[GPSCC-chat] Heartbleed is real. Do something real.

John Thielking peacemovies at gmail.com
Thu Apr 10 22:07:49 PDT 2014 

KRON4 TV news had an interesting piece on this bug tonight. Hopefully they
rebroadcast it at 11 so you all can see it. They were saying that they
found out who created the bug, that it was a "mistake" and that it could
take years for all the web sites involved to be fixed. What a headache.

John Thielking


On Thu, Apr 10, 2014 at 12:46 PM, Spencer Graves <
spencer.graves at prodsyse.com> wrote:

>  Hi, Cameron, Drew, et al.:
>
>
>       1.  Do you have any reactions to the suggestion that a user could
> increase rather than decrease their vulnerability if they change a password
> BEFORE a host fixes the software on their end?  The concern is that some of
> the information stolen via Heartbleed may still need need more work to
> decode than a password change before the host software is patched.  If this
> is accurate, we should first check the hosts for our greatest
> vulnerabilities to ensure that they've installed an appropriate patch, then
> change our password, log out, then quickly log back in and change the
> password again, as Cameron suggested.  If I understand correctly, the need
> to change the password twice is because a data thief may catch the first
> password change but is unlikely to be able to react quickly enough with
> that new information to catch your second password change if you do it
> quickly enough.
>
>
>       2.  Wikipedia has an article on "Heartbleed", which been updated
> every few minutes since it was created 2014-04-09 04:39 UTC.  If you have
> information that you feel is not properly reflected there, I'd like to
> know.  I might be able to help update it, though my schedule today is quite
> busy.
>
>
>       Be safe.
>       Spencer
>
>
> On 4/10/2014 6:16 AM, Drew wrote:
>
> Cameron, I and others can help people move to a (user-friendly),
> freedom-respecting GNU/Linux computer system such as Puppy Linux
> http://puppylinux.com , or Zorin http://www.zorin-os.com/ , or Linux
> Mint, etc.
>
> Green is Freedom!
>
> Drew
> --
> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>
> _______________________________________________
> sosfbay-discuss mailing listsosfbay-discuss at cagreens.orghttp://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>
>
>
> --
> Spencer Graves, PE, PhD
> President and Chief Technology Officer
> Structure Inspection and Monitoring, Inc.
> 751 Emerson Ct.
> San José, CA 95126
> ph:  408-655-4567
> web:  www.structuremonitoring.com
>
>
> _______________________________________________
> sosfbay-discuss mailing list
> sosfbay-discuss at cagreens.org
> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140410/960abcb3/attachment.html>

More information about the sosfbay-discuss mailing list