{"id":989,"date":"2014-04-11T13:35:04","date_gmt":"2014-04-11T17:35:04","guid":{"rendered":"http:\/\/control-h.org\/blog\/wordpress\/?p=989"},"modified":"2014-04-11T13:35:04","modified_gmt":"2014-04-11T17:35:04","slug":"heartbleed","status":"publish","type":"post","link":"https:\/\/control-h.org\/index.php\/2014\/04\/11\/heartbleed\/","title":{"rendered":"Heartbleed"},"content":{"rendered":"<p>I saw this on the full disclosure list Tuesday, but didn&#8217;t think much of it.<\/p>\n<p>Yes, a lot of sites are affected.  Yes, there&#8217;s potential for account hijack.  Do you need to panic, as is HuffPo&#8217;s <a href=\"http:\/\/www.huffingtonpost.com\/2014\/04\/09\/heartbleed-protect_n_5117268.html\" target=\"new\"><strike>advice<\/strike>panic<\/a>?  No.  (And I&#8217;ll spare teh soliquily about how their operation make MSNBC and Fox look like bastions of crediblity&#8230;.)<\/p>\n<p>My understanding is that this was a bug that popped up sometime in the past couple of years.  Surprisingly, if you&#8217;re running old stuff (or Microsoft nonsense) server-side, you&#8217;re unaffected.<\/p>\n<p>It&#8217;s something that unless the sites were using the vulnerable version, <b>and<\/b> you changed your password while they were using the buggy version, <b>and<\/b> someone happened to be hijacking your session when you changed your password, <b>then<\/b> you might be vulnerable.<\/p>\n<p>Do the math on the probabilities.<\/p>\n<p>I&#8217;ll spare the schadenfreude about the commercial sekurity products affected because they used a buggy verison of OpenSSL, though *cough*McAfee*cough*Barracuda*cough* the temptation is tough to completely pass up.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I saw this on the full disclosure list Tuesday, but didn&#8217;t think much of it. Yes, a lot of sites are affected. Yes, there&#8217;s potential for account hijack. Do you need to panic, as is HuffPo&#8217;s advicepanic? No. (And I&#8217;ll spare teh soliquily about how their operation make MSNBC and Fox look like bastions of [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[31,36],"class_list":["post-989","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-shmoocon","tag-uncategorized"],"_links":{"self":[{"href":"https:\/\/control-h.org\/index.php\/wp-json\/wp\/v2\/posts\/989","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/control-h.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/control-h.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/control-h.org\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/control-h.org\/index.php\/wp-json\/wp\/v2\/comments?post=989"}],"version-history":[{"count":0,"href":"https:\/\/control-h.org\/index.php\/wp-json\/wp\/v2\/posts\/989\/revisions"}],"wp:attachment":[{"href":"https:\/\/control-h.org\/index.php\/wp-json\/wp\/v2\/media?parent=989"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/control-h.org\/index.php\/wp-json\/wp\/v2\/categories?post=989"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/control-h.org\/index.php\/wp-json\/wp\/v2\/tags?post=989"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}