Hi all,
I just want to give a short statement about the Heartbleed bug in regard to FairCoin to clear up any doubts or confusion people might have.
The Heartbleed bug is indeed on of the most critical bugs we've experienced since the beginning of the internet.
But for this bug to be exploited at all some precondition has to be met.
You need have all of the following configuration options in your FairCoin.conf file:
-rpcssl Use OpenSSL (https) for JSON-RPC connections
-rpcsslcertificatechainfile=<file.cert> Server certificate file (default: server.cert)
-rpcsslprivatekeyfile=<file.pem> Server private key (default: server.pem)
-server Accept command line and JSON-RPC commands
-rpcallowip=<ip> Allow JSON-RPC connections from specified IP address
These options enable SSL encrypted remote access the RPC api of the walled (or daemon). I don't know a single person including myself who has configured their wallet like that.
People who use this set up usually know what they are doing and most likely use Linux anyway. The Linux version of the wallet is almost always dynamically linked against the openssl library provided by the operation system. If your system is up-to-date, so your wallet is!
Provided somebody makes use of these exotic configuration, which might be true for the wide spread bitcoin but not for FairCoin at this time, even then it is very very hard to get your private keys. And if you have an encrypted wallet (which everybody should have) and haven't sent coins since the last restart it is impossible to get your private keys!
Long story short, the ordinary standard wallet set up is not vulnerable to the Heartbleed bug!regs
Thomas
