kagato
Well-Known Member
So I tried to log into Minecraft this morning and found the Authentication servers were down. Typical day for Mojang right? Well, after taking to Twitter, I found that they took their servers down for patching due to a major crypto bug that was found in OpenSSL:
http://arstechnica.com/security/201...opens-two-thirds-of-the-web-to-eavesdropping/
http://arstechnica.com/security/201...opens-two-thirds-of-the-web-to-eavesdropping/
The bug, which has resided in production versions of OpenSSL for more than two years, could make it possible for people to recover the private encryption key at the heart of the digital certificates used to authenticate Internet servers and to encrypt data traveling between them and end users. Attacks leave no traces in server logs, so there's no way of knowing if the bug has been actively exploited. Still, the risk is extraordinary, given the ability to disclose keys, passwords, and other credentials that could be used in future compromises.