• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Heartbleed Bug: What It Is And How To Protect Yourself
 

Heartbleed Bug: What It Is And How To Protect Yourself

on

  • 222 views

On April 7, 2014, the Heartbleed bug was revealed to the Internet community. The Heartbleed bug is not a flaw in the SSL or TLS protocols; rather, it is a flaw in the OpenSSL implementation of the ...

On April 7, 2014, the Heartbleed bug was revealed to the Internet community. The Heartbleed bug is not a flaw in the SSL or TLS protocols; rather, it is a flaw in the OpenSSL implementation of the TLS/DTLS heartbeat functionality. The Heartbleed Bug allows an attacker to gain access to sensitive information that is normally protected by the SSL and TLS protocols without leaving a trace.

Statistics

Views

Total Views
222
Views on SlideShare
222
Embed Views
0

Actions

Likes
2
Downloads
12
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Heartbleed Bug: What It Is And How To Protect Yourself Heartbleed Bug: What It Is And How To Protect Yourself Presentation Transcript

    • OpenSSL Heartbleed Bug Leaves Much Of The Internet At Risk - TechCrunch HeartBleed Vulnerability
    • Agenda: 1- Methodology of Heartbleed bug. 2- Risk of “HeartBleed”. 3- Most popular infected Systems. 4- Most popular infected mobile phones. 5- How to Protect your-self from HeartBleed BUG. 6- How to Protect your Enterprise infrastructure from HeartBleed BUG. 7- Q&A
    • • At the root of Heart-bleed is “Encryption”. • Internet has security protocols for securing and encryption commonly known as “SSL & TLS”. • The most common implementation of SSL and TLS is a set of open source tools known as “Open SSL” Methodology of Heartbleed bug.
    • Open SSL run over 66% percent of the secure internet flow Even if you may not know how it looks like or what even means, Probably you interact with it in daily basis
    • • The secret key “language” you shared with the server it suddenly accessible by somebody else & flow is completely undetectable, Simply That is “HeartBleed” the biggest and most spread vulnerability threat over the history of modern internet Risk of “HeartBleed”.
    • “MAY 2012” lot of software packages start to use the vulnerable version “December 2011” this bug has been around . Conclusion SO for more than 2 years any websites, Apps, banks and private instant massaging that run open-SSL had been vulnerable.
    • Here coming out some of the most popular social, email, banking and e-commerce sites on the web. rounded up with their responses below: Most popular infected Systems.
    • Android 4.1.1 “Jelly Bean” Devices are Vulnerable to Heartbleed. Reverse Heartbleed is an important vulnerability to know about as it could affect millions of users directly. (If you’re wondering about iOS, Apple doesn’t ship its mobile operating system with OpenSSL, so everything is OK) Most popular infected mobile phone.
    • 1- Check Site Safety: Test your server for Heartbleed (CVE-2014-0160) Check any site where you enter confidential data that you don’t want to share publicly Qualys SSL Labs - Projects / SSL Server Test
    •  If the site has implemented the Heartbleed patch, then log in and change your password If you change your password and the site hasn’t been patched, then you’re giving a hacker a new password  Be aware of complexity and length of the password  Use a unique password for each site, don't share passwords with multiple sites, and don't reuse old passwords. 2- Update password
    • Would like to make sure that I can detect if someone tries to do a MAN-IN- MIDDLE attack with a stolen certificate, which since has been revoked 3-Configure browser to detect revoked certificate
    • People using the old Android software should update their operating system, People using Android version 4.1.1 should avoid sensitive transactions on their mobile devices The Heartbleed flaw might represent a real risk to 150 million Android users, not because they're using a vulnerable version of Android but rather because they are running a vulnerable app. Heartbleed Puts 150 Million Android App Downloads at Risk free detector appLookout built a that you can download to see if your Android is affected 4-Save your android device from HeartBleed
    • How to Protect your Enterprise infrastructure from HeartBleed BUG: A. Firstly patch every SSL/TLS service. B. Use the latest release of OpenSSL 1.0.1g in every in-house built. C. Revoke digital SSL certificate. E. Patch mobile devices . F. Change login credentials. E. Continuously vulnerability scan.
    • THANK YOU