[其他] 妈逼，要完蛋了！OpenSSL漏洞连 LastPass也跪了

都在哀嚎个什么 Lastpass账户密码又不是明文传输 用https传输加密过的的信息 前几楼给的官方Blog不是写了么，如果你用检测工具检测lastpass网站，结果会显示14年4月8日早之前lastpass是有问题的，但是数据传输是传通过私人Key加密过的数据。
“LastPass utilizes OpenSSL for HTTPS/TLS/SSL encryption and we were therefore “vulnerable” to this bug. For anyone who was using this tool: http://filippo.io/Heartbleed/#lastpass.com to check whether LastPass was vulnerable, it would have shown that we were vulnerable until this morning, when we restarted our servers after the patched OpenSSL software update.

However, LastPass is unique in that your data is also encrypted with a key that LastPass servers don’t have access to. Your sensitive data is never transmitted over SSL unencrypted - it’s already encrypted when it is transmitted, with a key LastPass never receives. While this bug is still very serious, it could not expose LastPass customers’ encrypted data due to our extra layers of protection. On the majority of the web, user data is not encrypted before being transmitted over SSL, hence the widespread concern. ”

4月9日更新：如果你的账户内存储的网站可能受到漏洞影响，Lastpass还会主动警告你
Update: April 9th

LastPass now alerts you if the sites stored in your vault may be impacted by Heartbleed. See our new blog post for more details: http://blog.lastpass.com/2014/04 ... your-sites-are.html

[ 本帖最后由 figure09 于 2014-4-10 10:43 编辑 ]