On 10 April 2014 14:57, Tim <ignored_mailbox(a)yahoo.com.au> wrote:
Allegedly, on or about 10 April 2014, Patrick O'Callaghan sent:
> Did you also change your passwords on every vulnerable site which has
> since been fixed?
That will be a major pain. The one address offered to check whether a
service was patched was overloaded when I tried it, and probably always
will be. So you go around changing all passwords, to be safe. And will
have to continue doing that until you're sure that it's safe (which is
never, really).
See
http://www.theatlantic.com/technology/archive/2014/04/how-to-check-if-a-s...
for a couple of sites that can be used to test, there are probably
others.
I wonder what the outcome will be if your bank account gets ripped
off
due to this, for example. Can you hold the bank liable, or are they
going to say it's your problem? My simple look at the information
provided looks like it's a server and client problem.
Interestingly as the result of one of those test suites I know know
that although one of the banks I use doesn't currently have the
heartbleed bug they do have a different problematic vulnerability, and
will shortly be getting an email about it.
--
imalone
http://ibmalone.blogspot.co.uk