On 2014-04-15, John Hasler <jhas...@newsguy.com> wrote: > > If I did any online banking (I don't) I'd change all the passwords no > matter what the banks said and consider closing the accounts and opening > new ones with different account numbers as well. Maybe with different > banks.
Except that in the case of an uncorrected vulnerability you might then be offering the black hats your new password, whereas they might not have been aware of the old one (before the news broke). Logic would seem to suggest changing passwords for sites with corrected heartbleed vulnerabilities; how to garner that information, or whether it is safe to assume this or that financial institution has, or would have, or must have, fixed the bug by now I will leave as exercise for the reader. Well, not entirely: here is the mashable list for the big boys: http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/ -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/slrnlkptso.2gh.cu...@einstein.electron.org