The vulnerability is in a "heartbeat" routine which sends a packet of data
and expects to see that echoed back. Can anyone explain to me WHY in heck
would you make a heartbeat protocol so complex? What is the need for
exchanging a large block of data?



On Tue, Apr 8, 2014 at 11:49 PM, RussellMc <apptechnz@gmail.com> wrote:

> A bug has been found in the widely used OpenSSL implementation. This has
> allowed full access to SSL "secured" systems by people aware of the
> problem.
>  Indications are that this has been happening.
> This means that access to most major systems (including banking and most
> password controlled web access) MAY have been compromised.
>
> Many major organisations have 'fixed' the problem. Others will be slower.
>
>
> http://bits.blogs.nytimes.com/2014/04/08/flaw-found-in-key-method-for-pro=
tecting-data-on-the-internet/?_php=3Dtrue&_type=3Dblogs&_php=3Dtrue&_type=
=3Dblogs&hp&_r=3D1&
>
> Recommended remedy.
>
> 1. ENSURE that you service provider etc has implemented fix for problem.
> 2. Change passwords.
>
> Password changes on un-repaired systems availeth nought.
>
>     Russell
>
>
> Source: JG
> --
> http://www.piclist.com/techref/piclist PIC/SX FAQ & list archive
> View/change your membership options at
> http://mailman.mit.edu/mailman/listinfo/piclist
>
--=20
http://www.piclist.com/techref/piclist PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist
.