OpenSSL leaks server-Keys / The Heartbleed Bug
luky-37 at hotmail.com
Sat Apr 12 11:14:41 UTC 2014
> Thanks for the link. On a quick read it seems their conclusion is that
> while it is *extremely* unlikely that your private key(s) was/were
> stolen using nginx, you should still re-key and revoke. While
> comforting, not really of any great practical help.
They updated the post, their initial analysis was wrong.
> Nice that CloudFlare (and no doubt others) received significant advance
> warning while the rest of us were left vulnerable. Just sayin...
They had no choice. They couldn't notify a lot of people about this, it
would have been leaked to exploit kits and black hats before OpenSSL
provided the bugfix. That would have been a lot worse.
More information about the nginx