<div dir="ltr"><div>KRON4 TV news had an interesting piece on this bug tonight. Hopefully they rebroadcast it at 11 so you all can see it. They were saying that they found out who created the bug, that it was a "mistake" and that it could take years for all the web sites involved to be fixed. What a headache.<br>
<br></div>John Thielking<br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Apr 10, 2014 at 12:46 PM, Spencer Graves <span dir="ltr"><<a href="mailto:spencer.graves@prodsyse.com" target="_blank">spencer.graves@prodsyse.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Hi, Cameron, Drew, et al.: <br>
<br>
<br>
1. Do you have any reactions to the suggestion that a user
could increase rather than decrease their vulnerability if they
change a password BEFORE a host fixes the software on their end?
The concern is that some of the information stolen via Heartbleed
may still need need more work to decode than a password change
before the host software is patched. If this is accurate, we
should first check the hosts for our greatest vulnerabilities to
ensure that they've installed an appropriate patch, then change
our password, log out, then quickly log back in and change the
password again, as Cameron suggested. If I understand correctly,
the need to change the password twice is because a data thief may
catch the first password change but is unlikely to be able to
react quickly enough with that new information to catch your
second password change if you do it quickly enough. <br>
<br>
<br>
2. Wikipedia has an article on "Heartbleed", which been
updated every few minutes since it was created 2014-04-09 04:39
UTC. If you have information that you feel is not properly
reflected there, I'd like to know. I might be able to help update
it, though my schedule today is quite busy. <br>
<br>
<br>
Be safe. <br>
Spencer <br><div><div class="h5">
<br>
<br>
On 4/10/2014 6:16 AM, Drew wrote:<br>
</div></div></div>
<blockquote type="cite"><div><div class="h5">Cameron, I and others can help people move to a
(user-friendly), freedom-respecting GNU/Linux computer system such
as Puppy Linux <a href="http://puppylinux.com" target="_blank">http://puppylinux.com</a> , or
Zorin <a href="http://www.zorin-os.com" target="_blank">http://www.zorin-os.com</a>/
, or Linux Mint, etc.<br>
<br>
Green is Freedom!<br>
<br>
Drew<br>
-- <br>
Sent from my Android device with K-9 Mail. Please excuse my
brevity.
<br>
<fieldset></fieldset>
<br>
</div></div><div class=""><pre>_______________________________________________
sosfbay-discuss mailing list
<a href="mailto:sosfbay-discuss@cagreens.org" target="_blank">sosfbay-discuss@cagreens.org</a>
<a href="http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss" target="_blank">http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss</a></pre>
</div></blockquote><span class="HOEnZb"><font color="#888888">
<br>
<br>
<pre cols="72">--
Spencer Graves, PE, PhD
President and Chief Technology Officer
Structure Inspection and Monitoring, Inc.
751 Emerson Ct.
San José, CA 95126
ph: <a href="tel:408-655-4567" value="+14086554567" target="_blank">408-655-4567</a>
web: <a href="http://www.structuremonitoring.com" target="_blank">www.structuremonitoring.com</a>
</pre>
</font></span></div>
<br>_______________________________________________<br>
sosfbay-discuss mailing list<br>
<a href="mailto:sosfbay-discuss@cagreens.org">sosfbay-discuss@cagreens.org</a><br>
<a href="http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss" target="_blank">http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss</a><br></blockquote></div><br></div>