Tag Archives: Apache

The Heartbleed Bug – A vulnerability in the OpenSSL Cryptographic Library

Authors: Ionut – Daniel BARBU & Cristian PASCARIU

Sources:

heartbleed.comen.wikipedia.org/wiki/Heartbleedcve.mitre.org; openssl.org; schneier.com; theguardian.comgizmodo.com; tools.cisco.com; en.wikipedia.org/wiki/Raspberry_Pi; en.wikipedia.org/wiki/Opensslkali.orgnmap.org;

Abstract

The purpose of this is to present various aspects of the Heartbleed bug including a general overview of the vulnerability, details related to how it works, affected software distributions and statistical observations. Moreover, the paper presents the exploitation of a vulnerable version of an Apache server. The targeted machine is represented by a Linux image for ARM architecture installed on a RaspberryPI device. The vulnerability was erroneously introduced in the code and released on the 14th of March 2012. More than 2 years later, on April 1st it was discovered and publically disclosed. The SSL/TLS encryption, by design and implementation it’s meant to protect the information. Statistically speaking two thirds of the internet’s web servers use OpenSSL. Studying this vulnerability and performing tests in the informational environment is critical and we highly recommend it.

The summary of the presentation can be found here: The Heartbleed Bug on DanielBARBU.com

Advertisements

Leave a comment

Filed under General