Forums
New posts
Articles
Product Reviews
Policies
FAQ
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Menu
Log in
Register
Install the app
Install
Forums
General Discussions
Security Awareness
Heartbeat OpenSSL bug does not affect OSX.
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="cptkrf" data-source="post: 1577018" data-attributes="member: 134861"><p>It is hard to determine with all the BS that is coming in from trolling posters on every forum. But, so far I have distilled the following out of the noise.</p><p></p><p>The bug affects sites with web and email servers. They have to be fixed before the problem goes away. But, to the question (about a zillion posters have asked it in the last day) of, "If I have a patched or non-affected OpenSSL installation that I connect with, am I at risk?"</p><p></p><p>So far the answers are Yes, No and It Depends. </p><p></p><p> Since it is a server problem, I don't expect Apple to rush out any fix. Actually, I don't expect any fix at all since the OSX version of OpenSSL doesn't have the problem. Now, to the question of, "if you have a buggy SSL, and go to a server that does not, are you at risk?" I don't think so. It appears that the exploit has to be from the server end. </p><p></p><p>But to your question. I definitely will change my passwords on any important accounts, but only after I get word that their server is patched, or was found to never have had the problem, because, to change a password, you have to enter the old one. Why make it easy for someone to hack. </p><p></p><p>Lots of sites are already posting the info about their server status.</p></blockquote><p></p>
[QUOTE="cptkrf, post: 1577018, member: 134861"] It is hard to determine with all the BS that is coming in from trolling posters on every forum. But, so far I have distilled the following out of the noise. The bug affects sites with web and email servers. They have to be fixed before the problem goes away. But, to the question (about a zillion posters have asked it in the last day) of, "If I have a patched or non-affected OpenSSL installation that I connect with, am I at risk?" So far the answers are Yes, No and It Depends. Since it is a server problem, I don't expect Apple to rush out any fix. Actually, I don't expect any fix at all since the OSX version of OpenSSL doesn't have the problem. Now, to the question of, "if you have a buggy SSL, and go to a server that does not, are you at risk?" I don't think so. It appears that the exploit has to be from the server end. But to your question. I definitely will change my passwords on any important accounts, but only after I get word that their server is patched, or was found to never have had the problem, because, to change a password, you have to enter the old one. Why make it easy for someone to hack. Lots of sites are already posting the info about their server status. [/QUOTE]
Verification
Post reply
Forums
General Discussions
Security Awareness
Heartbeat OpenSSL bug does not affect OSX.
Top