The Heartbleed Bug – A vulnerability in the OpenSSL Cryptographic Library

Authors: Ionut – Daniel BARBU & Cristian PASCARIU

Sources:

heartbleed.comen.wikipedia.org/wiki/Heartbleedcve.mitre.org; openssl.org; schneier.com; theguardian.comgizmodo.com; tools.cisco.com; en.wikipedia.org/wiki/Raspberry_Pi; en.wikipedia.org/wiki/Opensslkali.orgnmap.org;

Abstract

The purpose of this is to present various aspects of the Heartbleed bug including a general overview of the vulnerability, details related to how it works, affected software distributions and statistical observations. Moreover, the paper presents the exploitation of a vulnerable version of an Apache server. The targeted machine is represented by a Linux image for ARM architecture installed on a RaspberryPI device. The vulnerability was erroneously introduced in the code and released on the 14th of March 2012. More than 2 years later, on April 1st it was discovered and publically disclosed. The SSL/TLS encryption, by design and implementation it’s meant to protect the information. Statistically speaking two thirds of the internet’s web servers use OpenSSL. Studying this vulnerability and performing tests in the informational environment is critical and we highly recommend it.

The summary of the presentation can be found here: The Heartbleed Bug on DanielBARBU.com

Advertisements

Leave a comment

Filed under General

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s