I've been asked this question off-line but thought I might answer it once here.
The short answer is I don't know. One of the problems with this vulnerability is that it is very, very difficult to assess exactly what the ramifications are. Any system is potentially vulnerable but if and only if it performs a certain chain of actions, and computer systems are so complex today that it is hard to tell which systems those are. That's why this *might* be bigger than Heartbleed, and then again, it might not. You potential vulnerabilities take two forms: 1. Is your bank, your favored Web store, etc. likely to be breached and expose your personal information or allow your assets to be compromised? Well, Yes, it's possible. Web sites are the primary class of potentially vulnerable systems. How can you tell if site X is vulnerable? You can't. What can you do? The usual safe browsing precautions and keep your fingers crossed. 2. Is your Mac, your PC, your cellphone vulnerable directly? To the best of my reading of the techie sites, probably not - that is a bunch of hype and scare stories. Your Mac especially is potentially vulnerable but if and only if (I think!) you have specifically opened it up to "telnet" access from the Internet, and I think you would know if you have done that. Perhaps someone like Gary who is more of a Mac expert than I can jump in here. Windows systems are vulnerable only if you have opened them up to telnet access and ALSO if you have installed the Cygwin or a similar Bash port - and you probably have not, unless you know you have. (I suppose it is possible that some software you downloaded has done so. You might consider disabling any "remote access" type software that you have installed.) There's a change, huh? Macs more vulnerable than Windows! I think your cellphone is almost certainly not vulnerable, despite what the evening news may say. There. That's what I know. It's a dangerous world out there. Charles ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
