Yesterday a serious vulnerability in the OpenSSL cryptographic library has been made public. This vulnerability is known as the Heartbleed Bug. It is a very malicious problem because it leads to exposure of arbitrary information by any server which provides services that use OpenSSL’s SSL library to provide encryption. There are even reports suggesting that some server software can leak their private cryptographic keys due to this security hole. And as a potential attack leaves no trace whatsoever you cannot even tell whether your server has been attacked.
I don’t believe that my server was attacked. It is simply too unimportant. But security is not about believes, it is about facts. So I swallowed the bitter pill today and paid $25 to get my old SSL certificate revoked. This allowed me to request a new certificate for my brand new 4096 bit RSA key. Let’s hope that this one stays secure … at least for a while.