1. OCAU Merchandise is available! Check out our 20th Anniversary Mugs, Classic Logo Shirts and much more! Discussion in this thread.
    Dismiss Notice

Heartbleed SSL exploit [CVE-2014-0160]

Discussion in 'Business & Enterprise Computing' started by HeXa, Apr 9, 2014.

  1. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    18,647
    Location:
    Brisbane
  2. Daemon

    Daemon Member

    Joined:
    Jun 27, 2001
    Messages:
    5,475
    Location:
    qld.au
    From the read of it, they've made the naive mistake of thinking "it's not exposed to the public so it's protected".

    It would be interesting to know who's credentials they stole and how. VPN's can give businesses a false sense of security, and it would seem they didn't have 2FA.
     
  3. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    18,647
    Location:
    Brisbane
    Slashdot is saying they got hit sometime between april-june.
     
  4. millsy

    millsy Member

    Joined:
    Mar 31, 2007
    Messages:
    14,046
    Location:
    Brisbane
    Once again proving why 2FA shouldn't even be considered a 'nice to have'
     
  5. cbb1935

    cbb1935 Guest

    I can't understand why everything doesn't require it, even credit card purchases.

    Have like a pin and then something like Google Authenticator for your second line of authentication.
     
  6. IACSecurity

    IACSecurity Member

    Joined:
    Jul 11, 2008
    Messages:
    760
    Location:
    ork.sg
    You can't understand?

    Cost.
    User resistance.
    Complexity.


    All those things contribute to less $ for the provider.

    For CC's... well they are risk managed and its cheaper to pay fraud than to protect them. Hence why they only just got rid of signatures in Aust.
     

Share This Page

Advertisement: