Theo weighs in on Heartbleed

I’ve been subjected to a fair bit of hysteria about the heartbleed vulnerability in OpenSSL. While it’s admittedly a severe problem, I can’t see much use in all the frothing Y2K-esque fearmongering (although it’s funny when Randall does it).

But honestly, I’ve been looking forward to Theo’s take on this, and he did not disappoint. You never doubt where Theo stands!

OpenSSL has exploit mitigation countermeasures to make sure it’s exploitable. — Ted Unangst

Many will ask that you should fax or email a copy of your prescription to cheapest tadalafil them in their workplace. opacc.cv viagra samples Medicine of ED includes sildenafil citrate, vardenafil, avanafil, and tadalafil. Animal growth hormones account for cheapest viagra from india some impotence in men. Penile erection is a combined result of mental viagra prices and physical stimulation.
As the various cert vendors I deal with have been telling me all morning (can you stop emailing me now, guys, please?) it’s time to patch the vulnerable webservers, get new certs and move on.

IF YOU DID NOT UNDERSTAND ANY OF THE ABOVE, here’s what you do: Test each site you use (like, for example, mail.google.com or www.yahoo.com) using Filippo Valsorda’s tester. Once ALL the sites you use are patched, change ALL your passwords on ALL websites you use. Don’t change your password on a site that’s not patched – don’t even log in on a site that’s not patched! That will just increase the chances you will be hacked. Don’t assume that because your site is OK now, that you don’t need to change your password – the big boys (Yahoo comes to mind) were vulnerable for quite a while before they patched, but they test out fine now.

1 thought on “Theo weighs in on Heartbleed

Leave a Reply