-
-
The thing is, at the moment you can't be sure all servers have been patched, which means that if you change your password now you could just be giving away the new one, whereas your existing password might never have been compromised.
It can make more sense to wait a few days for everything to be updated, and only then change your password.
Though that may be too late, of course
Security expert Bruce Schneier has a good view on it: "On the scale of 1 to 10, this is an 11." https://www.schneier.com/blog/archiv...eartbleed.html -
There ought to be a standard drill for a vulnerability like this, in that as soon as it is patched the site should direct users to a password replacement page where they are validated by their answers to a decent set of contextual questions (stored on a separate server solely for this purpose) and prompted to enter a new password.Originally posted by NickFitz View PostWork in the public sector? Read the IR35 FAQ hereComment
-
To avoid this kind of issue I don't use passwords. Much more secure.Comment
-
-
Let us not forget EU open doors immigration benefits IT contractors more than anyoneComment
-
Just don't use anything that's open source. Problem solved.
Good write up of the problem:
http://www.theregister.co.uk/2014/04...eed_explained/
Not quite as stupid as the recent Apple bug.Will work inside IR35. Or for food.Comment
-
An arrogant and stubborn refusal to accept the fact I can'tOriginally posted by vwdan View PostComment
-
To be honest, I think I totally misinterpreted your first post - I thought you were making some point about alternate authentication methods.Originally posted by MyUserName View PostComment
-
AbCdEf - Sh1rLeY?Originally posted by zeitghostComment
Comment