Friam - Re: Major bug called 'Heartbleed' exposes Internet data

Friam

Re: Major bug called 'Heartbleed' exposes Internet data

Posted by Barry MacKichan on
URL: http://friam.383.s1.nabble.com/Fwd-Major-bug-called-Heartbleed-exposes-Internet-data-tp7585135p7585144.html

Yes. That is my understanding.
We could put our web store back on line with the old certificate, but it
is theoretically possible* that someone has been able to find the
private key. Right now, we are playing it safe. It it takes several days
for our re-issued certificate to get signed, well...

—Barry

*But unlikely considering that any hackers have several million other
honeypots to hack.

On 10 Apr 2014, at 10:20, Joshua Thorp wrote:

> according to
> [https://www.schneier.com/blog/archives/2014/04/heartbleed.html](https://www.schneier.com/blog/archives/2014/04/heartbleed.html)
> [http://security.stackexchange.com/questions/55382/heartbleed-read-only-the-next-64k-and-hyping-the-threat](http://security.stackexchange.com/questions/55382/heartbleed-read-only-the-next-64k-and-hyping-the-threat)
>
>
> apparently the bug gives access to 64K chunk of ram on the server.
> The private key might be in that chunk, but probably won’t be…
> however you will get different chunks over time so if you wait long
> enough you might end up with a chunk that has a private key or
> someone’s password.
>
>
> —joshua
>
>
> On Apr 10, 2014, at 10:05 AM, Owen Densmore
> <[[hidden email]](mailto:[hidden email])> wrote:
>
>> Hi Barry. How would the private keys be exposed? The pub/priv
>> computation is done locally, right?

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com