Heartbleed


If you have not yet heard about the Internet bug in OpenSSL called "Heartbleed", you need to google that word ASAP and learn about this latest online security threat to hit the news.
gz3827
An interesting problem. I'm surprised at vulnerability at this level of so called super secure items.
I heard on the news last night that you shouldn't change passwords unless the organization that the password is for... has fixed this problem on their end. In-other-words, if he subject password is for AudiogoN, AudiogoN has to have applied a fix on their system... otherwise it's a waste of time to change the password.
I emailed Audiogon support yesterday and asked them about this issue. When I saw this thread I sent them a link to it. Let's see how they respond.
Here is the response from Audiogon Support. Sounds like they have taken some steps but are still working on it.

At this time:
1. We are patching all of our encrypted resources right now
2. We have already taken steps to prevent exploitation of this vulnerability
3. Our platform providers, Heroku and Amazon, have already taken steps to prevent exploitation of this vulnerability
4. Users can and should change their passwords as an additional precaution
Thank you for being a valued member of the Audiogon community. Please do not hesitate to contact us if there is anything else we can assist you with.
I read somewhere that it only affects Linux and Unix operating systems and that the criminal has to be "looking" at your transaction live (while it happens), in order to get your info.

I feel pretty safe. For now.

All the best,
Nonoise
More to discover