The Following 23 Users Say Thank You to fstern For This Useful Post: | ||
|
2014-04-08
, 08:45
|
Posts: 35 |
Thanked: 504 times |
Joined on Jan 2013
@ Germany
|
#2
|
The Following 23 Users Say Thank You to fstern For This Useful Post: | ||
|
2014-04-09
, 00:51
|
Posts: 2,802 |
Thanked: 4,491 times |
Joined on Nov 2007
|
#3
|
More infos: http://heartbleed.com/
What is leaked primary key material and how to recover?
These are the crown jewels, the encryption keys themselves. Leaked secret keys allows the attacker to decrypt any past and future traffic to the protected services and to impersonate the service at will. Any protection given by the encryption and the signatures in the X.509 certificates can be bypassed. Recovery from this leak requires patching the vulnerability, revocation of the compromised keys and reissuing and redistributing new keys. Even doing all this will still leave any traffic intercepted by the attacker in the past still vulnerable to decryption. All this has to be done by the owners of the services.
The Following 18 Users Say Thank You to lma For This Useful Post: | ||
|
2014-04-09
, 16:41
|
Posts: 35 |
Thanked: 504 times |
Joined on Jan 2013
@ Germany
|
#4
|
(emphasis mine). Though I understand StartSSL are being somewhat less than helpful :-(
I will issue new certificates next week as our StartSSL certificates expire.
Were the services restarted? Tests like http://filippo.io/Heartbleed/ and http://possible.lv/tools/hb/ currently report {wiki,bugs,lists}.maemo.org as vulnerable.
|
2014-04-10
, 20:20
|
Posts: 35 |
Thanked: 504 times |
Joined on Jan 2013
@ Germany
|
#5
|
The Following 15 Users Say Thank You to fstern For This Useful Post: | ||
Tags |
heartbleed, openssl |
Thread Tools | |
|
due to recent bugs in openssl, I will upgrade openssl today on our servers. This might lead to service interruption, while services are restarted.
More infos: http://heartbleed.com/
--
We reject kings, presidents and voting.
We believe in rough consensus and running code.
- David Clark