[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)

On 2014-04-15, John Hasler <jhasler@newsguy.com> wrote:
> If I did any online banking (I don't) I'd change all the passwords no
> matter what the banks said and consider closing the accounts and opening
> new ones with different account numbers as well.  Maybe with different
> banks.

Except that in the case of an uncorrected vulnerability you might then
be offering the black hats your new password, whereas they might not have
been aware of the old one (before the news broke).

Logic would seem to suggest changing passwords for sites with corrected
heartbleed vulnerabilities; how to garner that information, or whether
it is safe to assume this or that financial institution has, or would
have, or must have, fixed the bug by now I will leave as exercise for
the reader.

Well, not entirely: here is the mashable list for the big boys:


Reply to: