[Date Prev][Date Next][Subject Prev][Subject Next][ Date Index][ Subject Index]

Re: Critical crypto bug in OpenSSL opens two-thirds of the Web to eavesdropping

Subject: Re: Critical crypto bug in OpenSSL opens two-thirds of the Web to eavesdropping
From: Harry Binswanger hb@xxxxxxxx
Date: Thu, 10 Apr 2014 15:11:28 -0400

Duh! You have to let each of sites know you've changed your password, so my
idea of a "bulk re-setting" makes no sense.

I use Dashlane, which is good except for a pretty lousy user interface.
E.g., you can't order it to generate a new password (not by any obvious
means, anyway). But it "suggests" fill-ins that make logging onto a site
easy. And sometimes it just logs you in transparently.

I will have to Google whether or not Dashlane allows for bulk re-setting of
passwords.

But you having reminded me, I have now.

On 10/04/2014 18:05, Paul Breeze wrote:

Not yet

Paul

On 10/04/2014 17:22, J R FOX wrote:

Quick show of hands now: how many have been rushing to change all their
online passwords (as has been strongly recommended) in the wake of this
news ? With 5 mail accounts, password-access forum memberships, and a
host of other things, I have too many passwords to keep track of. I
really should have found a good password manager app. a long time ago.
(Actually I did, some years ago, but it was for OS/2, relatively
complicated as such apps go, and development on it ceased.) That said,
I've never done any online banking -- except for PayPal, which is very
hard to avoid -- because I never trusted the entire concept. Email ?
No super-sensitive business stuff in there. I'm not sure how worried
I'm apt to get over this. 98 % of the public is ill-informed about most
of whatever is going on at the moment, so I would bet that this remains
widely overlooked . . . until such time as it actually bites them, and
forces an active response.

Jordan

------------------------------------------------------------------------
*From:* Lynn Brenner
*To:* xywrite@xxxxxxxx
*Sent:* Wednesday, April 9, 2014 8:19 AM
*Subject:* Re: Critical crypto bug in OpenSSL opens two-thirds of
the Web to eavesdropping

Bill,

I agree that we can assume this vulnerability hasn't been exploited
in the past two years. Lots of customer money suddenly vanishing
from big financial institutions would have set off a big hullaballoo.

But all this publicity has alerted hackers to its existence,
presumably opening a window of opportunity for them before everyone
patches the problem....

Lynn

On Wed, Apr 9, 2014 at 10:22 AM, Bill Troop mailto:billtroop@xxxxxxxx> wrote:

Isn't it significant, though, that this vulnerability has
existed for two years and that it /hasn't/ been perceptibly
exploited? The announcement seems to have an agenda other than
user safety (i.e. the authors want to improve their credentials
by publishing a sensational paper).

At 09/04/2014 05:23, you wrote:

Here's the stuff of nightmares - off topic, but important to
know about:

http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/

That's the most detailed story, but it's running everywhere at
this point - Reuters, CNN, NYT, WSJ etc

Lynn Brenner

Prev by Date: Re: I need a new desktop computer -- Recommendations?
Next by Date: Re: Critical crypto bug in OpenSSL opens two-thirds of the Web to eavesdropping
Previous by thread: Re: Crippled Xy4 Enter
Next by thread: Re: Critical crypto bug in OpenSSL opens two-thirds of the Web to eavesdropping
Index(es):
- Date
- Subject