Re: Critical crypto bug in OpenSSL opens two-thirds of the Web to eavesdropping

From: Paul Breeze <paul.breeze@xxxxxxxxxxxxxx>
To: xywrite@xxxxxxxxxxxxx
Date: Thu, 10 Apr 2014 18:05:14 +0100

Not yet

Paul

On 10/04/2014 17:22, J R FOX wrote:

Quick show of hands now: how many have been rushing to change all their
online passwords (as has been strongly recommended) in the wake of this
news ?  With 5 mail accounts, password-access forum memberships, and a
host of other things, I have too many passwords to keep track of.  I
really should have found a good password manager app. a long time ago.
(Actually I did, some years ago, but it was for OS/2, relatively
complicated as such apps go, and development on it ceased.)  That said,
I've never done any online banking -- except for PayPal, which is very
hard to avoid -- because I never trusted the entire concept.  Email ?
No super-sensitive business stuff in there.  I'm not sure how worried
I'm apt to get over this.  98 % of the public is ill-informed about most
of whatever is going on at the moment, so I would bet that this remains
widely overlooked . . .  until such time as it actually bites them, and
forces an active response.


   Jordan


    ------------------------------------------------------------------------
    *From:* Lynn Brenner <lynn.brenner.nyc@xxxxxxxxx>
    *To:* xywrite@xxxxxxxxxxxxx
    *Sent:* Wednesday, April 9, 2014 8:19 AM
    *Subject:* Re: Critical crypto bug in OpenSSL opens two-thirds of
    the Web to eavesdropping


    Bill,

    I agree that we can assume this vulnerability hasn't been exploited
    in the past two years. Lots of customer money suddenly vanishing
    from big financial institutions would have set off a big hullaballoo.

    But all this publicity has alerted hackers to its existence,
    presumably opening a window of opportunity for them before everyone
    patches the problem....

    Lynn


    On Wed, Apr 9, 2014 at 10:22 AM, Bill Troop <billtroop@xxxxxxxxx
    <mailto:billtroop@xxxxxxxxx>> wrote:

        Isn't it significant, though, that this vulnerability has
        existed for two years and that it /hasn't/ been perceptibly
        exploited? The announcement seems to have an agenda other than
        user safety (i.e. the authors want to improve their credentials
        by publishing a sensational paper).

        At 09/04/2014 05:23, you wrote:

        Here's the stuff of nightmares - off topic, but important to
        know about:

        
http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/


        That's the most detailed story, but it's running everywhere at
        this point - Reuters, CNN, NYT, WSJ etc

        Lynn Brenner

Follow-Ups:
- Re: Critical crypto bug in OpenSSL opens two-thirds of the Web to eavesdropping
  - From: Paul Breeze

References:
- Critical crypto bug in OpenSSL opens two-thirds of the Web to eavesdropping
  - From: Lynn Brenner
- Re: Critical crypto bug in OpenSSL opens two-thirds of the Web to eavesdropping
  - From: Bill Troop
- Re: Critical crypto bug in OpenSSL opens two-thirds of the Web to eavesdropping
  - From: Lynn Brenner
- Re: Critical crypto bug in OpenSSL opens two-thirds of the Web to eavesdropping
  - From: J R FOX

Re: Critical crypto bug in OpenSSL opens two-thirds of the Web to eavesdropping

Other related posts: