[Date Prev][Date Next][Subject Prev][Subject Next][
Date Index][
Subject Index]
Re: Critical crypto bug in OpenSSL opens two-thirds of the Web to eavesdropping
- Subject: Re: Critical crypto bug in OpenSSL opens two-thirds of the Web to eavesdropping
- From: J R FOX jr_fox@xxxxxxxx
- Date: Thu, 10 Apr 2014 12:13:08 -0700 (PDT)
Paul,
You beat me to posting that link. Skimming it, I see PayPal and Amazon in the "Pass" column, so I'm already feeling better about this. That probably accounts for most of my exposure right there. Never had any use for Facebook. When the cell phone provider, power utility, etc. etc. have asked me to initiate an online account, I never bothered to do so. I pay all my bills by check in return envelope via the postal service. What can I say ? Very old school, here. (Would you expect anything different, on a list of this nature ?)
Jordan
From: Paul Lagasse
To: xywrite@xxxxxxxx
Sent: Thursday, April 10, 2014 10:43 AM
Subject: Re: Critical crypto bug in OpenSSL opens two-thirds of the Web to eavesdropping
You can find a list of the current situation at the "Top 100" sites
at
http://www.cnet.com/how-to/which-sites-have-patched-the-heartbleed-bug/
Paul Lagasse
On 04/10/2014 12:22 PM, J R FOX wrote:
Quick
show of hands now: how many have been rushing to change all
their online passwords (as has been strongly recommended) in the
wake of this news ? With 5 mail accounts, password-access forum
memberships, and a host of other things, I have too many
passwords to keep track of. I really should have found a good
password manager app. a long time ago. (Actually I did, some
years ago, but it was for OS/2, relatively complicated as such
apps go, and development on it ceased.) That said, I've never
done any online banking -- except for PayPal, which is very hard
to avoid -- because I never trusted the entire concept. Email
? No super-sensitive business stuff in there. I'm not sure how
worried I'm apt to get over this. 98 % of the public is
ill-informed about most of whatever is going on at the moment,
so I would bet that this remains widely overlooked . . . until
such time as it actually bites them, and forces an active
response.
Jordan
From: Lynn
Brenner mailto:lynn.brenner.nyc@xxxxxxxx
To:
xywrite@xxxxxxxx
Sent:
Wednesday, April 9, 2014 8:19 AM
Subject:
Re: Critical crypto bug in OpenSSL opens two-thirds
of the Web to eavesdropping
Bill,
I agree that we can assume this
vulnerability hasn't been exploited in the
past two years. Lots of customer money
suddenly vanishing from big financial
institutions would have set off a big
hullaballoo.
But all this publicity has alerted hackers to
its existence, presumably opening a window of
opportunity for them before everyone patches
the problem....
Lynn
On Wed,
Apr 9, 2014 at 10:22 AM, Bill Troop
mailto:billtroop@xxxxxxxx
wrote:
Isn't it significant, though, that this
vulnerability has existed for two
years and that it
hasn't been
perceptibly exploited? The
announcement seems to have an agenda
other than user safety (i.e. the
authors want to improve their
credentials by publishing a sensational
paper).
At 09/04/2014 05:23, you wrote:
Here's the stuff
of nightmares -
off topic, but important to know
about:
http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/
That's the most detailed story, but
it's running everywhere at this point
- Reuters, CNN, NYT, WSJ etc
Lynn Brenner