Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)
On 15/04/14 02:03, Stan Hoeppner wrote:
>> I certainly wouldn't jump to conclusions that they're a bank therefore
>> > they use IBM mainframes therefore they don't use OpenSSL therefore
>> > they're invulnerable,
> I jumped to no conclusion. Do you see the word "bank" in my original
> statement below? No, you see "financial institutions".
Sorry. I'll add the logical step: "... they're a bank therefore they're
a financial institution therefore they use IBM mainframes ..."
>> > and I wish that they'd tell us either way.
> Yes, that would be nice. But outside of technical geeks, none of their
> customers are paying attention.
Of course they're not paying attention. Nobody's telling them about it.
The non-technical people I've spoken to have generally not heard of it.
Maybe they haven't heard of it either: that's one of the things that
> And, more importantly, as a rule
> chiseled in granite, financial institutions, especially banks, never
> admit to doing anything wrong, because it opens them up to liability,
> lawsuits, thus monetary loss. The lawyers have sewn the executives lips
> shut on this while they spend days, if not weeks to a month figuring out
> how to best handle "needed" disclosure without losing [m|b]illions.
That may be the problem, sure. Even though I wouldn't consider it them
doing something wrong, I can see that some would, and it's an
opportunity for lawyers to make money.