Recovering from Heartbleed
Heartbleed is a critical vulnerability in OpenSSL revealed yesterday. I’m not sure it could be more serious: it allows an attacker to connect to your server and use the TLS heartbeat extension to obtain 64k of server memory (and do it again to get another 64k and again and…) – while leaving no traces in logs. That server memory might include primary key material (private keys), secondary key material (usernames and passwords), and collateral (memory addresses, canaries used to detect overflow, etc)
Permanent link for post:
/post/recovering-from-heartbleed/
Posted: Apr 8, 2014
Tags: heartbleed infosec ssl updated
Posted: Apr 8, 2014
Tags: heartbleed infosec ssl updated