On 04/10/14 20:54, Ian Malone wrote:
On 10 April 2014 14:57, Tim <ignored_mailbox@xxxxxxxxxxxx> wrote:
Allegedly, on or about 10 April 2014, Patrick O'Callaghan sent:
Did you also change your passwords on every vulnerable site which
has since been fixed?
That will be a major pain. The one address offered to check
whether a service was patched was overloaded when I tried it, and
probably always will be. So you go around changing all passwords,
to be safe. And will have to continue doing that until you're sure
that it's safe (which is never, really).
See
http://www.theatlantic.com/technology/archive/2014/04/how-to-check-if-a-site-is-safe-from-heartbleed/360417/
for a couple of sites that can be used to test, there are probably
others.
I wonder what the outcome will be if your bank account gets ripped
off due to this, for example. Can you hold the bank liable, or are
they going to say it's your problem? My simple look at the
information provided looks like it's a server and client problem.
Interestingly as the result of one of those test suites I know know
that although one of the banks I use doesn't currently have the
heartbleed bug they do have a different problematic vulnerability,
and will shortly be getting an email about it.
above link gave 2 test sites. 1st gave no response, 2nd gave a
grade of 'B' and said site i was checking was not not vulnerable
to heartbleed attack.
all of which brings to question, if one does not store passwords
for critical sites, does it matter?
--
peace out.
in a world with out fences, who needs gates.
tc.hago.
g
.
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
