Changes between Version 5 and Version 6 of heartbleed


Ignore:
Timestamp:
Apr 9, 2014, 10:02:22 AM (10 years ago)
Author:
Jamie McClelland
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • heartbleed

    v5 v6  
    2626''Do I have to generate a new key?''
    2727
    28 No. It's your choice and you may decide that it's not worth the effort. To compromise your site, an attacker must have access to your Internet traffic and must of taken advantage of this bug either in the last 24 hours or prior to the public release of the bug. For most sites, that's unlikely. On the other hand, we now have concrete information about massive spying operations by the National Security Agency, including huge databases of recorded Internet traffic.
     28No. It's your choice and you may decide that it's not worth the effort. The vulnerability allowed an attacker to read the memory used by the web server. If nobody attempted to exploit the server your web site is running on during the period in which the server was vulnerable, then there is no reason to generate a new key or be worried about compromised data. On the other hand, if someone attempted to exploit ''any'' web site on your server (even if it's not your own web site), then your data may have been compromised.
    2929
    3030'''Additional Information and Notes'''