Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)

[Joel Rees <joel.rees@gmail.com>]

On Mon, Apr 14, 2014 at 8:41 PM, Richard Hector <richard@walnut.gen.nz> wrote:

On 14/04/14 23:31, Stan Hoeppner wrote:
>> > BTW, you shouldn't focus only on banks either. There are a lot of
>> > popular services that use free software a lot, some of which happen to
>> > include payment functionality.
> I did not "focusing on banks".  I replied to Chris Bannister's statement
> regarding *his bank*, which you snipped, again intentionally deleting
> context in order to be a contradictarian.

Chris, like me, appears to be in New Zealand.

The only local bank I've heard any info about is Kiwibank, who are
apparently not vulnerable due to running their systems on Windows.

That's a laugh. Not vulnerable to this parade, but ...

 

I believe at least one local bank runs most of their stuff on Linux, but
I haven't heard anything from them.

Perhaps (some of the) banks are a bit smaller here, and don't
necessarily run to the mainframes used elsewhere.

Banks use RedHat quite extensively. OpenBSD shows up in odd places, even though keeping it maintained is a bit of a hassle.

OpenSSL?

 

I certainly wouldn't jump to conclusions that they're a bank therefore
they use IBM mainframes therefore they don't use OpenSSL therefore
they're invulnerable, and I wish that they'd tell us either way.

Richard 

My bank has been trying to get me to update my password for about six months, I think. Just recently, they got a new OTP keychain-type dongle that they are trying to get all their on-line customers to start using. (I'm debating that one with myself. If done right, the OTP dongle could be quite successful in mitigating this kind of stuff, but I'm pretty sure the current dongles are taking the easy approach.)

--
Joel Rees

Computer memory is just fancy paper;

CPUs and IO devices are just fancy pens.