- Joined
- Aug 20, 2007
- Messages
- 2,307
- Reaction score
- 11
- Points
- 38
Most people have heard by now about the so-called "Heartbleed" security flaw discovered in OpenSSL which apparently has existed for months and is just now being fixed. Ironically I hear the federal government knew about this months ago but didn't bother to mention it to THE CITIZENS ITS PURPOSE IS TO PROTECT so they could exploit it for their own investigative purposes. (Man, gotta love shit like that. "To serve and protect." But that's a gripe for another thread.)
We have a lot of technically astute people here, I can say that honestly and without brown-nosing at all. I'm wondering what you guys think about this. My concern is that despite the amount of press this bug HAS obtained it's actually being DOWNPLAYED by companies with Internet sites that make use of customer confidential data in order to minimize exposure in anticipation of a wave of lawsuits that are likely inevitable once site users start discovering that their personal data was compromised months ago and now that the "jig is up", the hackers are going to start using that data before people take action and change passwords, move accounts, etc.
You can see it readily if you check on a specific company by Googling the company's name and "heartbleed." Some that were compromised, like eBay, Google, Twitter, Netflix and many more SAY NOTHING ABOUT THIS on their login pages or in any of their own public forums. OR if they do it's only in response to customer inquiries. For example, I just logged into Netflix, a company which has been confirmed as compromised by numerous tech sites, AND THERE IS NO WARNING THAT I SHOULD CHANGE MY PASSWORD. Which I logged in expressedly to do. Now that's bad! Under HELP, searching for "heartbleed" comes up with "No results found." LOL
Any company whose servers were at any time compromised by Heartbleed should be AUTOMATICALLY e-mailing ALL their active customers as well as popping up a warning box every time a customer logs in insisting they change their password immediately. That's assuming, of course, that they've PATCHED their OpenSSL since it would be the height of irresponsibility not to apply the fixes that are already available.
I'm naturally paranoid. So I go out of my way to minimize my use of the Internet for anything that I consider to be of value. But a lot of people "buy" into the assurances of these big websites that their personal data is completely safe. Yeah, and I got this bridge in Brooklyn for sale...
We have a lot of technically astute people here, I can say that honestly and without brown-nosing at all. I'm wondering what you guys think about this. My concern is that despite the amount of press this bug HAS obtained it's actually being DOWNPLAYED by companies with Internet sites that make use of customer confidential data in order to minimize exposure in anticipation of a wave of lawsuits that are likely inevitable once site users start discovering that their personal data was compromised months ago and now that the "jig is up", the hackers are going to start using that data before people take action and change passwords, move accounts, etc.
You can see it readily if you check on a specific company by Googling the company's name and "heartbleed." Some that were compromised, like eBay, Google, Twitter, Netflix and many more SAY NOTHING ABOUT THIS on their login pages or in any of their own public forums. OR if they do it's only in response to customer inquiries. For example, I just logged into Netflix, a company which has been confirmed as compromised by numerous tech sites, AND THERE IS NO WARNING THAT I SHOULD CHANGE MY PASSWORD. Which I logged in expressedly to do. Now that's bad! Under HELP, searching for "heartbleed" comes up with "No results found." LOL
Any company whose servers were at any time compromised by Heartbleed should be AUTOMATICALLY e-mailing ALL their active customers as well as popping up a warning box every time a customer logs in insisting they change their password immediately. That's assuming, of course, that they've PATCHED their OpenSSL since it would be the height of irresponsibility not to apply the fixes that are already available.
I'm naturally paranoid. So I go out of my way to minimize my use of the Internet for anything that I consider to be of value. But a lot of people "buy" into the assurances of these big websites that their personal data is completely safe. Yeah, and I got this bridge in Brooklyn for sale...