LynnBut all this publicity has alerted hackers to its existence, presumably opening a window of opportunity for them before everyone patches the problem....
Bill,
I agree that we can assume this vulnerability hasn't been exploited in the past two years. Lots of customer money suddenly vanishing from big financial institutions would have set off a big hullaballoo.
On Wed, Apr 9, 2014 at 10:22 AM, Bill Troop mailto:billtroop@xxxxxxxx wrote:Isn't it significant, though, that this vulnerability has existed for two years and that it hasn't been perceptibly exploited? The announcement seems to have an agenda other than user safety (i.e. the authors want to improve their credentials by publishing a sensational paper).
At 09/04/2014 05:23, you wrote:
Here's the stuff of nightmares - off topic, but important to know about:
http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/ http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/
That's the most detailed story, but it's running everywhere at this point - Reuters, CNN, NYT, WSJ etc
Lynn Brenner