<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:18pt">I don't use online banking much, though I do pay bills with a debit card. I may be able to use a real credit card soon instead, though I have yet to actually receive the card that I was notified that was sent to me in the mail. Like I said in another thread, the US govt likely has a backdoor into every encryption method out there, including RSA's stuff (there was a specific news item on that one) and anyone running HTTPS. My best bet in regards to this is that my Direct Express online access/password only allows me to look at my account balance and transaction history. As far as I know, I can't look up my account number or transfer money by logging in. Good luck.<br><br>Sincerely,<br><br>John Thielking<br><div><span><br></span></div><div><br></div> <div style="font-family: HelveticaNeue,
Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 18pt;"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 12pt;"> <div dir="ltr"> <hr size="1"> <font face="Arial" size="2"> <b><span style="font-weight:bold;">From:</span></b> Cameron L. Spitzer <cls@truffula.us><br> <b><span style="font-weight: bold;">To:</span></b> sosfbay-discuss@cagreens.org <br> <b><span style="font-weight: bold;">Sent:</span></b> Wednesday, April 9, 2014 2:47 PM<br> <b><span style="font-weight: bold;">Subject:</span></b> [GPSCC-chat] Heartbleed is real. Do something real.<br> </font> </div> <div class="y_msg_container"><br><div id="yiv5585201768"><div>
<div class="yiv5585201768moz-cite-prefix"><br clear="none">
Most of the "secure" web sites you use have been <b>broken for
the last two years</b>. Bruce Schneier says the OpenSSL
"Heartbleed" bug disclosed yesterday, on a scale of 1 to 10, is an
11, "<a rel="nofollow" shape="rect" target="_blank" href="https://www.schneier.com/blog/archives/2014/04/heartbleed.html">catastrophic</a>."
I recommend James Fallows' <a rel="nofollow" shape="rect" target="_blank" href="http://news.google.com/news/url?sr=1&sa=t&ct2=us%2F4_0_g_1_0_a&gid=EPG&bvm=section&usg=AFQjCNEu3o2CQaPZQdOvNQcoeO4LudiYbA&did=3147203463190269418&sig2=WnjE8vYpCP_1I61JMFmwhw&ei=dbdFU7mIBZG0mQKAQg&rt=HOMEPAGE&vm=STANDARD&authuser=0&url=http%3A%2F%2Fwww.theatlantic.com%2Ftechnology%2Farchive%2F2014%2F04%2Fthe-5-things-to-do-about-the-new-heartbleed-bug/360395/">coverage</a>
at the Atlantic. <a rel="nofollow" shape="rect" target="_blank" href="http://arstechnica.com/security/2014/04/critical-crypto-bug-exposes-yahoo-mail-passwords-russian-roulette-style/">Arstechnica</a>
is even better, they demonstrate the exploit against yahoo.com.<br clear="none">
<br clear="none">
If you bank online, you need to check your bank's site with
something like <a rel="nofollow" shape="rect" target="_blank" href="http://filippo.io/Heartbleed/">this</a>,
and change your password. Change it now, then check the site. If
the check fails, check it again later, and change your password <i>again</i>
when it passes.<br clear="none">
The first change neutralizes your password which <b>was probably
stolen</b> during the last two years. The second neutralizes
the new one that was stolen yesterday before your bank fixed its
server. Now that the bug is public, you can safely assume <b>all</b>
unpatched sites are compromised.<br clear="none">
If you run an HTTPS web server, you need to update it, and then
you need to get a new cert. That's what your bank needs to do.<br clear="none">
If someone else runs an HTTPS web server for you, check it. If
it's broken and they don't fix it soon, change providers.<br clear="none">
<br clear="none">
Forward as you see fit.<br clear="none">
<br clear="none">
-<i>Cameron</i><div class="yiv5585201768yqt6253365010" id="yiv5585201768yqtfd45630"><br clear="none">
<br clear="none">
<br clear="none">
</div></div><div class="yiv5585201768yqt6253365010" id="yiv5585201768yqtfd45152">
</div></div></div><br><div class="yqt6253365010" id="yqtfd60108">_______________________________________________<br clear="none">sosfbay-discuss mailing list<br clear="none"><a shape="rect" ymailto="mailto:sosfbay-discuss@cagreens.org" href="mailto:sosfbay-discuss@cagreens.org">sosfbay-discuss@cagreens.org</a><br clear="none"><a shape="rect" href="http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss" target="_blank">http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss</a></div><br><br></div> </div> </div> </div></body></html>