Heartbleed can be exploited to steal private keys – CONFIRMED!

New interesting info was released regarding Heartbleed OpenSSL vulnerability. Company cloudflare (cloudflare.com) announced a competition on April 11th to find out if private SSL keys can be stolen from vulnerable server using Heartbleed vulnerability. And truly until April 12th, 4 independent researchers proved that they were able to steal private key from vulnerable server.
This is final evidence, that at some circumstances, Heartbleed vulnerability can be abused to get private keys from server.

More info here and my original Heartbleed post here

OpenSSL heartbleed bug

New vulnerability in widely used OpenSSL was detected. Vulnerability is know as Heartbleed bug. OpenSSL 1.0.1 before 1.0.1g are vulnerable. Thanks to good work of people in RedHat (special thank you goes to Tomas Mraz, Senior programmer in RedHat) and CentOS community, quick workaround was published for commonly used OpenSSL 1.0.1e. We are looking forward for release of OpenSSL 1.0.1g.

Don't hesitate to patch your servers….