mercredi 9 avril 2014

Heartbleed security hole in SSL

On a scale of 1 to 10, security experts are calling this one an 11. (I'm surprised nobody here has posted anything about it)



http://ift.tt/1n4kgL0

Alarming Web security flaw has exposed millions of passwords, credit-card numbers to theft risk | Toronto Star



You can check to see if sites you commonly use (banking etc.) that have secure logins where you see "https://" in the URL, are still unpatched:



Heartbleed OpenSSL extension testing tool, CVE-2014-0160



So far I've checked TDCanada Trust (ok), Ufile (ok) and Gmail (mixed results which I'm not sure how to interpret)



If the site in question is ok, you may want to change your password on that site in case it was recently patched. It's always possible that your login info was grabbed before the vulnerability was discovered. It's also possible that the site was never vulnerable in the first place, but unless the institution/business/entity in question issues a statement to that effect, I'd err on the safe side and change your password.



Right now, the CRA site is partially shut down while they patch things. It means we can't upload our tax returns right now - I'm sure a lot of accountants across the country aren't very happy today. I am working on one return I thought I'd file today - I did a bunch yesterday for family members. Guess I'll have to wait and see.



It's hard to know with stuff like this whether anything much was done with this vulnerability - one has to suspect not or there would have been many more apparent thefts of passwords etc. Still...a bit disquieting, to say the least.





via ehMac.ca http://ift.tt/1i1UIxG

Aucun commentaire:

Enregistrer un commentaire