OpenSSL security flaw "Heartbleed" | General comparisons | Discussion forum

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Feed Topic RSS sp_TopicIcon
OpenSSL security flaw "Heartbleed"
April 9, 2014
9:20 am
NorthernRaven
Moderator
Moderators
Forum Posts: 678
Member Since:
August 4, 2010
sp_UserOfflineSmall Offline

There is a just-discovered flaw in the OpenSSL package, widely used in the "https" security communication between web servers and clients. It can allow badguys to retrieve memory contents from servers, so they could potentially get private encryption keys, or details of accounts, passwords, etc.

To be safe, I personally will be changing my banking passwords, and other sensitive account sites. However, you will want to wait until your bank(s) confirm they have fixed any potential problems (or were never affected), otherwise you might just be changing your password while the system is still vulnerable.

Presumably places like banks will program their firewalls with protection until they can upgrade any SSL software required, but who knows. Revenue Canada shut down their e-filing today to avoid problems.

Please write your comments in the forum.