scroll

HEARTBLEED

What is Heartbleed?

a vulnerability that exists in the OpenSSL security software, which is used to create secure connections.

This vulnerability existed for 2 years before it was caught!

Version 1.0.1 of OpenSSL introduced the vulnerability known as heartbleed, and was released on March 14, 2012.

Heartbleed was discovered by Neel Mehta, an engineer at Google Security, and a team of security engineers (Riku, Antti and Matti) at Finnish security firm, Codenomicon.

HOW IT WORKS

A computer that is on a secure connection to a server will send out a request to confirm that the connection is still active.

This secure connection (SSL/TSL), is called a “heartbeat.” It includes two things: a payload, and padding.

The server takes that request and stores the data.

Then it returns that same packet of data.

THIS IS WHERE THE BLEEDING HAPPENS

Servers using the protocol do not check to confirm that the packet of data actually matches the size indicated.

Imagine what could be in those extra 29 bytes?

Not only that,

A malicious user could make as many heartbeat requests as they’d like. With NO TRACE being left behind.

About 500,000 sites

are using the vulnerable heartbeat extension.

Including heavily trafficked websites such as:

Facebook, Google, YouTube and Wikipedia.

PROTECT & PREVENT

By automatically detecting, blocking and logging attempted Heartbleed attacks, Blue Coat’s SSL Visibility Appliance provides enterprises with the security assurance they require.

START NOW

So, for example, if a heartbeat was sent with a single byte of data, and claimed to have 30 bytes of data.

Rather than confirm that the data was only 1 byte, the server would grab not only that, but the next 29 bytes from memory as well and send it back the user.

Share »

« Close