You can find a list of the current situation at the "Top 100" sites
at
http://www.cnet.com/how-to/which-sites-have-patched-the-heartbleed-bug/
Paul Lagasse
On 04/10/2014 12:22 PM, J R FOX wrote:
Quick
show of hands now: how many have been rushing to change all
their online passwords (as has been strongly recommended) in the
wake of this news ? With 5 mail accounts, password-access forum
memberships, and a host of other things, I have too many
passwords to keep track of. I really should have found a good
password manager app. a long time ago. (Actually I did, some
years ago, but it was for OS/2, relatively complicated as such
apps go, and development on it ceased.) That said, I've never
done any online banking -- except for PayPal, which is very hard
to avoid -- because I never trusted the entire concept. Email
? No super-sensitive business stuff in there. I'm not sure how
worried I'm apt to get over this. 98 % of the public is
ill-informed about most of whatever is going on at the moment,
so I would bet that this remains widely overlooked . . . until
such time as it actually bites them, and forces an active
response.
Jordan
From: Lynn
Brenner mailto:lynn.brenner.nyc@xxxxxxxx
To:
xywrite@xxxxxxxx
Sent:
Wednesday, April 9, 2014 8:19 AM
Subject:
Re: Critical crypto bug in OpenSSL opens two-thirds
of the Web to eavesdropping
Bill,
I agree that we can assume this
vulnerability hasn't been exploited in the
past two years. Lots of customer money
suddenly vanishing from big financial
institutions would have set off a big
hullaballoo.
But all this publicity has alerted hackers to
its existence, presumably opening a window of
opportunity for them before everyone patches
the problem....
Lynn
On Wed,
Apr 9, 2014 at 10:22 AM, Bill Troop mailto:billtroop@xxxxxxxx;
href="mailto:billtroop@xxxxxxxx
wrote:
Isn't it significant, though, that this
vulnerability has existed for two
years and that it hasn't been
perceptibly exploited? The
announcement seems to have an agenda
other than user safety (i.e. the
authors want to improve their
credentials by publishing a sensational
paper).
At 09/04/2014 05:23, you wrote:
Here's the stuff
of nightmares -
off topic, but important to know
about:
http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/
That's the most detailed story, but
it's running everywhere at this point
- Reuters, CNN, NYT, WSJ etc
Lynn Brenner
|