Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

+ - PayPal Giving Nonsense Answers about OpenSSL/Heartbleed Vulnerability

Submitted by Jammerwoch
Jammerwoch (73739) writes "In the process of verifying that my critical accounts had patched their OpenSSL implementation and re-issued their SSL certificate before changing my password, I noticed that PayPal had not addressed issue: not on their blog, in their support pages, or anywhere on my account page. I also noticed that their SSL certificate was issued in February of 2014, before the vulnerability was discovered. So I contacted support to ask if they had addressed the vulnerability. The first response I got was this:

"Your PayPal account details were not exposed at any time in the past and remain secure. You do not need to take any additional action to safeguard your information."

Undaunted, I replied, asking specifically if they were (or had ever) used one of the vulnerable versions of OpenSSL (1.0.1 through 1.0.1f). The response I received was amusing, to say the least:

"I assure you that your password is not compromised. We do not use an Open SSL in our servers. The SSL certificate that we are using is hyper encrypted and beyond the versions of the usual SSL certificate. It is not affected by the ongoing HeartBleed issue."

Well! Now I'm completely reassured, knowign that they don't use "the Open SSL", and that their certificate is "hyper encrypted".

Unimpressed."

Comment: Re:"e": The Story of A Number (Score 1) 630

by Jammerwoch (#26788403) Attached to: Mathematics Reading List For High School Students?

I second this recommendation; Eli Maor's book one of the best math books I've ever read. The specifics of some of the math presented are going to be beyond the skills of most HS students, but understanding the math is not critical to enjoying the history. I've found that math history is a good way to get students engaged in math. So often, concepts in math are presented in a way that makes them seem like they were handed down to us by the gods at the dawn of time. My experience is that students become a little more interested when they realize there was a real person (or persons) behind any given concept, and sometimes, the skills they're learning, were completely unknown to anyone on earth 500 years ago.

In this vein, I would also recommend Charles Seife's "Zero". The math in this book is much more accessible (should prove no problem for HS students), yet it drives home some very important ideas that are crucial to understanding higher math.

No hardware designer should be allowed to produce any piece of hardware until three software guys have signed off for it. -- Andy Tanenbaum

Working...