Serious OpenSSL vulnerability
David
dgboles at gmail.com
Thu Apr 10 20:14:55 UTC 2014
On 4/10/2014 3:49 PM, g wrote:
>
>
> On 04/11/14 01:22, David wrote:
>> On 4/10/2014 3:07 PM, g wrote:
> <<>>
>
>>> above link gave 2 test sites. 1st gave no response, 2nd gave a
>>> grade of 'B' and said site i was checking was not not vulnerable
>>> to heartbleed attack.
>>>
>>> all of which brings to question, if one does not store passwords
>>> for critical sites, does it matter?
>>
>> Does not *the site* store your password?
>
> well, yes. unless site stores a cookie with my browser and decrypts
> cookie to determine if i am who i say i am.
>
> also, i guess there is something i have not read or missed in reading
> too fast about this heartbleed bug.
>
> would you have a suggestion of a link that give a good detailed
> description of what bug is all about and how some sites are effected
> while others are not?
>
>
Sure. Explained as simply (non geeky) as i have seen.
"The Heartbleed Bug"
<http://heartbleed.com/>
--
David
More information about the users
mailing list