• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
The Heartbleed Bug
 

The Heartbleed Bug

on

  • 567 views

Heartbleed is a newly discovered very widespread vulnerability in the OpenSSL implementation of the SSL/TLS protocol. The flaw allows attackers to steal passwords and confidential data that you have ...

Heartbleed is a newly discovered very widespread vulnerability in the OpenSSL implementation of the SSL/TLS protocol. The flaw allows attackers to steal passwords and confidential data that you have provided online. Elastica’s CTO Dr. Zulfikar Ramzan walks through the flaw’s mechanics and ramifications.

Statistics

Views

Total Views
567
Views on SlideShare
553
Embed Views
14

Actions

Likes
0
Downloads
26
Comments
0

4 Embeds 14

https://twitter.com 7
http://www.linkedin.com 5
http://poweroverprocrastination.com 1
https://www.linkedin.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • and it specifically impacts version 1.0.1 and beta versions of 1.0.2 of OpenSSL.
  • and it specifically impacts version 1.0.1 and beta versions of 1.0.2 of OpenSSL.

The Heartbleed Bug The Heartbleed Bug Presentation Transcript

  • Zulfikar Ramzan, PhD, MIT Chief Technology Officer Elastica The Heartbleed Bug
  • OpenSSL Heartbleed Bug Leaves Much Of The Internet At Risk - TechCrunch
  • On 07 April 2014, security experts disclosed that a serious vulnerability had been identified in OpenSSL cryptographic software library that protects many web sites. This problem might have been there for almost 2 years, but just hidden in plain sight..
  • When you transact online, your information is protected by the SSL/TLS encryption used to secure the Internet. OpenSSL is an open-source implementation of the SSL protocol. The Heartbeat protocol is a sub-part of SSL and is meant to ensure communications are kept alive.
  • The Heartbleed bug is a devastating vulnerability in the heartbeat extension of the SSL/TLS protocol (CVE-2014-0160). It specifically impacts version 1.0.1 and beta versions of 1.0.2 of OpenSSL. It compromises encryption keys, user credentials and actual content.
  • The Heartbleed bug allows attackers to • eavesdrop on communications online • get access to sensitive data such as passwords, social security numbers, financial records, etc • impersonate users and services • and, all this can be done multiple times and without a trace!
  • Watch how the Heartbleed bug works
  • Up to two-thirds of websites use OpenSSL and could be vulnerable. List of possibly affected sites Tool to test a website
  • What should you do?  Check if your favorite sites have implemented the Heartbleed patch.  If it has been patched, then log in and change your password. If you change your password and the site hasn’t been patched, then you’re giving a hacker a new password.
  • When password compromises happen, new machine learning based methods are needed to find the breaches and anomalies. Elastica’s Detect App on CloudSOC uses behavioral analysis to zero-in on threats to your assets in the cloud and gives you protection beyond simple username/password. Is there an alternative? LEARN MORE
  • Thank you.