Heartbleed testing
|
| Author | Content |
|---|---|
| penguinist Apr 10, 2014 4:22 PM EDT |
Everyone is testing the servers to see if they are vulnerable, but all that does is check to see if they use openssl and if so, are they using the updated version. All these tests don't check the date on the cert! Schneier is right, we won't be out of the woods on this until each ssl certificate has been regenerated. I for one will be checking the cert date on my bank's https pages to make sure they have been updated before I will trust them. Also make sure to change the passwords you use on ssl logins. Your old passwords are now in storage at every intelligence agency worldwide. |
| jdixon Apr 10, 2014 4:33 PM EDT |
> Your old passwords are now in storage at every intelligence agency worldwide. What makes you think they weren't already. :) |
| BernardSwiss Apr 10, 2014 8:13 PM EDT |
Some of the sites do check the certificate dates -- and report it. Of the three that Carla listed the other day http://lxer.com/module/newswire/view/200791/ the LastPass one gives the certificate date (and iirc, the HostGator one reports the date if the certificate is "pre-heartbleed"). |
Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]
Becoming a member of LXer is easy and free. Join Us!