Free Republic
Browse · Search 		News/Activism
Topics · Post Article

To: KoRn

“Virtually all net traffic could be intercepted and human readable.”

Nope, just sites running an outdated version of OpenSSL, of which naturally Yahoo is one. It’s just incumbent on web admins to update their libraries and reset user passwords.


12 posted on 04/08/2014 6:42:44 PM PDT by jameslalor
[ Post Reply | Private Reply | To 5 | View Replies ]

To: jameslalor

It’s not an “outdated version”. It is what was the current version before this bug was found. I checked both my Linux boxes, and both were running a vulnerable version.

For my Raspberry Pi computer runs a somewhat obscure distro (Raspbian) that doesn’t even have an updated openssl package that does not have the issue. So I’ve had to take that machine off the internet for now (it was hosting my remotely accessible cat treat feeder, which has an HTTPS web site).

And even if the site owner updates openssl, there is no guarantee that the private key for his web site certificate wasn’t stolen in the interval before the software was updated. If an attacker was able to steal the private key, he could potentially impersonate the site and steal user’s passwords and other info.

This is a huge big deal that we will be sorting out for some time.


16 posted on 04/08/2014 7:04:00 PM PDT by Scutter
[ Post Reply | Private Reply | To 12 | View Replies ]

Free Republic
Browse · Search 		News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson