[GPSCC-chat] Heartbleed is real. Do something real.
Spencer Graves
spencer.graves at prodsyse.com
Thu Apr 10 12:46:02 PDT 2014
Hi, Cameron, Drew, et al.:
1. Do you have any reactions to the suggestion that a user could
increase rather than decrease their vulnerability if they change a
password BEFORE a host fixes the software on their end? The concern is
that some of the information stolen via Heartbleed may still need need
more work to decode than a password change before the host software is
patched. If this is accurate, we should first check the hosts for our
greatest vulnerabilities to ensure that they've installed an appropriate
patch, then change our password, log out, then quickly log back in and
change the password again, as Cameron suggested. If I understand
correctly, the need to change the password twice is because a data thief
may catch the first password change but is unlikely to be able to react
quickly enough with that new information to catch your second password
change if you do it quickly enough.
2. Wikipedia has an article on "Heartbleed", which been updated
every few minutes since it was created 2014-04-09 04:39 UTC. If you
have information that you feel is not properly reflected there, I'd like
to know. I might be able to help update it, though my schedule today is
quite busy.
Be safe.
Spencer
On 4/10/2014 6:16 AM, Drew wrote:
> Cameron, I and others can help people move to a (user-friendly),
> freedom-respecting GNU/Linux computer system such as Puppy Linux
> http://puppylinux.com , or Zorin http://www.zorin-os.com/ , or Linux
> Mint, etc.
>
> Green is Freedom!
>
> Drew
> --
> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>
>
> _______________________________________________
> sosfbay-discuss mailing list
> sosfbay-discuss at cagreens.org
> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
--
Spencer Graves, PE, PhD
President and Chief Technology Officer
Structure Inspection and Monitoring, Inc.
751 Emerson Ct.
San José, CA 95126
ph: 408-655-4567
web: www.structuremonitoring.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140410/ce7b0002/attachment.html>
More information about the sosfbay-discuss
mailing list