» Can You Get Private SSL Keys Using Heartbleed?

The Heartbleed bug is a nightmare for anyone who hosts or manages any server infrastructure. I have spent a good portion of this week patching and then verifying that all the various servers I maintain are fixed. The nature of the issue is potentially catastrophic from a security perspective but the actual real-world impacts are harder to estimate.

I found this article by CloudFlare to be a really solid overview of the lower level technical details of the exploit. It also (somewhat reassuringly) describes the practical implications of how a hacker could actually abuse this issue. Thankfully the news is better than I had initially feared, though of course that doesn’t change my approach to making sure all my servers are 100%. Constant vigilance.

David Smith