moin moin, OK, now that everyone has really, really committed to better automating the rollout of new keys...
What about the desktop side? Apparently browsers except Chrome don't use OpenSSL and Chrome has heartbeat disabled, but a web site attack might have revealed credentials, browser cookies, and budding Power Rangers fandom. Since cookies and credentials might have been compromised, cookies need to be deleted and passwords need to be changed. Account info should be verified ( was a new address or phone number added to your account? ). If there are other account details used for authentication or service delivery ( e.g. PIN, secondary security questions ), then thsoe should be updated as well. Public knowledge of the bug first came out on Monday, so sites used since then are the highest priority? Is there a good list of sites that were patched before the bug went public or that weren't susceptable at all? Any comments on the above? Anything else that needs to be done? The bug has been around a ocuple of years, but thus far I haven't seen any claims that it was being exploited before the announcement went public. As to the Power Ranger fandom: own it, then they can't use it against you. Indeed, you'll be immune to most embarassment once that's made public :). ciao, der.hans -- # http://www.LuftHans.com/ http://www.LuftHans.com/Classes/ # If you have an apple and I have an apple and we exchange apples then # you and I will still each have one apple. But if you have an idea and # I have an idea and we exchange these ideas, then each of us will have # two ideas. -- George Bernard Shaw _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
