Re: Heartbleed bug
Yeah, most of the secure sites I deal with were not vulnerable but I got an email to day from a fairly important one that WAS affected, or may have been affected. They recommend that I change my login ID, password, security image and questions and delete my browsing history and cookies. Busy afternoon. No strange transactions so I guess I'm OK.
If the "hackers" have 25,000,000 logins what are the chances they are going to pick yours?
Well, yeah, strength in numbers. But it's a little different if it was 25,000,000 logins total, or 25,000,000 per week or
per day as seems more likely. The result could be billions of logins over the 6 or 7 month period, each one of which grabbed some un-encrypted data. Now this date is fairly random since the hackers had no way of targeting specific data - it could and probably would include fractional user names, fractional passwords, etc. - so it depends on how well they can sift out the data and how many login attempts they make using the data they've gathered. In this case, the hackers have strength in numbers since they are bound to score on a few of them.