4. CVE-2014-0160
Official designation is
CVE (Common Vulnerabilities and Exposures)
a vulnerability that exists
in the OpenSSL security
software, which is used to
create secure connections.
HEARTBLEED
VIEW THE INFOGRAPHIC
7. A computer that is on a secure
connection to a server will send out
a request to confirm that the
connection is still active.
The server takes that request and
stores the data.
Then it returns that same
packet of data.
This secure connection (SSL/TSL),
is called a “heartbeat.” It includes
two things: a payload, and padding.
HOW IT WORKS
8. VIEW THE INFOGRAPHIC
THIS IS WHERE THE BLEEDING HAPPENS
Servers using the protocol do not check to confirm that the
packet of data actually matches the size indicated.
9. So, for example, if a heartbeat was sent with
a single byte of data, and claimed to have
30 bytes of data.
Rather than confirm that the data was
only 1 byte, the server would grab not only
that, but the next 29 bytes from memory
as well and send it back the user.
VIEW THE INFOGRAPHIC
1 byte (30 bytes) (30 bytes)
10. VIEW THE INFOGRAPHIC
Imagine what could be in those extra 29 bytes?
No data is safe!
Passwords Addresses Full Names
Credit Card NumbersEncryption Keys
***
Social Security Numbers
11. VIEW THE INFOGRAPHIC
Not only that,
A malicious user could make as many heartbeat requests
as they’d like. With NO TRACE being left behind.
12. Including heavily trafficked websites such as:
Facebook, Google, YouTube and Wikipedia.
VIEW THE INFOGRAPHIC
are using the vulnerable
heartbeat extension.
About 500,000 sites
13. By automatically detecting, blocking and logging attempted
Heartbleed attacks, Blue Coat’s SSL Visibility Appliance provides
enterprises with the security assurance they require.
PROTECT & PREVENT
START NOW
14. Brought to you by:
VIEW THE INFOGRAPHIC
SOURCES:
http://heartbleed.com
http://vimeo.com/91425662
http://www.pewinternet.org/2014/04/30/heartbleeds-impact/
http://readwrite.com/2014/04/13/heartbleed-security-codenomicon-discovery#awesm=~oE3W6PSiCIxWOz
http://www.digitaltrends.com/mobile/heartbleed-bug-apps-affected-list/#!MOLoi