[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] [cryptography] The Heartbleed Bug is a serious vulnerability in OpenSSL
On 4/7/2014 6:14 PM, grarpamp wrote:
Comments / suggestions from those w/ in depth knowledge in this area?
How users should proceed; how to check if sites used (banks, email,
retail sites, etc.) were / still are affected, so one knows if & when to
change passwords or other data?
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL
cryptographic software library. This weakness allows stealing the
information protected, under normal conditions, by the SSL/TLS encryption
used to secure the Internet. SSL/TLS provides communication security and
privacy over the Internet for applications such as web, email, instant
messaging (IM) and some virtual private networks (VPNs).
The Heartbleed bug allows anyone on the Internet to read the memory of the
systems protected by the vulnerable versions of the OpenSSL software. This
compromises the secret keys used to identify the service providers and to
encrypt the traffic, the names and passwords of the users and the actual
content. This allows attackers to eavesdrop communications, steal data
directly from the services and users and to impersonate services and users.
Patch your stuff.
If the number of sites potentially affected is as large as indicated on
heartbleed.com, changing PW on even 60% of sites I use could take a long
time - even to do it once.
It would do little good to change a password on a site that hasn't
Or perhaps it would do some good, to change the password before logging
out of a site? Then when a site must be accessed again, change the
Either way, this might not provide perfect safety, but might ? be better
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to