I ask about the credit cards, because I went on-line yesterday to buy
repair parts for one of my lawn-care power tools & paid for the parts
with a credit card. That was before I saw your original post.
On 4/8/2014 11:40 AM, Tim Bray wrote:
It’s potentially much, much worse than that. They include the signing
keys that web sites use to make "https:" addresses work. So the bad
guys can in principle pretend to be https://your-bank.com and steal
not just your credit card number but everything. Note that not every
bank would have been affected; weirdly enough, if you hadn’t got
around to updating your crypto libraries recently, you’re OK (but some
would, for sure). So what happened was, geeks everywhere worked all
night last night to replace the old keys with new keys. So what we’re
hoping is that no really bad bad guy noticed the problem before the
good guys did and got in there and stole some keys and stole some
credit card numbers and wreaked havoc, before the good guys re-locked
the barn door last night. But we won’t know for a while.
On Tue, Apr 8, 2014 at 8:22 AM, John Sessoms <[email protected]> wrote:
Do those secrets include CREDIT CARD DATA from on-line purchases?
On 4/8/2014 1:53 AM, Tim Bray wrote:
Summary: A programming error allows bad guys to steal secrets on a
HUGE number of websites; geeks are working late all over the internet
closing the barn doors. We won’t know for a while how bad the damage
has been.
On Mon, Apr 7, 2014 at 7:14 PM, John Sessoms <[email protected]>
wrote:
Just out of curiosity for the rest of us ... WTF?
On 4/7/2014 8:13 PM, Tim Bray wrote:
In the unlikely event that any of you run https-enabled web sites and
haven’t visited heartbleed.com today, get thee over there post-haste
and find out what version of OpenSSL you’re running and consider
replacing your certs, stat.
I’m not sure I’ve ever seen a more damaging zero-day.
--
PDML Pentax-Discuss Mail List
[email protected]
http://pdml.net/mailman/listinfo/pdml_pdml.net
to UNSUBSCRIBE from the PDML, please visit the link directly above and
follow the directions.
--
PDML Pentax-Discuss Mail List
[email protected]
http://pdml.net/mailman/listinfo/pdml_pdml.net
to UNSUBSCRIBE from the PDML, please visit the link directly above and follow
the directions.
