erratasec

Why heartbleed doesn't leak the private key [retracted]

I got this completely wrong!So as it turns out, I completely messed up reading the code. I don't see how, but I read it one way. I can still visualize the code in my mind's eye that I thought I read -- but it's not the real code. I thought it worked one way, but it works another way.Private keys are still not so likely to be exposed, but still much more likely than my original analysis suggested.The incorrect post is below, so you know...

allaboutghost.com allaboutghost.com

How to Host a sitemap.xml File When Using Nginx to Proxy Requests to Ghost

We host our All Ghost Themes site on DigitalOcean with Ghost and wanted to be able to submit a sitemap to Google WebMaster Tools so we came up with the following process. This is temporary workaround until Ghost has an internal method to generate the sitemap file for us, which according to the GitHub issue, is scheduled for the 0.6 release of Ghost. On our DigitalOcean droplet we are using Nginx to reverse proxy all traffic on port 80...

blogs.gartner.com blogs.gartner.com

Open SSL Heartbleed vulnerability affects much more than just websites

As we all know by now, this is mega-serious and affects all users of Open SSL 1.0.1 through 1.01.f – so those who kept their Open SSL code up to date were in effect penalized. For information on the vulnerability, see kb.cert.org I’m just trying to understand why all the news reports are focused on individual communications with websites. SSL protocols, including Open SSL, are used in most ‘trusted’ machine to machine...