Zulfikar Ramzan, PhD, MIT
Chief Technology Officer
Elastica
The Heartbleed Bug
OpenSSL Heartbleed Bug Leaves Much Of The Internet
At Risk
- TechCrunch
On 07 April 2014, security experts disclosed that a
serious vulnerability had been identified in
OpenSSL cryptographic sof...
When you transact online, your information is protected by the SSL/TLS
encryption used to secure the Internet.
OpenSSL is ...
The Heartbleed bug is a
devastating vulnerability in the
heartbeat extension of the SSL/TLS
protocol (CVE-2014-0160).
It s...
The Heartbleed bug allows attackers to
• eavesdrop on communications online
• get access to sensitive data such as passwor...
Watch how the Heartbleed bug works
Up to two-thirds of websites
use OpenSSL and could be
vulnerable.
List of possibly affected sites
Tool to test a website
What should you do?
 Check if your favorite sites have
implemented the Heartbleed
patch.
 If it has been patched, then l...
When password compromises happen,
new machine learning based methods
are needed to find the breaches and
anomalies.
Elasti...
Thank you.
Upcoming SlideShare
Loading in...5
×

The Heartbleed Bug

1,109

Published on

Heartbleed is a newly discovered very widespread vulnerability in the OpenSSL implementation of the SSL/TLS protocol. The flaw allows attackers to steal passwords and confidential data that you have provided online. Elastica’s CTO Dr. Zulfikar Ramzan walks through the flaw’s mechanics and ramifications.

Published in: Technology, Education
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,109
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
65
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • and it specifically impacts version 1.0.1 and beta versions of 1.0.2 of OpenSSL.
  • and it specifically impacts version 1.0.1 and beta versions of 1.0.2 of OpenSSL.
  • Transcript of "The Heartbleed Bug"

    1. 1. Zulfikar Ramzan, PhD, MIT Chief Technology Officer Elastica The Heartbleed Bug
    2. 2. OpenSSL Heartbleed Bug Leaves Much Of The Internet At Risk - TechCrunch
    3. 3. On 07 April 2014, security experts disclosed that a serious vulnerability had been identified in OpenSSL cryptographic software library that protects many web sites. This problem might have been there for almost 2 years, but just hidden in plain sight..
    4. 4. When you transact online, your information is protected by the SSL/TLS encryption used to secure the Internet. OpenSSL is an open-source implementation of the SSL protocol. The Heartbeat protocol is a sub-part of SSL and is meant to ensure communications are kept alive.
    5. 5. The Heartbleed bug is a devastating vulnerability in the heartbeat extension of the SSL/TLS protocol (CVE-2014-0160). It specifically impacts version 1.0.1 and beta versions of 1.0.2 of OpenSSL. It compromises encryption keys, user credentials and actual content.
    6. 6. The Heartbleed bug allows attackers to • eavesdrop on communications online • get access to sensitive data such as passwords, social security numbers, financial records, etc • impersonate users and services • and, all this can be done multiple times and without a trace!
    7. 7. Watch how the Heartbleed bug works
    8. 8. Up to two-thirds of websites use OpenSSL and could be vulnerable. List of possibly affected sites Tool to test a website
    9. 9. What should you do?  Check if your favorite sites have implemented the Heartbleed patch.  If it has been patched, then log in and change your password. If you change your password and the site hasn’t been patched, then you’re giving a hacker a new password.
    10. 10. When password compromises happen, new machine learning based methods are needed to find the breaches and anomalies. Elastica’s Detect App on CloudSOC uses behavioral analysis to zero-in on threats to your assets in the cloud and gives you protection beyond simple username/password. Is there an alternative? LEARN MORE
    11. 11. Thank you.
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×