[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] [cryptography] The Heartbleed Bug is a serious vulnerability in OpenSSL
On 4/9/2014 12:57 PM, Joe Btfsplk wrote:
On 4/8/2014 5:24 PM, Joe Btfsplk wrote:
On 4/8/2014 4:25 PM, grarpamp wrote:
https://blog.torproject.org/ covers what to do for Tor things.
(Note, this is a TLS in process bug, so more than HTTP/S services are
This bug will no doubt trigger some thinking, analysis and change in
security, infrastructure and user communites... that's a good thing.
Thanks. Adding one more heartbleed vulnerability site I tried:
UPDATE: Users should not assume that by now, their bank / other HTTPS sites
have patched the OpenSSL software.
Use one of the check sites, to see if a domain / server is still vulnerable to
As of late morning, 4/9/14, one of my banks (takes > 1 to hold all my $ :D)
still hasn't patched it.
They have no warning on their site about it & apparently aren't restricting
user login to access acct info or online bill pay.
They're not cautioning users to be alert for suspicious activity in their acct.
It seems no one wants to talk or hear about this issue. It is not being
reported on media sites or anywhere else, other than the Heartbleed site, and
the OpenSSL lists.
This bug has been a known issue for about 2 years, and we are only now learning
about it. Not from banking, credit card, or shopping sites, nor from most news
sites (the reports I've seen on news sites tend to downplay the scope and
severity of the problem altogether, or simply say, "It's fixed"). Saying "it's
fixed", is far from true.
It makes me wonder if the NSA was involved in inserting this bug into OpenSSL
clients and servers.
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to