Just ducky.

Posted by: steveg

Just ducky. - 04/09/14 03:36 AM

More interweb danger!

Posted by: Celandine

Re: Just ducky. - 04/09/14 05:53 AM

THANX 4 The HEADS-UP

<snip>
The Finnish security researchers, working for Codenomicon, a security company in Saratoga, Calif., and security researchers at Google found the bug in a portion of the OpenSSL protocol — which encrypts sessions between consumer devices and websites — called the “heartbeat” because it pings messages back and forth. The researchers called the bug “Heartbleed.”

“It’s a serious bug in that it doesn’t leave any trace,” said David Chartier, chief executive at Codenomicon. “Bad guys can access the memory on a machine and take encryption keys, usernames, passwords, valuable intellectual property, and there’s no trace they’ve been there.”

<snip>
Mr. Chartier advised users to consider their passwords compromised and urged companies to deal with the issue quickly. “Companies need to get new encryption keys and users need to get new passwords,” he said.

Security researchers say it is most important for people to change passwords to sensitive accounts like their online banking, email, file storage and e-commerce accounts, after first making sure that the website involved has addressed the security gap.
Posted by: Stumpy1

Re: Just ducky. - 04/09/14 09:56 AM

Maybe we'll have to go back to cash. 200 million Soc. Sec. #s exposed.

Experian Data Breach