On 4/10/2014 3:07 PM, g wrote: > > > On 04/10/14 20:54, Ian Malone wrote: >> On 10 April 2014 14:57, Tim <ignored_mailbox@xxxxxxxxxxxx> wrote: >>> Allegedly, on or about 10 April 2014, Patrick O'Callaghan sent: >>>> Did you also change your passwords on every vulnerable site which >>>> has since been fixed? >>> >>> That will be a major pain. The one address offered to check >>> whether a service was patched was overloaded when I tried it, and >>> probably always will be. So you go around changing all passwords, >>> to be safe. And will have to continue doing that until you're sure >>> that it's safe (which is never, really). >> >> See >> http://www.theatlantic.com/technology/archive/2014/04/how-to-check-if-a-site-is-safe-from-heartbleed/360417/ >> >> >> for a couple of sites that can be used to test, there are probably >> others. >> >>> I wonder what the outcome will be if your bank account gets ripped >>> off due to this, for example. Can you hold the bank liable, or are >>> they going to say it's your problem? My simple look at the >>> information provided looks like it's a server and client problem. >> >> Interestingly as the result of one of those test suites I know know >> that although one of the banks I use doesn't currently have the >> heartbleed bug they do have a different problematic vulnerability, >> and will shortly be getting an email about it. > > above link gave 2 test sites. 1st gave no response, 2nd gave a > grade of 'B' and said site i was checking was not not vulnerable > to heartbleed attack. > > all of which brings to question, if one does not store passwords > for critical sites, does it matter? > > Does not *the site* store your password? -- David -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
