Amazon just launched a new service called AWS Certificate Manager (ACM) as part of their ever growing suite of services. The new service allows for more or less one-click creation and deployment of free SSL certificates (yes, free). I used ACM to enable SSL on this very website and it didn’t cost me a dime. Anyone can set up SSL for their own custom domain name in no time at all with this new service.
Heartbleed is a bug in the OpenSSL library that was publicly disclosed on April 7th, 2014 by an internet security firm called Codenomicon. With OpenSSL being the defacto SSL library in both the Apache and nginx webservers, that potentially exposes about two thirds of the internet. If we exclude the websites that don’t use SSL at all, we are left with a nice round number: half a million.
From time to time, I have been known to accidentally type my password into a “username” prompt in a bash shell. In that situation, the password you entered is now a part of your ~/.bash_history file forever, unless you truncate or redact it.
