[GPSCC-chat] Heartbleed is real. Do something real.
John Thielking
pagesincolor at yahoo.com
Wed Apr 9 15:16:51 PDT 2014
I don't use online banking much, though I do pay bills with a debit card. I may be able to use a real credit card soon instead, though I have yet to actually receive the card that I was notified that was sent to me in the mail. Like I said in another thread, the US govt likely has a backdoor into every encryption method out there, including RSA's stuff (there was a specific news item on that one) and anyone running HTTPS. My best bet in regards to this is that my Direct Express online access/password only allows me to look at my account balance and transaction history. As far as I know, I can't look up my account number or transfer money by logging in. Good luck.
Sincerely,
John Thielking
________________________________
From: Cameron L. Spitzer <cls at truffula.us>
To: sosfbay-discuss at cagreens.org
Sent: Wednesday, April 9, 2014 2:47 PM
Subject: [GPSCC-chat] Heartbleed is real. Do something real.
Most of the "secure" web sites you use have been broken for the last two years. Bruce Schneier says the OpenSSL "Heartbleed" bug disclosed yesterday, on a scale of 1 to 10, is an 11, "catastrophic." I recommend James Fallows' coverage at the Atlantic. Arstechnica is even better, they demonstrate the exploit against yahoo.com.
If you bank online, you need to check your bank's site with
something like this, and change your password. Change it now, then check the site. If the check fails, check it again later, and change your password again when it passes.
The first change neutralizes your password which was probably stolen during the last two years. The second neutralizes the new one that was stolen yesterday before your bank fixed its server. Now that the bug is public, you can safely assume all unpatched sites are compromised.
If you run an HTTPS web server, you need to update it, and then
you need to get a new cert. That's what your bank needs to do.
If someone else runs an HTTPS web server for you, check it. If
it's broken and they don't fix it soon, change providers.
Forward as you see fit.
-Cameron
_______________________________________________
sosfbay-discuss mailing list
sosfbay-discuss at cagreens.org
http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140409/0eaaaec9/attachment.html>
More information about the sosfbay-discuss
mailing list