frauenfelder at April 11th, 2014 19:02 — #1
marc45 at April 11th, 2014 20:51 — #2
Isn't it ironic that "openSSL" is, in a way, too open?
danegeld at April 12th, 2014 12:33 — #3
Dear Lazyweb, please can you make a website about "snakes but not too long"
cowicide at April 12th, 2014 18:51 — #4
redesigned at April 12th, 2014 19:12 — #5
Don't change your passwords on unpatched servers, or you'll be more at risk not less, now that the bug exploit is public. You can check any server here:
http://filippo.io/Heartbleed/and :443 to the domain name in most cases,
(wait for them to patch before logging back in to them.)
Also while this bug has been in the code for 2 years, it was only discovered by researchers less then 2 weeks ago and has only been public for a number of days. There has been no indication that anyone nefarious has known about the bug prior to this unless they've been really low key with their usage of it. So if you haven't logged into a service in the last few weeks, likely your login information on that service if unique, would not have been compromised as it wouldn't have been in memory from a recent login. Can't hurt to change it anyway, but that is worth considering in your risk assessment.
cowicide at April 12th, 2014 19:52 — #6
There has been no indication that anyone nefarious has known about the bug prior to this unless they've been really low key with their usage of it
I think there has been indications of low key usage, however.
frauenfelder at April 16th, 2014 19:02 — #7
This topic was automatically closed after 5 days. New replies are no longer allowed.