[fpc-other] Processing passwords etc.
Jonas Maebe
jonas.maebe at elis.ugent.be
Fri Apr 11 11:34:43 CEST 2014
[ moving to fpc-other ]
On 11 Apr 2014, at 11:03, Michael Van Canneyt wrote:
> I expect that all sensitive sites (banks, google, etc) have taken
> immediate action.
That was still too late. See e.g. http://foxitsecurity.files.wordpress.com/2014/04/heartbleed-example.png
(from Yahoo mail). And as mentioned, private keys can also have been
compromised. Given that pretty no one uses perfect forward security,
it means that also all encrypted data captured in the past can now be
decoded in that case.
> That the login of my local tennis/pool/golf club was compromised is
> not really so scary, sorry.
What about information regarding persecuted human rights activists and
the people they were in contact with? Journalists and their
informants? Communications between lawyers and their clients?
Sensitive information that can be used to blackmail people?
Jonas
More information about the fpc-other
mailing list