Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Yeah, that's not good.


[deleted]


The real crazy bit about Heartbleed was that it was worse than a man-in-the-middle attack. It's a "give an unrelated third party on the side your plaintext" attack, rendering your SSL connection less secure than an encrypted connection.


HN, I'm sorry to have deleted my comment before noticing this reply. For the record it said something about 1) being put at ease by the Cloudflare challenge, suggesting to me no MITM attack was possible, 2) and then bemoaning the fact that the NSA "is the man in the middle"


Cloudflare's challenge is specific to nginx's implementation of OpenSSL. They hypothesize that stealing keys from Apache is unlikely, but possible.

http://blog.cloudflare.com/answering-the-critical-question-c...


Thanks for the extra info. While I don't find it encouraging, I appreciate having a better understanding of the issue at hand.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: