Spears Legal Technology

Disclaimer

This blog is a resource guide for informational purposes only, and not the delivery of legal, technical or other professional advice. Using the information provided on this blog does not constitute an attorney-client relationship. If you need legal advice, please consult your lawyer.

‘Heartbleed’ Bug Exposes Passwords, Web Site Encryption Keys

Oh my. The potential ramifications...

This vulnerability is particularly unique because the sequence of the fix is important. If the keys and certificates have to be replaced, folks must wait to change their passwords until they confirm that action has been taken. Otherwise the new password is vulnerable as well.

Jamie Blasco, director of AlienVault Labs, said this bug has “epic repercussions” because not only does it expose passwords and cryptographic keys, but in order to ensure that attackers won’t be able to use any data that does get compromised by this flaw, affected providers have to replace the private keys and certificates after patching the vulnerable OpenSSL service for each of the services that are using the OpenSSL library.

Link.

blog comments powered by Disqus