SlideShare a Scribd company logo

Heart bleed-OpenSSL crytographic library

Download as PPTX, PDF
L
Lorick Jain

The heart bleed bug in OpenSSL in 2014

Software
1 of 8
“HEART-BLEED” OPENSSL CRYPTOGRAPHIC LIBRARY -LORICK JAIN
IT IS NOT THIS FOR SURE!
The actual logo
What is SSL? • The Secure Sockets Layer (SSL) and Transport Layer Security (TLS) is the most widely deployed security protocol used today. It is essentially a protocol that provides a secure channel between two machines operating over the Internet or an internal network. • It basically provides an encrypted link between the server and the client. • It ensures that the data communicated remains private and integral.
So, moving on……. • OpenSSL - OpenSSL is a general purpose cryptography library that provides an open source implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. • This is the culprit behind heart-bleed, let’s find out how. • Firstly, it is not a virus! • Heart-Bleed: The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet.
How was this bug exploited? This was exploited in the 1.0, 1.01 and 1.02 deployed versions of the OpenSSL cryptographic library. It was not known for a long time. ………………………………………………………………………………..
More about heart bleed! • CVE-2014-0160 is the official reference to this bug. CVE stands for (Common Vulnerabilities and Exposures). • This is an implementation problem, i.e. programming mistake in popular OpenSSL library that provides cryptographic services such as SSL/TLS to the applications and services. • Why Heart bleed? ANS: Heart beat request and leak of memory. • More than 66% of the web servers use OpenSSL, apache and nginx being the most popular ones to use OpenSSL. • Fixed OpenSSL has been released and now it has to be deployed.

Recommended

online game over cryptography
online game over cryptographyonline game over cryptography
online game over cryptographyAshish Kumar
 
Enabling Access to Web Resources through SecPODE-based Annotations
Enabling Access to Web Resources through SecPODE-based AnnotationsEnabling Access to Web Resources through SecPODE-based Annotations
Enabling Access to Web Resources through SecPODE-based AnnotationsQuentin Reul
 
Week13
Week13Week13
Week13TuesDKK
 
Report on Heartbleed
Report on HeartbleedReport on Heartbleed
Report on HeartbleedShiva Sagar
 
The Heartbleed Bug
The Heartbleed BugThe Heartbleed Bug
The Heartbleed Bugn|u - The Open Security Community
 
OpenSSL
OpenSSLOpenSSL
OpenSSLTimbal Mayank
 
Heartbleed
Heartbleed Heartbleed
Heartbleed Shyam Bahadur Sunari Magar
 
Sunrise pc support heart bleed scam alert
Sunrise pc support heart bleed scam alertSunrise pc support heart bleed scam alert
Sunrise pc support heart bleed scam alertjimforner
 

Recommended

online game over cryptography
online game over cryptographyonline game over cryptography
online game over cryptographyAshish Kumar
 
Enabling Access to Web Resources through SecPODE-based Annotations
Enabling Access to Web Resources through SecPODE-based AnnotationsEnabling Access to Web Resources through SecPODE-based Annotations
Enabling Access to Web Resources through SecPODE-based AnnotationsQuentin Reul
 
Week13
Week13Week13
Week13TuesDKK
 
Report on Heartbleed
Report on HeartbleedReport on Heartbleed
Report on HeartbleedShiva Sagar
 
The Heartbleed Bug
The Heartbleed BugThe Heartbleed Bug
The Heartbleed Bugn|u - The Open Security Community
 
OpenSSL
OpenSSLOpenSSL
OpenSSLTimbal Mayank
 
Heartbleed
Heartbleed Heartbleed
Heartbleed Shyam Bahadur Sunari Magar
 
Sunrise pc support heart bleed scam alert
Sunrise pc support heart bleed scam alertSunrise pc support heart bleed scam alert
Sunrise pc support heart bleed scam alertjimforner
 
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)Gabriella Davis
 
Heartbleed
HeartbleedHeartbleed
Heartbleedn|u - The Open Security Community
 
Heartbleed by-danish amber
Heartbleed by-danish amberHeartbleed by-danish amber
Heartbleed by-danish amberRaghunath G
 
Differences to Know Between SSL & TLS certificate .pdf
Differences to Know Between SSL & TLS certificate .pdfDifferences to Know Between SSL & TLS certificate .pdf
Differences to Know Between SSL & TLS certificate .pdfHost It Smart
 
SSL VS TLS.pptx
SSL VS TLS.pptxSSL VS TLS.pptx
SSL VS TLS.pptxVignesh kumar
 
Heartbleed
HeartbleedHeartbleed
HeartbleedMohammed Danish Amber
 
How to exploit heartbleed vulnerability demonstration
How to exploit heartbleed vulnerability demonstrationHow to exploit heartbleed vulnerability demonstration
How to exploit heartbleed vulnerability demonstrationPankaj Rane
 
Collecting user-data-socially-responsibly
Collecting user-data-socially-responsiblyCollecting user-data-socially-responsibly
Collecting user-data-socially-responsiblyKonark modi
 
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit Detection
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit DetectionComparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit Detection
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit DetectionCSCJournals
 
Heartbleed
HeartbleedHeartbleed
HeartbleedShiva Sagar
 
Lesson 1. General Introduction to IT and Cyber Security.pptx
Lesson 1. General Introduction to IT and Cyber Security.pptxLesson 1. General Introduction to IT and Cyber Security.pptx
Lesson 1. General Introduction to IT and Cyber Security.pptxJezer Arces
 
Heartbleed
HeartbleedHeartbleed
HeartbleedPunit Goswami
 
Information Security Engineering
Information Security EngineeringInformation Security Engineering
Information Security EngineeringMd. Hasan Basri (Angel)
 
Open ssl heart bleed weakness.
Open ssl heart bleed weakness.Open ssl heart bleed weakness.
Open ssl heart bleed weakness.Khaled Mosharraf
 
Ssl and tls
Ssl and tlsSsl and tls
Ssl and tlsRana assad ali
 
Week 12 slide
Week 12 slideWeek 12 slide
Week 12 slideHaruki0428
 
Week 12 slide
Week 12 slideWeek 12 slide
Week 12 slideHaruki0428
 
F5 networks the_expectation_of_ssl_everywhere
F5 networks the_expectation_of_ssl_everywhereF5 networks the_expectation_of_ssl_everywhere
F5 networks the_expectation_of_ssl_everywhereF5 Networks
 
Sw2
Sw2Sw2
Sw2nekomaru09
 
ENCRYPTION.pptx
ENCRYPTION.pptxENCRYPTION.pptx
ENCRYPTION.pptxabbu03oct
 
OpenStack at Walmart
OpenStack at WalmartOpenStack at Walmart
OpenStack at WalmartLorick Jain
 
Turkell- openstatck
Turkell- openstatckTurkell- openstatck
Turkell- openstatckLorick Jain
 

More Related Content

Similar to Heart bleed-OpenSSL crytographic library

1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)Gabriella Davis
 
Heartbleed by-danish amber
Heartbleed by-danish amberHeartbleed by-danish amber
Heartbleed by-danish amberRaghunath G
 
Differences to Know Between SSL & TLS certificate .pdf
Differences to Know Between SSL & TLS certificate .pdfDifferences to Know Between SSL & TLS certificate .pdf
Differences to Know Between SSL & TLS certificate .pdfHost It Smart
 
How to exploit heartbleed vulnerability demonstration
How to exploit heartbleed vulnerability demonstrationHow to exploit heartbleed vulnerability demonstration
How to exploit heartbleed vulnerability demonstrationPankaj Rane
 
Collecting user-data-socially-responsibly
Collecting user-data-socially-responsiblyCollecting user-data-socially-responsibly
Collecting user-data-socially-responsiblyKonark modi
 
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit Detection
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit DetectionComparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit Detection
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit DetectionCSCJournals
 
Lesson 1. General Introduction to IT and Cyber Security.pptx
Lesson 1. General Introduction to IT and Cyber Security.pptxLesson 1. General Introduction to IT and Cyber Security.pptx
Lesson 1. General Introduction to IT and Cyber Security.pptxJezer Arces
 
Open ssl heart bleed weakness.
Open ssl heart bleed weakness.Open ssl heart bleed weakness.
Open ssl heart bleed weakness.Khaled Mosharraf
 
F5 networks the_expectation_of_ssl_everywhere
F5 networks the_expectation_of_ssl_everywhereF5 networks the_expectation_of_ssl_everywhere
F5 networks the_expectation_of_ssl_everywhereF5 Networks
 
ENCRYPTION.pptx
ENCRYPTION.pptxENCRYPTION.pptx
ENCRYPTION.pptxabbu03oct
 

Similar to Heart bleed-OpenSSL crytographic library (20)

1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
 
Heartbleed
HeartbleedHeartbleed
Heartbleed
 
Heartbleed by-danish amber
Heartbleed by-danish amberHeartbleed by-danish amber
Heartbleed by-danish amber
 
Differences to Know Between SSL & TLS certificate .pdf
Differences to Know Between SSL & TLS certificate .pdfDifferences to Know Between SSL & TLS certificate .pdf
Differences to Know Between SSL & TLS certificate .pdf
 
SSL VS TLS.pptx
SSL VS TLS.pptxSSL VS TLS.pptx
SSL VS TLS.pptx
 
Heartbleed
HeartbleedHeartbleed
Heartbleed
 
How to exploit heartbleed vulnerability demonstration
How to exploit heartbleed vulnerability demonstrationHow to exploit heartbleed vulnerability demonstration
How to exploit heartbleed vulnerability demonstration
 
Collecting user-data-socially-responsibly
Collecting user-data-socially-responsiblyCollecting user-data-socially-responsibly
Collecting user-data-socially-responsibly
 
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit Detection
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit DetectionComparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit Detection
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit Detection
 
Heartbleed
HeartbleedHeartbleed
Heartbleed
 
Lesson 1. General Introduction to IT and Cyber Security.pptx
Lesson 1. General Introduction to IT and Cyber Security.pptxLesson 1. General Introduction to IT and Cyber Security.pptx
Lesson 1. General Introduction to IT and Cyber Security.pptx
 
Heartbleed
HeartbleedHeartbleed
Heartbleed
 
Information Security Engineering
Information Security EngineeringInformation Security Engineering
Information Security Engineering
 
Open ssl heart bleed weakness.
Open ssl heart bleed weakness.Open ssl heart bleed weakness.
Open ssl heart bleed weakness.
 
Ssl and tls
Ssl and tlsSsl and tls
Ssl and tls
 
Week 12 slide
Week 12 slideWeek 12 slide
Week 12 slide
 
Week 12 slide
Week 12 slideWeek 12 slide
Week 12 slide
 
F5 networks the_expectation_of_ssl_everywhere
F5 networks the_expectation_of_ssl_everywhereF5 networks the_expectation_of_ssl_everywhere
F5 networks the_expectation_of_ssl_everywhere
 
Sw2
Sw2Sw2
Sw2
 
ENCRYPTION.pptx
ENCRYPTION.pptxENCRYPTION.pptx
ENCRYPTION.pptx
 

More from Lorick Jain

OpenStack at Walmart
OpenStack at WalmartOpenStack at Walmart
OpenStack at WalmartLorick Jain
 
Turkell- openstatck
Turkell- openstatckTurkell- openstatck
Turkell- openstatckLorick Jain
 
Stack sync using openstack
Stack sync using openstackStack sync using openstack
Stack sync using openstackLorick Jain
 
Public cloud potential
Public cloud potentialPublic cloud potential
Public cloud potentialLorick Jain
 
Genome sequencing using OPOenStack
Genome sequencing using OPOenStackGenome sequencing using OPOenStack
Genome sequencing using OPOenStackLorick Jain
 
Enterprise big data
Enterprise big dataEnterprise big data
Enterprise big dataLorick Jain
 

More from Lorick Jain (6)

OpenStack at Walmart
OpenStack at WalmartOpenStack at Walmart
OpenStack at Walmart
 
Turkell- openstatck
Turkell- openstatckTurkell- openstatck
Turkell- openstatck
 
Stack sync using openstack
Stack sync using openstackStack sync using openstack
Stack sync using openstack
 
Public cloud potential
Public cloud potentialPublic cloud potential
Public cloud potential
 
Genome sequencing using OPOenStack
Genome sequencing using OPOenStackGenome sequencing using OPOenStack
Genome sequencing using OPOenStack
 
Enterprise big data
Enterprise big dataEnterprise big data
Enterprise big data
 

Recently uploaded

Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesŁukasz Chruściel
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based projectAnoyGreter
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanyChristoph Pohl
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 

Recently uploaded (20)

Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based project
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 

Heart bleed-OpenSSL crytographic library

  • 2. IT IS NOT THIS FOR SURE!
  • 4. What is SSL? • The Secure Sockets Layer (SSL) and Transport Layer Security (TLS) is the most widely deployed security protocol used today. It is essentially a protocol that provides a secure channel between two machines operating over the Internet or an internal network. • It basically provides an encrypted link between the server and the client. • It ensures that the data communicated remains private and integral.
  • 5. So, moving on……. • OpenSSL - OpenSSL is a general purpose cryptography library that provides an open source implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. • This is the culprit behind heart-bleed, let’s find out how. • Firstly, it is not a virus! • Heart-Bleed: The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet.
  • 6. How was this bug exploited? This was exploited in the 1.0, 1.01 and 1.02 deployed versions of the OpenSSL cryptographic library. It was not known for a long time. ………………………………………………………………………………..
  • 7.
  • 8. More about heart bleed! • CVE-2014-0160 is the official reference to this bug. CVE stands for (Common Vulnerabilities and Exposures). • This is an implementation problem, i.e. programming mistake in popular OpenSSL library that provides cryptographic services such as SSL/TLS to the applications and services. • Why Heart bleed? ANS: Heart beat request and leak of memory. • More than 66% of the web servers use OpenSSL, apache and nginx being the most popular ones to use OpenSSL. • Fixed OpenSSL has been released and now it has to be deployed.