This is an anti-deal alert.
You can check sites to see if they have patched the “heartbleed” vulnerability
at this page: https://lastpass.com/heartbleed/
Just for example, picking familiar ones, this is what you’ll see:
Don’t change your password until the site has updated its security.
You could just lose the new password.
This is much in the news these days, you know where to find more about it.
I recommend you check your lists of purchases at sellers against the list of PayPal payments going back a few months, if you don’t regularly do that. I found a mismatch.
Yeah this is keeping me from doing any spending for a while. If you don’t think this is important, Canada has shut down it’s tax collection site till its resolved.
The BLF site doesn’t support HTTPs/SSL connections so can’t be vulnerable for the OpenSSL bug by design
…. though, this brings in other security risks….
What exactly is the risk of this exploit? I know it can grab 64k chunks of memory from a vulnerable server and it’s been reported that people have pulled stuff like private keys and random customer data from these servers. And of course the private keys expose you to man-in-the-middle attacks, but those are rare in the wild.
I understand the scope of the vulnerability as well, but why exactly is the sky falling? I personally wouldn’t trust SSL anyway because of corrupt CA’s. It’s well known that powerful people/governments can spoof any certificate they like. Not every trusted authority is trustworthy.
I just compiled 1.0.0g on my raspberry pi, it had the 1.0.1e which was vulnerable…they should be coming out quick like on the fix
P.S. compiling on a raspberry pi even overclocked is a pain, they are pretty cool little $35 SBC’s but they are NOT designed for powerful compiling…uggh
