On Thu, Apr 10, 2014 at 10:30 PM, arche...@embarqmail.com < arche...@embarqmail.com> wrote:
> > While most of the buzz surrounding OpenSSL's Heartbleed vulnerability has > focussed on websites and other servers, the SANS Institute reminds us that > software running on PCs, tablets and more is just as potentially vulnerable. > Networking equipment, backup applications, video cameras, networked refrigerators, printers, networked storage, digital TVs and boxes that can be remotely managed - anything with an internet connection that can be used remotely. It doesn't have to be a web server, just has to be able to use a relatively recent version of OpenSSL's TLS. (I have read that OpenSSH does not, by the way.) Embedded device programmers tend to adopt libraries very slowly, so many of these oddball devices will be so far out of date that an exploit created in the past two years isn't a serious threat. Of course you might have other known threats that were never patched; bigger companies will have a security team to keep on top of such things, but many hardware companies won't release patches after a relatively short time beyond public ship. If you aren't using a password manager, now is a good time to start, since you really should change every password everywhere over the next few weeks. You won't have any idea if your information has leaked, and I would expect smart attackers will hold back data until the smoke has cleared. I haven't seen any financial coverage, but HB could have leaked credit card details, bank information, social security numbers, and so on. Unfortunately the US banks are in such a state that there's not a great solution for that, as far as I know. Any suggestions? Best, Tim _______________________________________ http://www.okiebenz.com To search list archives http://www.okiebenz.com/archive/ To Unsubscribe or change delivery options go to: http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com All posts are the result of individual contributors and as such, those individuals are responsible for the content of the post. The list owner has no control over the content of the messages of each contributor.
