according to https://www.schneier.com/blog/archives/2014/04/heartbleed.html http://security.stackexchange.com/questions/55382/heartbleed-read-only-the-next-64k-and-hyping-the-threat
apparently the bug gives access to 64K chunk of ram on the server. The private key might be in that chunk, but probably won’t be… however you will get different chunks over time so if you wait long enough you might end up with a chunk that has a private key or someone’s password. —joshua On Apr 10, 2014, at 10:05 AM, Owen Densmore <[email protected]> wrote: > Hi Barry. How would the private keys be exposed? The pub/priv computation > is done locally, right? > > BTW: All node servers are secure due to their ssl config turning off the > "heartbeat" option. NodeWeekly: > Node 0.8.x and 0.10.2+ Not Vulnerable to Heartbleed Issue — Popular Node > versions aren’t exposed to the Heartbleed vulnerability as the heartbeat > extension was turned off in a Node commit a year ago. Yay. > GITHUB > > -- Owen > > > On Thu, Apr 10, 2014 at 9:51 AM, Barry MacKichan > <[email protected]> wrote: > It is a major PITA. Certificates on affected servers (which include Amazon > EC2 Linus servers) may have had their private keys exposed, so certificates > have to be reissued with different keys. This is, apparently, a major > bottleneck. > > —Barry > > > > > On 9 Apr 2014, at 21:23, Owen Densmore wrote: > > Worth knowing about: > > http://www.washingtonpost.com/news/morning-mix/wp/2014/04/09/major-bug-called-heartbleed-exposes-data-across-the-internet/ > > Pretty serious crypto flaw. > > [image: Inline image 1] > -- Owen > > [image.png] > > ============================================================ > FRIAM Applied Complexity Group listserv > Meets Fridays 9a-11:30 at cafe at St. John's College > to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com > > ============================================================ > FRIAM Applied Complexity Group listserv > Meets Fridays 9a-11:30 at cafe at St. John's College > to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com > > ============================================================ > FRIAM Applied Complexity Group listserv > Meets Fridays 9a-11:30 at cafe at St. John's College > to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
