1492 wrote:
Most of the major sites affected have patched their servers. Even before the vulnerability was released to the media. .
Bug was active for 2 years.
Bug was part of the security world for 1 year.
Media (Google) announced it was safe and their partners were also but Yahoo was not. They took advantage of a very quick media jab at a competitor.
My concern is that when you use that tool to validate whether a site is secure or not, they then have a list of servers that are NOT. Who are they selling that list to?
Nothing better than allowing the general public find, report and create a list of targets for 'less than noble causes'.
my .2
I will wait and check servers to ensure they are patched before I populate their servers memory with my new passwords.
