Changes between Version 5 and Version 6 of heartbleed
- Timestamp:
- Apr 9, 2014, 10:02:22 AM (10 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
heartbleed
v5 v6 26 26 ''Do I have to generate a new key?'' 27 27 28 No. It's your choice and you may decide that it's not worth the effort. T o compromise your site, an attacker must have access to your Internet traffic and must of taken advantage of this bug either in the last 24 hours or prior to the public release of the bug. For most sites, that's unlikely. On the other hand, we now have concrete information about massive spying operations by the National Security Agency, including huge databases of recorded Internet traffic.28 No. It's your choice and you may decide that it's not worth the effort. The vulnerability allowed an attacker to read the memory used by the web server. If nobody attempted to exploit the server your web site is running on during the period in which the server was vulnerable, then there is no reason to generate a new key or be worried about compromised data. On the other hand, if someone attempted to exploit ''any'' web site on your server (even if it's not your own web site), then your data may have been compromised. 29 29 30 30 '''Additional Information and Notes'''