Se ha descubierto un problema grave (bug) en OpenSSL, lo cual implica que todos los certificados generados al momento son inválidos/inseguros y hay que volver a generarlos. El CVE oficial aquí. A continuación el reporte que recibimos de parte de Hiawatha:
Severe bug in OpenSSL discovered
Hi,
I know that this issue has not much to do with Hiawatha (of course not, thanks to PolarSSL). But because it’s one of the most critical bugs in a long time, I’m using every means I can to inform as much people. A severe bug has been discovered in OpenSSL which allows an attacker to steal the private key. Yes, you’re reading that correctly.
More information about this bug can be found at http://heartbleed.com/
Test if your service is vulnerable via http://filippo.io/Heartbleed/
This requires action now! Also note that patching is not enough. It might be possible that your private key has already be stolen. The most nasty part about this bug is that a successful attack leaves no trace!
Yours sincerely,
Hugo
Estaremos notificando avances o novedades al respecto.
