Hi, im Laria

This website is no longer maintained. You can visit my new website laria.me instead!

Heartbleed

( Posted: 2014-04-09 00:15:00 Tags: , , , , )

You probably have heard of it. There was a bug in OpenSSL, dubbed Heartbleed.

This seems to be quite a catastrophic bug, since it was possible to get the private key parts of the SSL/TLS certificates, allowing eavesdropping of encrypted traffic.

Both ArchLinux and CentOS already had patches when I heard about the bug. My server is already patched. I also exchanged the certificates, and this time they aren't self-signed certificates. Now the certificates are signed by CACert. I also configured my mail server and HTTP server properly this time (HTTP should use forward secrecy now, if possible), so things should be pretty safe now, at least on this server.

Next step for me will be exchanging passwords (and come up with a new password formula). This is gonna be fun :/.