Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)
On Tue, Apr 15, 2014 at 02:11:00PM +1200, Richard Hector wrote:
> On 15/04/14 12:59, shawn wilson wrote:
> >> That statement was made in the sense that at least the bank could have
> >> > issued a statement along the lines of 'you may have heard of the
> >> > heartbleed bug, we can assure all of our customers that we are not
> >> > affected by this bug and there is no need to panic.'
> >> >
> > No, I don't want to hear from my bank unless there's a problem. If
> > everything is going OK, don't spam me. If its not, by all means, let me
> > know. This didn't affect them so don't tell me anything.
> >
>
> They don't need to send an email, or anything intrusive. They just need
> to put a big notice on the login page of their internet banking site -
> along with (or instead of) all the ads they have for cheap loans or term
> deposits or whatever. It would make virtually no difference to the speed
> of logging in, and would reassure me that they take security seriously.
>
> Richard
Indeed - that is what the Royal Bank of Canada did (They werent
affected).
BTW Revenue Canada was hacked by this bug and publicly admitted so. So
far only a minimal number of people were affected. They were offline for
several days.
Reply to: