The Heartbleed thing is a good reminder that if a service offers 2-step authentication, you should take advantage of it.
@KentInPublic @bhsharp Yes. Because they can read the entire server memory, they get the certificate private key. Game over.
-
-
@cmuratori@bhsharp I thought everyone who patched it was also renewing their certs, though (or should be, anyway). -
@KentInPublic@bhsharp Well sure, but once they renew their certs, you don't need two-factor to avoid the exploit either! - Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.