On 20h20 12 de Abril de 2014, Steve Litt wrote: > I'm changing every password: That's about 100 of them.
That's a good thing to do, but only after the server has patched openssl and changed its certificate. Otherwise someone could have captured the private key and other information that could be used to eavesdrop your newly changed password. Also not every site is vulnerable. Debian oldstable its not affected because its openssl version is older than when the bug was introduced. Microsoft IIS is, as far as known, also not vulnerable, etc. On 20h20 12 de Abril de 2014, Steve Litt wrote: > On Sat, 12 Apr 2014 23:20:40 +0100 > Lisi Reisz <lisi.re...@gmail.com> wrote: > > > On Saturday 12 April 2014 23:11:35 Henrique de Moraes Holschuh wrote: > > > There IS a reason why it was given a "Severity: Apocaliptic" label > > > by the best in the field: > > > > So what action do readers recommend? Change every single password, > > or just passwords to sensitive sites/information? > > > > Lisi > > I'm changing every password: That's about 100 of them. > > SteveT > > Steve Litt * http://www.troubleshooters.com/ > Troubleshooting Training * Human Performance > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: https://lists.debian.org/20140412192042.0aeefee9@mydesk > -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/03f19113.1397348601...@mail.kalinowski.com.br
