Authors: Ionut – Daniel BARBU & Cristian PASCARIU
heartbleed.com; en.wikipedia.org/wiki/Heartbleed; cve.mitre.org; openssl.org; schneier.com; theguardian.com; gizmodo.com; tools.cisco.com; en.wikipedia.org/wiki/Raspberry_Pi; en.wikipedia.org/wiki/Openssl; kali.org; nmap.org;
The purpose of this is to present various aspects of the Heartbleed bug including a general overview of the vulnerability, details related to how it works, affected software distributions and statistical observations. Moreover, the paper presents the exploitation of a vulnerable version of an Apache server. The targeted machine is represented by a Linux image for ARM architecture installed on a RaspberryPI device. The vulnerability was erroneously introduced in the code and released on the 14th of March 2012. More than 2 years later, on April 1st it was discovered and publically disclosed. The SSL/TLS encryption, by design and implementation it’s meant to protect the information. Statistically speaking two thirds of the internet’s web servers use OpenSSL. Studying this vulnerability and performing tests in the informational environment is critical and we highly recommend it.
The summary of the presentation can be found here: The Heartbleed Bug on DanielBARBU.com