[Date Prev][Date Next][Subject Prev][Subject Next][ Date Index][ Subject Index]

Re: Critical crypto bug in OpenSSL opens two-thirds of the Web to eavesdropping



But you having reminded me, I have now.

On 10/04/2014 18:05, Paul Breeze wrote:
Not yet Paul On 10/04/2014 17:22, J R FOX wrote:
Quick show of hands now: how many have been rushing to change all their online passwords (as has been strongly recommended) in the wake of this news ? With 5 mail accounts, password-access forum memberships, and a host of other things, I have too many passwords to keep track of. I really should have found a good password manager app. a long time ago. (Actually I did, some years ago, but it was for OS/2, relatively complicated as such apps go, and development on it ceased.) That said, I've never done any online banking -- except for PayPal, which is very hard to avoid -- because I never trusted the entire concept. Email ? No super-sensitive business stuff in there. I'm not sure how worried I'm apt to get over this. 98 % of the public is ill-informed about most of whatever is going on at the moment, so I would bet that this remains widely overlooked . . . until such time as it actually bites them, and forces an active response. Jordan ------------------------------------------------------------------------ *From:* Lynn Brenner *To:* xywrite@xxxxxxxx *Sent:* Wednesday, April 9, 2014 8:19 AM *Subject:* Re: Critical crypto bug in OpenSSL opens two-thirds of the Web to eavesdropping Bill, I agree that we can assume this vulnerability hasn't been exploited in the past two years. Lots of customer money suddenly vanishing from big financial institutions would have set off a big hullaballoo. But all this publicity has alerted hackers to its existence, presumably opening a window of opportunity for them before everyone patches the problem.... Lynn On Wed, Apr 9, 2014 at 10:22 AM, Bill Troop mailto:billtroop@xxxxxxxx> wrote: Isn't it significant, though, that this vulnerability has existed for two years and that it /hasn't/ been perceptibly exploited? The announcement seems to have an agenda other than user safety (i.e. the authors want to improve their credentials by publishing a sensational paper). At 09/04/2014 05:23, you wrote:
Here's the stuff of nightmares - off topic, but important to know about: http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/ That's the most detailed story, but it's running everywhere at this point - Reuters, CNN, NYT, WSJ etc Lynn Brenner