Home » Security » Heartbleed Bug Information

Dire warnings about Heartbleed, a serious internet security risk affecting millions of websites, is echoing across the internet today. Described as a flaw in OpenSSL, the open source encryption technology used by the vast majority of web servers.

The Heartbleed bug is a particularly nasty bug. It allows an attacker to read up to 64KB of memory, and the security researchers have said:

“Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication.”

heartbeet

Alleged Yahoo user credentials visible due to Heartbleed (source: Mark Loman).

The problem is fairly simple: there’s a tiny vulnerability — a simple missing bounds check — in the code that handles TLS ‘heartbeat’ messages. By abusing this mechanism, an attacker can request that a running TLS server hand over a relatively large slice (up to 64KB) of its private memory space. Since this is the same memory space where OpenSSL also stores the server’s private key material, an attacker can potentially obtain

  • long-term server private keys
  • TLS session keys
  • confidential data like passwords
  • session ticket keys

Comments

comments

Latest

3d gaming How Does Video game 3d modeling Work at Tsymbals Design?
Can Anyone Mine Bitcoin?
computer security How to Know for Certain That Your Computer Is Compromised
youtube red original YouTube Red Originals Paying off For YouTube
SEO Strategies Smart Tips When Creating SEO Strategies In 2018

Tech Geek Today

Tech Geek Today

MonTueWedThuFriSatSun
    123
45678910
11121314151617
18192021222324
252627282930 
       
 123456
78910111213
21222324252627
28293031   
       
      1
2345678
16171819202122
23242526272829
30      
   1234
567891011
12131415161718
262728293031 
       
   1234
567891011
12131415161718
19202122232425
262728    
       
1234567
891011121314
22232425262728
293031    
       
    123
45678910
11121314151617
18192021222324
25262728293031
       
  12345
6789101112
20212223242526
27282930   
       
      1
9101112131415
16171819202122
23242526272829
3031     
    123
45678910
11121314151617
252627282930 
       
 123456
78910111213
14151617181920
21222324252627
28293031   
       

Subscribe To The Technology Geek

Archives