Changes between Version 2 and Version 3 of heartbleed


Ignore:
Timestamp:
Apr 9, 2014, 9:11:59 AM (7 years ago)
Author:
Jamie McClelland
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • heartbleed

    v2 v3  
    1313During the period in which our servers were vulnerable it was possible for someone who can access your traffic to compromise the key that encrypts that traffic. If your key was compromised, then fixing the bug is not enough: you'll need to generate a new key and get a new x509 certificate.
    1414
    15 Questions:
     15'''Questions'''
    1616
    1717''How do I generate a new key?''
     
    2727No. It's your choice and you may decide that it's not worth the effort. To compromise your site, an attacker must have access to your Internet traffic and must of taken advantage of this bug either in the last 24 hours or prior to the public release of the bug. For most sites, that's unlikely. On the other hand, we now have concrete information about massive spying operations by the National Security Agency, including huge databases of recorded Internet traffic.
    2828
    29 Notes:
     29'''Additional Information and Notes'''
    3030
    3131According to the web site [http://heartbleed.org hearbleed], openssl is the most popular encryption library. And, arstechnica estimates [http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/ it is used by 2/3 or all web sites].