[Date Prev][Date Next][Subject Prev][Subject Next][
Date Index][
Subject Index]
Re: Critical crypto bug in OpenSSL opens two-thirds of the Web to eavesdropping
- Subject: Re: Critical crypto bug in OpenSSL opens two-thirds of the Web to eavesdropping
- From: Paul Breeze paul.breeze@xxxxxxxx
- Date: Thu, 10 Apr 2014 18:05:14 +0100
Not yet
Paul
On 10/04/2014 17:22, J R FOX wrote:
Quick show of hands now: how many have been rushing to change all their
online passwords (as has been strongly recommended) in the wake of this
news ? With 5 mail accounts, password-access forum memberships, and a
host of other things, I have too many passwords to keep track of. I
really should have found a good password manager app. a long time ago.
(Actually I did, some years ago, but it was for OS/2, relatively
complicated as such apps go, and development on it ceased.) That said,
I've never done any online banking -- except for PayPal, which is very
hard to avoid -- because I never trusted the entire concept. Email ?
No super-sensitive business stuff in there. I'm not sure how worried
I'm apt to get over this. 98 % of the public is ill-informed about most
of whatever is going on at the moment, so I would bet that this remains
widely overlooked . . . until such time as it actually bites them, and
forces an active response.
  Jordan
  ------------------------------------------------------------------------
  *From:* Lynn Brenner 
  *To:* xywrite@xxxxxxxx
  *Sent:* Wednesday, April 9, 2014 8:19 AM
  *Subject:* Re: Critical crypto bug in OpenSSL opens two-thirds of
  the Web to eavesdropping
  Bill,
  I agree that we can assume this vulnerability hasn't been exploited
  in the past two years. Lots of customer money suddenly vanishing
  from big financial institutions would have set off a big hullaballoo.
  But all this publicity has alerted hackers to its existence,
  presumably opening a window of opportunity for them before everyone
  patches the problem....
  Lynn
  On Wed, Apr 9, 2014 at 10:22 AM, Bill Troop mailto:billtroop@xxxxxxxx> wrote:
    Isn't it significant, though, that this vulnerability has
    existed for two years and that it /hasn't/ been perceptibly
    exploited? The announcement seems to have an agenda other than
    user safety (i.e. the authors want to improve their credentials
    by publishing a sensational paper).
    At 09/04/2014 05:23, you wrote:
    Here's the stuff of nightmares - off topic, but important to
    know about:
    http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/
    That's the most detailed story, but it's running everywhere at
    this point - Reuters, CNN, NYT, WSJ etc
    Lynn Brenner