This forum is in permanent archive mode. Our new active community can be found here.


So, OpenSSL is fucked. By extension, Apache and nginx are as well. This has been in the wild for 2 years, was disclosed yesterday, and patched yesterday as well. TL;DR: it may be possible to dump the memory from a server, revealing private encryption keys, user credentials, or content. That is basically the internet nightmare scenario.

One thing I find curious: if this has been in the wild for two years, paranoid minds might assume that some high-value targets have been compromised. Why haven't I gotten any emails from my bank/hosting provider/platypus-enthusiasts-social network to change my passwords?

On the bright side, the FRCF doesn't use SSL, so our credentials are uh, safe, or something.


Sign In or Register to comment.