Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
010010101010100101100101010011111001001001010001010
010010101010100101100101010011111001001001010001010
010010101010100101...
Brought to you by:
PASS IT ON
Click this button to share information on each slide.
CVE-2014-0160
Official designation is
CVE (Common Vulnerabilities and Exposures)
a vulnerability that exists
in the OpenSSL ...
This vulnerability existed for 2 years
before it was caught!
VIEW THE INFOGRAPHIC
01001010101010010110010101001111100100100101000101
01001010101010010110010101001111100100100101000101
01001010101010010110...
A computer that is on a secure
connection to a server will send out
a request to confirm that the
connection is still activ...
VIEW THE INFOGRAPHIC
THIS IS WHERE THE BLEEDING HAPPENS
Servers using the protocol do not check to confirm that the
packet ...
So, for example, if a heartbeat was sent with
a single byte of data, and claimed to have
30 bytes of data.
Rather than con...
VIEW THE INFOGRAPHIC
Imagine what could be in those extra 29 bytes?
No data is safe!
Passwords Addresses Full Names
Credit...
VIEW THE INFOGRAPHIC
Not only that,
A malicious user could make as many heartbeat requests
as they’d like. With NO TRACE b...
Including heavily trafficked websites such as:
Facebook, Google, YouTube and Wikipedia.
VIEW THE INFOGRAPHIC
are using the v...
By automatically detecting, blocking and logging attempted
Heartbleed attacks, Blue Coat’s SSL Visibility Appliance provid...
Brought to you by:
VIEW THE INFOGRAPHIC
SOURCES:
http://heartbleed.com
http://vimeo.com/91425662
http://www.pewinternet.or...
Upcoming SlideShare
Loading in …5
×
Upcoming SlideShare
Reversing blue coat proxysg - wa-
Next
Download to read offline and view in fullscreen.

35

Share

Download to read offline

What is Heartbleed?

Download to read offline

By now you’ve heard about the Heartbleed bug. But what exactly is it? Why is it so deadly? And most importantly, how can you protect yourself?

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

What is Heartbleed?

  1. 010010101010100101100101010011111001001001010001010 010010101010100101100101010011111001001001010001010 010010101010100101100101010011111001001001010001010 010010101010100101100101010011111001001001010001010 010010101010100101100101010011111001001001010001010 010010101010100101100101010011111001001001010001010 010010101010100101100101010011111001001001010001010 010010101010100101100101010011111001001001010001010 010010101010100101100101010011111001001001010001010 010010101010100101100101010011111001001001010001010 010010101010100101100101010011111001001001010001010 010010101010100101100101010011111001001001010001010 010010101010100101100101010011111001001001010001010 010010101010100101100101010011111001001001010001010 010010101010100101100101010011111001001001010001010 010010101010100101100101010011111001001001010001010 Epidemic what is the Heartbleed
  2. Brought to you by:
  3. PASS IT ON Click this button to share information on each slide.
  4. CVE-2014-0160 Official designation is CVE (Common Vulnerabilities and Exposures) a vulnerability that exists in the OpenSSL security software, which is used to create secure connections. HEARTBLEED VIEW THE INFOGRAPHIC
  5. This vulnerability existed for 2 years before it was caught! VIEW THE INFOGRAPHIC
  6. 01001010101010010110010101001111100100100101000101 01001010101010010110010101001111100100100101000101 01001010101010010110010101001111100100100101000101 01001010101010010110010101001111100100100101000101 01001010101010010110010101001111100100100101000101 01001010101010010110010101001111100100100101000101 01001010101010010110010101001111100100100101000101 01001010101010010110010101001111100100100101000101 01001010101010010110010101001111100100100101000101 01001010101010010110010101001111100100100101000101 01001010101010010110010101001111100100100101000101 01001010101010010110010101001111100100100101000101 Version 1.0.1 of OpenSSL introduced the vulnerability known as heartbleed, and was released on March 14, 2012. Heartbleed was discovered by Neel Mehta, an engineer at Google Security, and a team of security engineers (Riku, Antti and Matti) at Finnish security firm, Codenomicon. !!! VIEW THE INFOGRAPHIC
  7. A computer that is on a secure connection to a server will send out a request to confirm that the connection is still active. The server takes that request and stores the data. Then it returns that same packet of data. This secure connection (SSL/TSL), is called a “heartbeat.” It includes two things: a payload, and padding. HOW IT WORKS
  8. VIEW THE INFOGRAPHIC THIS IS WHERE THE BLEEDING HAPPENS Servers using the protocol do not check to confirm that the packet of data actually matches the size indicated.
  9. So, for example, if a heartbeat was sent with a single byte of data, and claimed to have 30 bytes of data. Rather than confirm that the data was only 1 byte, the server would grab not only that, but the next 29 bytes from memory as well and send it back the user. VIEW THE INFOGRAPHIC 1 byte (30 bytes) (30 bytes)
  10. VIEW THE INFOGRAPHIC Imagine what could be in those extra 29 bytes? No data is safe! Passwords Addresses Full Names Credit Card NumbersEncryption Keys *** Social Security Numbers
  11. VIEW THE INFOGRAPHIC Not only that, A malicious user could make as many heartbeat requests as they’d like. With NO TRACE being left behind.
  12. Including heavily trafficked websites such as: Facebook, Google, YouTube and Wikipedia. VIEW THE INFOGRAPHIC are using the vulnerable heartbeat extension. About 500,000 sites
  13. By automatically detecting, blocking and logging attempted Heartbleed attacks, Blue Coat’s SSL Visibility Appliance provides enterprises with the security assurance they require. PROTECT & PREVENT START NOW
  14. Brought to you by: VIEW THE INFOGRAPHIC SOURCES: http://heartbleed.com http://vimeo.com/91425662 http://www.pewinternet.org/2014/04/30/heartbleeds-impact/ http://readwrite.com/2014/04/13/heartbleed-security-codenomicon-discovery#awesm=~oE3W6PSiCIxWOz http://www.digitaltrends.com/mobile/heartbleed-bug-apps-affected-list/#!MOLoi
  • Lina_Arseneault

    Sep. 23, 2015
  • Abhinavsrivastava16

    Aug. 26, 2015
  • ferulisses

    Apr. 20, 2015
  • toti77

    Nov. 25, 2014
  • airtight

    Oct. 15, 2014
  • Aya-alshareef

    Aug. 22, 2014
  • gtpintado

    Aug. 14, 2014
  • hanzouti1

    Aug. 3, 2014
  • fcathala

    Aug. 2, 2014
  • imanmehmandosut

    Aug. 1, 2014
  • eslamElhusseiny

    Jul. 21, 2014
  • LuvRajan07

    Jul. 21, 2014
  • dheerajdwivedi

    Jul. 21, 2014
  • mithunsatheesh

    Jul. 20, 2014
  • BrunoFajardo

    Jul. 19, 2014
  • saurabhgoel7

    Jul. 18, 2014
  • mrpa

    Jul. 16, 2014
  • Ojus98

    Jul. 16, 2014
  • JonbeeFaliu

    Jul. 14, 2014
  • PiotrPaczyski

    Jul. 14, 2014

By now you’ve heard about the Heartbleed bug. But what exactly is it? Why is it so deadly? And most importantly, how can you protect yourself?

Views

Total views

27,591

On Slideshare

0

From embeds

0

Number of embeds

976

Actions

Downloads

223

Shares

0

Comments

0

Likes

35

×