Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)

To: debian-user@lists.debian.org
Subject: Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)
From: Curt <curty@free.fr>
Date: Tue, 15 Apr 2014 09:12:16 +0000 (UTC)
Message-id: <[🔎] slrnlkptso.2gh.curty@einstein.electron.org>
References: <[🔎] 1397328483.609.19.camel@archlinux> <[🔎] 1397329416.609.20.camel@archlinux> <[🔎] 1397331077.609.28.camel@archlinux> <[🔎] CAAr43iM_yExKxuk=-qZ0d7miPDqkiL_0jgWTHp0SBNBYf_O4UA@mail.gmail.com> <[🔎] 1397407039.609.61.camel@archlinux> <[🔎] 20140414030313.GA9681@tal> <[🔎] 534B8648.1000604@hardwarefreak.com> <[🔎] 20140414150113.GA23216@tal> <[🔎] CAH_OBid=t4+udRZctLB2PQMGZ4oiKCGoOiFKRFmWOcbbDFiK2g@mail.gmail.com> <[🔎] 874n1v9yvf.fsf@thumper.dhh.gt.org>

On 2014-04-15, John Hasler <jhasler@newsguy.com> wrote:
>
> If I did any online banking (I don't) I'd change all the passwords no
> matter what the banks said and consider closing the accounts and opening
> new ones with different account numbers as well.  Maybe with different
> banks.

Except that in the case of an uncorrected vulnerability you might then
be offering the black hats your new password, whereas they might not have
been aware of the old one (before the news broke).

Logic would seem to suggest changing passwords for sites with corrected
heartbleed vulnerabilities; how to garner that information, or whether
it is safe to assume this or that financial institution has, or would
have, or must have, fixed the bug by now I will leave as exercise for
the reader.

Well, not entirely: here is the mashable list for the big boys:

http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/

Reply to:

References:
- My fellow (Debian) Linux users ...
  - From: Ralf Mardorf <ralf.mardorf@rocketmail.com>
- Re: My fellow (Debian) Linux users ...
  - From: Ralf Mardorf <ralf.mardorf@alice-dsl.net>
- Re: My fellow (Debian) Linux users ...
  - From: Ralf Mardorf <ralf.mardorf@rocketmail.com>
- Re: My fellow (Debian) Linux users ...
  - From: Joel Rees <joel.rees@gmail.com>
- Re: My fellow (Debian) Linux users ...
  - From: Ralf Mardorf <ralf.mardorf@rocketmail.com>
- Heartbleed (was ... Re: My fellow (Debian) Linux users ...)
  - From: Chris Bannister <cbannister@slingshot.co.nz>
- Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)
  - From: Stan Hoeppner <stan@hardwarefreak.com>
- Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)
  - From: Chris Bannister <cbannister@slingshot.co.nz>
- Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)
  - From: shawn wilson <ag4ve.us@gmail.com>
- Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)
  - From: John Hasler <jhasler@newsguy.com>

Prev by Date: Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)
Next by Date: schroot issues
Previous by thread: Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)
Next by thread: Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)
Index(es):
- Date
- Thread