Hi everybody,
am a bit astonished that nobody wrote about the heartbleed bug discovered yesterday in OpenSSH yet. Today, we're about to understand that the degree of possible damage is tremendous if we don't do anything against it.
So I'm starting this thread for collecting ideas what would you, as a shop owner or admin, would have to do to keep your application and your customer data save.
Two things came instantly to my mind:
Other ideas?
am a bit astonished that nobody wrote about the heartbleed bug discovered yesterday in OpenSSH yet. Today, we're about to understand that the degree of possible damage is tremendous if we don't do anything against it.
So I'm starting this thread for collecting ideas what would you, as a shop owner or admin, would have to do to keep your application and your customer data save.
Two things came instantly to my mind:
- Request or check if your hosting provider installed the bug fix for it (for Debian machines, an update came today). AFAIK, one should be able to check it with $ ssh(d) -V in the terminal.
- Ask your clients to change their password! This is important as you don't know if an attacker already started an exploit. Maybe you can bundle this request with a nice marketing campaign and a voucher.
Other ideas?