The Heartbleed thing is a good reminder that if a service offers 2-step authentication, you should take advantage of it.
@KentInPublic @bhsharp Like I said in the tweet, only if they can't MITM you. If they can, they just wait for your next login and jack you.
-
-
@cmuratori@bhsharp I thought Heartbleed was just about pulling the data from servers. Does it create MITM potential as well? -
@KentInPublic@bhsharp Yes. Because they can read the entire server memory, they get the certificate private key. Game over. - Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.