Heartbleed09 Apr 2014
On Tuesday, a catastrophic bug in OpenSSL was disclosed, Heartbleed. It abuses the heartbeat extension of ssl/tls and gives an attacker access to a small portion of memory on the server.
This section of memory could be the private key, which would be the worst case scenario.
It’s fairly unlikely that would actually happen, unless the bug is exploited right after the web server is restarted.(See the update below) In other cases, this bug could reveal user session data. In some cases this could this could allow an attacker to impersonate a user. It could also reveal the user’s password.
As Bruce Schneier says:
“Catastrophic” is the right word. On the scale of 1 to 10, this is an 11.
Recovery from this is extremely painful.
Even though it’s unlikely that your private key leaked, the chance that it did is enough to replace your keys. You need to replace all of your private keys. I’m working on this part. It turns out startssl is awful in situations like this and I’ll be switching them out for a better CA. You should invalidate all user sessions. You should also reset user passwords.
It turns out that its not all that unlikely that the private key can be extracted. CloudFlare issued a challenge for people to attempt to retrieve a private key using heartbleed. Two separate people were able to extract the key. They did reboot the server around the time that the key extraction, so that may have played a part. Considering that there is evidence of heartbleed being exploited up to 2 years ago. The assumption has been that the NSA was the one that was doing it. They have denied it, of course, but that is hardly believable anymore.