Re: on the "heartbleed" bug
pnm wrote:
This means that should someone have targeted calcudoku.org,
they could have read usernames + passwords without leaving a trace.
This is easily the most serious security problem since the start of the internet
Patrick
This is a huge security issue and saying it is the most serious in internet history is really not an exaggeration.
People should test URLs for every site they log into, particularly anywhere they make financial transactions of any kind - banking, commerce, etc.. If the site fails, DON'T log in to it. Test it again later and once it is secure then log in and change your password. You might check the site to see if there are notifications about the administrators' plans but again, you probably shouldn't log in.
And Patrick has shown something important with his test using the older version of openssl. If the site passes the first time you check it then log in and change your password. It could be that it was never vulnerable or it could be that it was vulnerable and has since been remediated.
I know what I'll be doing this weekend...
PS Nice job on the prompt response to this issue, Patrick. Thanks!