Private Keys Stolen Within Hours From Heartbleed OpenSSL Site

Billly Gates (198444) writes "It was reported when heartbleed was discovered that only passwords would be at risk and private keys were still safe. Not anymore. Cloudfare launched the heartbleed challenge on a new server with the openSSL vulnerability and offered a prize to whoever could gain the private keys. Within hours several researchers and a hacker got in and got the private signing keys. Expect many forged certificates and other login attempts to banks and other popular websites in the coming weeks unless the browser makers and CA's revoke all the old keys and certificates."

Re:https is dead

Wow, "Insightful", seriously? /. mods really love them some unsubstantiated expert analysis from Anonymous Coward.

Reality check: only 17.5% of SSL sites had heartbeat extension turned on. Most sensitive and popular sites have reissued and revoked certificates.

Implementing Mr. WolfWings's solution would mean punishing 85% of the network because admin of myshittyblog.net has not yet fixed his shit and could have left his users vulnerable to NSA snooping.