[mythtv-users] the heartbleed openssl bug and mythtv

Gary Buhrmaster gary.buhrmaster at gmail.com
Thu Apr 10 01:06:24 UTC 2014


On Wed, Apr 9, 2014 at 11:38 PM, Will Dormann <wdormann at gmail.com> wrote:
...
> Given that the vulnerability is an info leak, I think there are a few
> steps between it and code execution that you describe.

Usually.  But with the exceedingly high prevalence of password
reuse (if not username reuse), [obligatory xkcd ref: https://xkcd.com/792/ ]
the impacts can be significant.  On average.  Perhaps *you* run
each unique service with its own set of usernames and unique
passwords in a unique chroot jail.  And every remote (web) service
you use also has a unique username and password.  In which
case you *would* be unique, and at reduced risk of account
and password reuse.  While everyone on this list may be above
average, not everyone is quite so unique.  So yes, there are a
few steps, but those few steps are achievable if someone decides
that you are the one, or, you just get unlucky and get chosen as
a one.  Caveat emptor.


More information about the mythtv-users mailing list