was not affected by it. (And I can hear them collectively sighing right now). If there was a Richter scale for exploits it would have rated a '9'.
It's a bit like the news cycle, these things tend to burn out. But right now OpenSSL exploits are very much in the spotlight, and guarantee almost instant fame for the person discovering one. So I think we'll see a few more of these before it will quiet down. (I actually hope that we won't see more of these but given the past couple of weeks that hope is not very realistic).
> Heartbleed really shook the IT world, I don't know anybody in operations that was not affected by it. (And I can hear them collectively sighing right now). If there was a Richter scale for exploits it would have rated a '9'.
Having been around in the '90s, with the instant root shell exploits and whatnot, I tend to think of Heartbleed as more of a 6.
I think some people have also forgotten what a complete disaster Microsoft was right up until the mid 2000s. IE exploits, Windows exploits, IIS exploits (remember Code Red?). They well and truly earned their reputation.
Thanks for that. Went ahead and googled "reductio ad absurdam vs strawman" to learn how the two differ and realized I erred including it in the list. Since the person I replied to either meant to replace my premise with one I do not hold or change the subject slightly, so it's either a strawman or a red herring.
RAA is actually viewed with some skepticism in some branches of logic (not so much because it is invalid but because it can be more easily misused in arguments where the underlying assumptions are not apparent). RAA is kind of analogous to the Axiom of Choice if you like — some logicians go out of their way to avoid it.
This is a typical example of rent seeking behaviour. Companies spending money on lobbying without creating wealth. Unfortunately tax is one of the core functions of government and will always be vulnerable to this sort of manipulation of the political process.
This is a good example of the Tu quoque[1] logical fallacy. Just because America may have its own problems, or be hypocritical in some sense, does not mean that they should not criticise the international community. Hypocrisy does not invalidate the argument.
http://www.devttys0.com/2014/10/reversing-d-links-wps-pin-al...