Everything You Need to Know About the Heartbleed SSL Bug ➶
Troy Hunt, in a piece which includes advice for sysadmins, developers and people running online services:
There’s a whole range of things that need to fall into place for an attack to have been successful (see the final section of this blog) but nonetheless, it’s going to leave a lot of companies in a very tricky position when they know that both the potential for exploit and the knowledge of how to do it were both out there. Take Yahoo for example – what should they do in light of Mark’s documented example? Force everyone to reset their passwords? Tell customers their data may have been compromised? It’s a very, very dicey situation for them to find themselves in.
# Thursday, 10 April 2014
Prior entry: iPhone Battery Life Guide Includes Note for Obsessive-Compulsives
Next entry: EFF Why the Web Needs Perfect Forward Secrecy More Than Ever