Serious OpenSSL vulnerability
David
dgboles at gmail.com
Thu Apr 10 23:55:01 UTC 2014
On 4/10/2014 5:32 PM, g wrote:
>
>
> On 04/11/14 02:14, David wrote:
> <<>> On 4/10/2014 3:49 PM, g wrote:
>
>>> would you have a suggestion of a link that give a good detailed
>>> description of what bug is all about and how some sites are effected
>>> while others are not?
>>
>> Sure. Explained as simply (non geeky) as i have seen.
>>
>> "The Heartbleed Bug"
>>
>> <http://heartbleed.com/>
>
> ok. been there. read it.
>
> in following the links in the "theatlantic.com/technology/" article,
> mainly;
>
> https://lastpass.com/heartbleed/
> http://possible.lv/tools/hb/
> https://www.ssllabs.com/ssltest/
>
> my main concern for security is with my bank, and norton/symantec,
> which at all 3 of above links;
>
> bank = 'not vulnerable', and ssllabs gives a "B"
>
> us.norton = 'not vulnerable', and ssllabs gives a "F"
>
> symantec.com = "Warning: Inconsistent server configuration"
> and grades of "F", "B", "B"
>
> grc.com = "A+", "A+"
>
> with above, i do not believe i will worry about my passwords
> for tech support groups that i subscribe.
>
> like, what would some crazy do with such anyway?
>
> layout for passwords for above 4 sites is totally different
> from what i use for support groups and non tech list.
>
> to quote a childhood idle, Alfred E Newman, "What? Me worry?"
>
>
> thanks. have a great one.
>
>
Sure. I would not really *greatly* care about tech sites password. I
would be (was) concerned about my 'money' sites. The sites had to used
openssl. Which would be any Apache and another one that I can not recall
at the moment.
But? This time the 'ten feet tall and bullet proof because I use Linux'
Bull$$hit failed. This one is Linux centered. Period. A programer
created this and added it to the code. And 'free and a no money'
supported program mistake not caught for about two years.
IMHO? The problem with 'free is that you get what you pay for in the
end. A group of nice people working part time for nothing. No real
resources. People with real jobs that pay. Families. And 'part time
support'. I tip my hat but? Sad.
--
David
More information about the users
mailing list