Researcher Proves Heartbleed Bug Exposes Private SSL Keys

Josh Ong, reporting for The Next Web:

Fedor Indutny, a core member of the node.js team, has proved that it is in fact possible for an attacker to sniff out the private SSL keys from a server left exposed by the Heartbleed bug. The proof came in response to a challenge from CloudFlare that called on the security community to grab the keys from a demo server.

Saturday, 12 April 2014