Heartbleed Explained

Preview:

Click to see full reader

Citation preview

2008 - 2011

Anything < < 64kb

1 kilobyte of data

1 kilobyte of data

64 kilobytes of data

64 kilobytes of data

1 kb

SIZE = 64kb

1kb

Hey server, it’s 64kb

64kb

1kbRequested data - + 63kb - Memory padding

63 kb

1 kb

95AS4D4DFG5FD5S5SD4 ADS5F4SDF55SDGF4SG5DFGH4DF6DSZX5GRF4GHTRH4TYJY5Y4RR6W6Q54WRW6ER54PERWE6R5XE4RWE6R54Y

USERNAME = TESTPASSWORD = 1234SECURITY QUESTIONSCONFIDENTIAL FILESPRIVATE INFORMATIONOTHER SECRET STUFF

1kb

Hey server, it’s 64kb

64kb

Issue is withOpen SSL

Open SSLImplements SSL <<

So the SSL protocol itself is fine.It’s just an implementation flaw

But, don’t worry.It has been patched and updated now.

Although no one knowswhat information has been leaked

or who exploited it.

Now, for the final touch…

Yes, you may ask yourdoubts now.

Special thanks to this guy

Recommended

Heartbleed, Shellshock, and other security logos › sites › default › files › video › ...2015/06/16  · Turla Grinch Freak Venom Heartbleed ShellShock Ghost Apache Struts
Documents
Cyber-security tips: the heartbleed bug
Technology
A technical view of theOpenSSL ‘Heartbleed’ vulnerabilitydocshare01.docshare.tips/files/26848/268489456.pdf · A technical view of theOpenSSL ‘Heartbleed’ vulnerability A
Documents
Heartbleed && Wireless
Technology
Cybercalypse , HeartBleed : Is our Government Listening
Documents
Report on Heartbleed
Education
DevOps Boston - Heartbleed at Acquia
Technology
Heartbleed prezenatcija iz konference Hek.si
Internet
The Heartbleed Bug Serge Borso serge@sergeborso.com
Documents
[QA Night Recife] Heartbleed SecInf
Software
Heartbleed discovery - Computer Sweden€¦ · Heartbleed discovery Tomi Väisänen, Account Executive 2014-09-18 •This is a ... OpenSource components and known vulnerabilities
Documents
Security Vulnerabilities: Heartbleed & Buffer Overflow
Engineering
The Heartbleed Hit List
Documents
Symantec Heartbleed Interactive Version 2 | RapidSSLOnline
Technology
Heartbleed Comic
Education
Open ssl heartbleed
Documents
Minimal effort dedicated securing your server from heartbleed
Business
CloudStack and the HeartBleed vulnerability
Technology
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
Technology
DrupalGov2014 Heartbleed
Presentations & Public Speaking