[Cryptography] heartbleed first blood?

[Jerry Leichter]

On Aug 30, 2014, at 7:02 AM, ianG <iang at iang.org> wrote:
> ..."From here, the attackers were able to further their access into CHS by
> working their way through the network until the estimated 4.5 million
> patient records were obtained from a database.  This is no surprise as
> when given internal access to any computer network, it is virtually a
> 100% success rate at breaking into systems and furthering access...."
Ah yes, crunchy outside, soft and juicy inside.

This is why putting *all* the defense a the perimeter stopped being recommended practice a while ago.

Granted, if your attacker can read your VPN sessions, you're in a bad way.  But that need not - and must not - be the end of the story.

                                                        -- Jerry