= 27d567bc2d48d9f40e9ccc20ea370b15)
CronoDAS comments on My Heartbleed learning experience and alternative to poor quality Heartbleed instructions. - Less Wrong
You are viewing a comment permalink. View the original post to see all comments and the full post content.
= 783df68a0f980790206b9ea87794c5b6)
Loading…= b715d02e85f7b3b4ae65ca3d3e450868)
Subscribe to RSS Feed
Powered by Reddit
= f037147d6e6c911a85753b9abdedda8d)
Comments (31)
Apparently SSL v2 is vulnerable to man-in-the-middle attacks, but it's only used by obsolete browsers (IE v6) and it can't leak your data if you don't use it. So this particular vulnerability is not one I personally need to worry about, but secure servers are supposed to have SSL v2 disabled - and if it isn't, it generally means that the people who set up the server either don't know what they're doing or don't care.
I think Eugine_Nier means to imply (and I would agree) that anybody using SSL2 is incompetent when it comes to security.
If you have a significant amount of money in your account, I recommend asking your bank about multi-factor authentication. I had to pay a small fee for it, but Wells Fargo gave me an RSA token for my accounts. Its use is required when transferring funds to other banks. So even if my password is stolen, my money is safe. Silicon Valley Bank has a similar scheme using SMS authentication.