New interesting info was released regarding Heartbleed OpenSSL vulnerability. Company cloudflare (cloudflare.com) announced a competition on April 11th to find out if private SSL keys can be stolen from vulnerable server using Heartbleed vulnerability. And truly until April 12th, 4 independent researchers proved that they were able to steal private key from vulnerable server.
This is final evidence, that at some circumstances, Heartbleed vulnerability can be abused to get private keys from server.
Tag Archives: openssl
OpenSSL heartbleed bug
New vulnerability in widely used OpenSSL was detected. Vulnerability is know as Heartbleed bug. OpenSSL 1.0.1 before 1.0.1g are vulnerable. Thanks to good work of people in RedHat (special thank you goes to Tomas Mraz, Senior programmer in RedHat) and CentOS community, quick workaround was published for commonly used OpenSSL 1.0.1e. We are looking forward for release of OpenSSL 1.0.1g.
Don't hesitate to patch your servers….