The OpenSSL project has confirmed that the code responsible for the flaw has been present in its software since 2011 and available to the public since the release of OpenSSL 1.0.1 in March 2012. These memory chunks can be reassembled and analysed to gather usernames, passwords, encryption keys, and other privileged information which should not be exposed to the public. The Heartbleed Bug works by exploiting the heartbeat extension of the Transport Security Layer (TLS) protocol attackers are able to read unlimited system memory in 64KB chunks, with exploitation leaving no trace on the system. It's a serious flaw OpenSSL is the standard library for driving SSL and TLS encryption in a variety of software packages and information appliances Apache and nginx, two of the most popular server packages around accounting for an estimated 66 per cent of all web servers, use OpenSSL the library is also commonly used in other encrypted systems such as virtual private network (VPN) appliances, point-of-sale (PoS) systems and messaging servers. Security researchers have released details of a serious vulnerability in the popular OpenSSL cryptographic library which exposes encrypted internet services to information disclosure attacks.Ĭontinuing a terrible year for information security, what with the verification flaw in GnuTLS and Apple's infamous goto fail bug, the OpenSSL project has confirmed that versions of its software since 2011 have held a serious vulnerability which has been dubbed the 'Heartbleed Bug,' and which can be used to read a system's memory remotely - gathering secret keys which can then be used to decrypt previously-transmitted information.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |