Hacker Timesnew | past | comments | ask | show | jobs | submitlogin

Or at the very least, StartSSL certs issued before yesterday.


No, any StartSSL cert. There are still unpatched systems and there likely will be for quite some time. Just because there's a CVE doesn't mean everyone updated


Sure, and there are also StartSSL certs used on systems that don't use OpenSSL.

Do we just nuke every certificate, destroy their business, and force people with secure computers to buy new ones elsewhere even though their servers weren't affected by heartbleed? Because that option sucks too.


As a user, I much prefer that my browser and my OS never ever again show a StartSSL-signed cert as valid over even just one compromised cert being displayed with a fancy lock. How StartSSL is going to achieve that, I don’t care, but neither do I care whether or not they go out of business over this.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: