On Thu, 2014-04-10 at 23:27 +0930, Tim wrote:
Allegedly, on or about 10 April 2014, Patrick O'Callaghan sent:
> Did you also change your passwords on every vulnerable site which has
> since been fixed?
That will be a major pain. The one address offered to check whether a
service was patched was overloaded when I tried it, and probably always
will be. So you go around changing all passwords, to be safe. And will
have to continue doing that until you're sure that it's safe (which is
never, really).
I wonder what the outcome will be if your bank account gets ripped off
due to this, for example. Can you hold the bank liable, or are they
going to say it's your problem? My simple look at the information
provided looks like it's a server and client problem.
It's going to be difficult to demonstrate either way as the attack
normally leaves no traces.
poc