Re: Worlwide Security Flaw - Heartbleed Bug
Yes, there is a vulnerability in the heartbeat functionality of OpenSSL, (and only version 1.01 e, f ang g if I recall correctly.)
The vulnerability leaks the servers private key part of the certificate that is used to decrypt traffic, ergo, anyone can get the server key, and then decrypt private traffic in real time.
People who are affected therefore have to either upgrade (or downgrade) their version of OpenSSL, or they can recompile from source and not compile in the heartbeat functionality.
Since the keys are specific to the certificate (not the session) the certificate must be reissued with a new public/private key pair also, (there is not a lot of sense in continuing to use a certificate to encrypt when the decrypt key is widely known!)
I didn’t fight my way to the top of the food chain to be a vegetarian…
Im sick of people saying 'dont waste paper'. If trees wanted to live, they'd all carry guns.
"The inherent vice of capitalism is the unequal sharing of blessings; The inherent vice of socialism is the equal sharing of miseries."