If the CA is doing it right, they only had to reissue the signed certificates of endusers, but they might have had to replace intermediate certificates.

I have nothing to hide, but nobody needs to know that.

Mailing lists are a source in my bad experience. I also hated the people in which names these messages arrived (before blacklisting linkedin).

And this is why I reject any email linked to linkedin. It surely felt more then 3 times semi random people (with who I might have corresponded on some mailinglists) try to invite you.

You patched your telnet to connect to port 80 by default? Our is the telnet command an alias?

Then I have good news for you: not all 2 factor auths need phonenumbers. Don't know what Apple uses/requires though.

Is there a setting in the bios to change this 4s to power off to immediatly?

I found a compromised website on my companies shared hosting platform (which runs a 2.6 kernel (Debian/oldstable)). But the files where "infected" by a ftp account via proftpd on a machine running a 3.2 kernel (Debian/stable), the login was right on the first try. My guess is malware on the site owners machines stealing ftp logins (which is old news).

And that technique is called: SNI
And even though the servers supported it for a "long" time, some clients didn't, most notably the mobile browsers.

OSX appears to have something called a keychain, store the password to crypt there and keep the store encrypted.

"Thanks, I didn't know that."

You didn't know that because it is not true. SSL encrypts everything before anything is send. That is why (before SNI) it is impossible to have multiple certificates for multiple virtualhosts on 1 ip adress: the host that is being queried and has to match a certificate CN isn't known at the time of the SSL handshake.

"But this is a bus. There is an active connection to the central office."

Until the perp. is using a gsm jammer (or you get into an area without coverage). The bus terminal will store the transaction for later validation, but since the perp is using an anonymous or cloned card he has gotten an untracable free ride.

"The reality is that 99.9% of people are honest and will pay what they should regardless of whether the cards are insecure and could be 'hacked'."

People are less honest then you think, most will do stuff they know they shouldn't if they think they will not get caught, even when there is no financial need.

This chipcards and the required tollgates were introduced with a promise to stop fare dodgers. Recent news of the dutch system appears to have the effect of going from 11% to 2%. http://www.ad.nl/ad/nl/1012/Nederland/article/detail/2943764/2011/10/03/Aantal-zwartrijders-RET-daalt-spectaculair-door-ov-chippoortjes.dhtml
The same might have been achived cheaper with more actual people in the public transport actually checking tickets..

Bluetooth? They just shouldn't have picked a known bad contactless smartcard. NFC is perfectly suitable for this (and can be tied to "modern" phones)

You need to take into consideration that there is no active connection to the central office, terminals and cards have to be able to work standalone if you want to stop abuse of anonymous cards and gsm jammers (in busses).