[mythtv-users] the heartbleed openssl bug and mythtv
Gary Buhrmaster
gary.buhrmaster at gmail.com
Thu Apr 10 01:06:24 UTC 2014
On Wed, Apr 9, 2014 at 11:38 PM, Will Dormann <wdormann at gmail.com> wrote:
...
> Given that the vulnerability is an info leak, I think there are a few
> steps between it and code execution that you describe.
Usually. But with the exceedingly high prevalence of password
reuse (if not username reuse), [obligatory xkcd ref: https://xkcd.com/792/ ]
the impacts can be significant. On average. Perhaps *you* run
each unique service with its own set of usernames and unique
passwords in a unique chroot jail. And every remote (web) service
you use also has a unique username and password. In which
case you *would* be unique, and at reduced risk of account
and password reuse. While everyone on this list may be above
average, not everyone is quite so unique. So yes, there are a
few steps, but those few steps are achievable if someone decides
that you are the one, or, you just get unlucky and get chosen as
a one. Caveat emptor.
More information about the mythtv-users
mailing list