[Date Prev][Date Next][Subject Prev][Subject Next][
Date Index][
Subject Index]
Re: Critical crypto bug in OpenSSL opens two-thirds of the Web to eavesdropping
- Subject: Re: Critical crypto bug in OpenSSL opens two-thirds of the Web to eavesdropping
- From: Harry Binswanger hb@xxxxxxxx
- Date: Thu, 10 Apr 2014 15:11:28 -0400
Duh! You have to let each of sites know you've changed your password, so my
idea of a "bulk re-setting" makes no sense.
I use Dashlane, which is good except for a pretty lousy user interface.
E.g., you can't order it to generate a new password (not by any obvious
means, anyway). But it "suggests" fill-ins that make logging onto a site
easy. And sometimes it just logs you in transparently.
I will have to Google whether or not Dashlane allows for bulk re-setting of
passwords.
But you having reminded me, I have now.
On 10/04/2014 18:05, Paul Breeze wrote:
Not yet
Paul
On 10/04/2014 17:22, J R FOX wrote:
Quick show of hands now: how many have been rushing to change all their
online passwords (as has been strongly recommended) in the wake of this
news ? With 5 mail accounts, password-access forum memberships, and a
host of other things, I have too many passwords to keep track of. I
really should have found a good password manager app. a long time ago.
(Actually I did, some years ago, but it was for OS/2, relatively
complicated as such apps go, and development on it ceased.) That said,
I've never done any online banking -- except for PayPal, which is very
hard to avoid -- because I never trusted the entire concept. Email ?
No super-sensitive business stuff in there. I'm not sure how worried
I'm apt to get over this. 98 % of the public is ill-informed about most
of whatever is going on at the moment, so I would bet that this remains
widely overlooked . . . until such time as it actually bites them, and
forces an active response.
Jordan
------------------------------------------------------------------------
*From:* Lynn Brenner
*To:* xywrite@xxxxxxxx
*Sent:* Wednesday, April 9, 2014 8:19 AM
*Subject:* Re: Critical crypto bug in OpenSSL opens two-thirds of
the Web to eavesdropping
Bill,
I agree that we can assume this vulnerability hasn't been exploited
in the past two years. Lots of customer money suddenly vanishing
from big financial institutions would have set off a big hullaballoo.
But all this publicity has alerted hackers to its existence,
presumably opening a window of opportunity for them before everyone
patches the problem....
Lynn
On Wed, Apr 9, 2014 at 10:22 AM, Bill Troop mailto:billtroop@xxxxxxxx> wrote:
Isn't it significant, though, that this vulnerability has
existed for two years and that it /hasn't/ been perceptibly
exploited? The announcement seems to have an agenda other than
user safety (i.e. the authors want to improve their credentials
by publishing a sensational paper).
At 09/04/2014 05:23, you wrote:
Here's the stuff of nightmares - off topic, but important to
know about:
http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/
That's the most detailed story, but it's running everywhere at
this point - Reuters, CNN, NYT, WSJ etc
Lynn Brenner