

Ask HN: does Heartbleed effectively compromise most SSL certificates (MITM)? - wodow

From http:&#x2F;&#x2F;arstechnica.com&#x2F;security&#x2F;2014&#x2F;04&#x2F;critical-crypto-bug-exposes-yahoo-mail-passwords-russian-roulette-style&#x2F; :<p>myforwik writes:<p>&quot;&quot;&quot;<p>Remember the servers involved have potentially been leaking their private key for their certificate! This means anyone can &#x27;fake&#x27; being them.<p>It is not enough to do new certificates. All of the old certificates could now be used for man in the middle attacks! 2&#x2F;3rds of the Internets certificates potentially need to be blacklisted! This is a MAJOR disaster.<p>&quot;&quot;&quot;
======
wodow
Related:
[https://bugzilla.mozilla.org/show_bug.cgi?id=994033](https://bugzilla.mozilla.org/show_bug.cgi?id=994033)

