Serious OpenSSL vulnerability

David dgboles at gmail.com
Thu Apr 10 23:55:01 UTC 2014 

On 4/10/2014 5:32 PM, g wrote:
> 
> 
> On 04/11/14 02:14, David wrote:
> <<>> On 4/10/2014 3:49 PM, g wrote:
> 
>>> would you have a suggestion of a link that give a good detailed
>>> description of what bug is all about and how some sites are effected
>>> while others are not?
>>
>> Sure. Explained as simply (non geeky) as i have seen.
>>
>> "The Heartbleed Bug"
>>
>> <http://heartbleed.com/>
> 
> ok. been there. read it.
> 
> in following the links in the "theatlantic.com/technology/" article,
> mainly;
> 
>   https://lastpass.com/heartbleed/
>   http://possible.lv/tools/hb/
>   https://www.ssllabs.com/ssltest/
> 
> my main concern for security is with my bank, and norton/symantec,
> which at all 3 of above links;
> 
>  bank = 'not vulnerable', and ssllabs gives a "B"
> 
>  us.norton = 'not vulnerable', and ssllabs gives a "F"
> 
>  symantec.com = "Warning: Inconsistent server configuration"
>    and grades of "F", "B", "B"
> 
>  grc.com = "A+", "A+"
> 
> with above, i do not believe i will worry about my passwords
> for tech support groups that i subscribe.
> 
> like, what would some crazy do with such anyway?
> 
> layout for passwords for above 4 sites is totally different
> from what i use for support groups and non tech list.
> 
> to quote a childhood idle, Alfred E Newman, "What? Me worry?"
> 
> 
> thanks. have a great one.
> 
> 


Sure. I would not really *greatly* care about tech sites password. I
would be (was) concerned about my 'money' sites. The sites had to used
openssl. Which would be any Apache and another one that I can not recall
at the moment.

But? This time the 'ten feet tall and bullet proof because I use Linux'
Bull$$hit failed. This one is Linux centered. Period. A programer
created this and added it to the code. And 'free and a no money'
supported program mistake not caught for about two years.


IMHO? The problem with 'free is that you get what you pay for in the
end. A group of nice people working part time for nothing. No real
resources. People with real jobs that pay. Families. And 'part time
support'. I tip my hat but? Sad.

-- 

  David

More information about the users mailing list