View Single Post
Old April 10th, 2014, 06:47 AM   #11 (permalink)
Senior Member
Join Date: Jan 2013
Posts: 3,634
Carrier: Not Provided

Thanks: 50
Thanked 880 Times in 786 Posts

The vulnerability also affects clients, potentially including phones and tablets.

The Google site states:

All versions of Android are immune to CVE-2014-0160 (with the limited exception of Android 4.1.1; patching information for Android 4.1.1 is being distributed to Android partners)
Basically, if you're running 4.1.1 it may be worth contacting your phone manufacturer, otherwise your phone / tablet should be OK - though obviously, the servers you connect to may not.

Having read a bit more on this, it occurs to me that you BEFORE you change your password on an affected site, you might want to ensure they've fixed the bug. If not, you'd potentially be exposing your new and old passwords to a watcher who didn't have the old one

Hopefully, a google search will find notifications from websites regarding their fix status - a collation of vendor notifications can be found here.

Apparently there are tools that claim to identify which sites are at risk - I think by looking at the webserver they're running. Not sure if this can tell you when the sites have been patched.
SiempreTuna is offline  
Last edited by SiempreTuna; April 10th, 2014 at 10:49 AM.
Reply With Quote
The Following User Says Thank You to SiempreTuna For This Useful Post:
MoodyBlues (April 10th, 2014)