KT000000 发表于 2014-4-20 11:41
国内的网站没有patch的大把。另外就算patch了,还有后续工作比如revoke原先的certs,重新发布certs,你敢 ...
国内没有patch的网站就属于我所说的一辈子也不需要上的网站,就算上也完全可以用一个特别简单的密码,这种垃圾网站就根本不需要去认真对待。。
你可以去yahoo,tumblr等国外的网站看看人家要求用户怎么做的,按着做就是了,人家这些网站给出的instruction当然是最专业的,你何必要自己弄一些额外的操作呢?根本没有必要啊。给你贴一个tumblr的。
Urgent security updateBad news. A major vulnerability, known as “Heartbleed,” has been disclosed for the technology that powers encryption across the majority of the internet. That includes Tumblr. We have no evidence of any breach and, like most networks, our team took immediate action to fix the issue. But this still means that the little lock icon (HTTPS) we all trusted to keep our passwords, personal emails, and credit cards safe, was actually making all that private information accessible to anyone who knew about the exploit. This might be a good day to call in sick and take some time to change your passwordseverywhere—especially your high-security services like email, file storage, and banking, which may have been compromised by this bug. You’ll be hearing more in the news over the coming days. Take care.
|