Home » Security » Heartbleed Bug Information

Dire warnings about Heartbleed, a serious internet security risk affecting millions of websites, is echoing across the internet today. Described as a flaw in OpenSSL, the open source encryption technology used by the vast majority of web servers.

The Heartbleed bug is a particularly nasty bug. It allows an attacker to read up to 64KB of memory, and the security researchers have said:

“Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication.”

heartbeet

Alleged Yahoo user credentials visible due to Heartbleed (source: Mark Loman).

The problem is fairly simple: there’s a tiny vulnerability — a simple missing bounds check — in the code that handles TLS ‘heartbeat’ messages. By abusing this mechanism, an attacker can request that a running TLS server hand over a relatively large slice (up to 64KB) of its private memory space. Since this is the same memory space where OpenSSL also stores the server’s private key material, an attacker can potentially obtain

  • long-term server private keys
  • TLS session keys
  • confidential data like passwords
  • session ticket keys

Comments

comments

Latest

sesame Sesame Door Lock Review
data recovery Recover your data using EaseUS Data Recovery, Easily!
windows 10 Windows 10 and Office 365 Feature Release Schedule
filesharing Top 5 File Sharing Apps for 2017
cortana Cortana For The Business Desktop

Follow Us

Visit Us On TwitterVisit Us On FacebookVisit Us On GooglePlusVisit Us On PinterestVisit Us On YoutubeCheck Our Feed

Join Premium

Enjoy All The Benefits Of Premium

  • Access To Premium Content Only Available To Members
  • Digital Copy Of My Book The Pangram Killer
  • Coupons for quality sites affiliated with us
  • Access To All Short Stories
  • Free Plug On Podcast
  • Get first notice and exclusive access to events and meetups
$19.99

Subscribe To The Technology Geek

Sponsors

Sponsors

Archives