Thread: OT computers
View Single Post
  #180   Report Post  
Posted to alt.home.repair
Robert Green Robert Green is offline
external usenet poster
  
Posts: 4,321
Default OT computers HEARTBLEED exploit
http://www.forbes.com/sites/larrymag...ing-passwords/

A flaw in the most popular web encryption system could leave people
vulnerable to data theft according to security researchers. That little
padlock in the lower right corner of a browser window or the letters "https"
in the address bar are supposed to mean that the site is encrypted but the
most popular method, called OpenSSL has had a hole for at least two years
according to researhers.
The Heartbleed bug "allows anyone on the Internet to read the memory of the
systems protected by the vulnerable versions of the OpenSSL software,"
according to Codenomicon's Heartbleed.com site. which added, "This allows
attackers to eavesdrop on communications, steal data directly from the
services and users and to impersonate services and users."

Test sites you visit

This test isn't 100% definitive but it is an indicator of whether the site
you're using is currently vulnerable but doesn't indicate whether it may
have been affected in the past so even if the site you enter comes up clear
there is no guarantee that it wasn't vulnerable earlier. Still, it's worth
checking by clicking here for Filippo Valsorda's report and and here for
Qualys SSL Labs report

https://www.ssllabs.com/ssltest/
There's not much sense in changing passwords, as many other sites are
recommending, until you run this test to determine if the vulnerability is
patched. The SSL Labs URL is a good one to check *any* site you do business
with that uses SSL technology.

--

Bobby G.




Reply With QuoteReply With Quote