SlideShare ist ein Scribd-Unternehmen logo

The Heartbleed Bug

Als PPTX, PDF herunterladen
Elastica Inc.
Elastica Inc.

Heartbleed is a newly discovered very widespread vulnerability in the OpenSSL implementation of the SSL/TLS protocol. The flaw allows attackers to steal passwords and confidential data that you have provided online. Elastica’s CTO Dr. Zulfikar Ramzan walks through the flaw’s mechanics and ramifications.

TechnologieBildung
1 von 11
Zulfikar Ramzan, PhD, MIT Chief Technology Officer Elastica The Heartbleed Bug
OpenSSL Heartbleed Bug Leaves Much Of The Internet At Risk - TechCrunch
On 07 April 2014, security experts disclosed that a serious vulnerability had been identified in OpenSSL cryptographic software library that protects many web sites. This problem might have been there for almost 2 years, but just hidden in plain sight..
When you transact online, your information is protected by the SSL/TLS encryption used to secure the Internet. OpenSSL is an open-source implementation of the SSL protocol. The Heartbeat protocol is a sub-part of SSL and is meant to ensure communications are kept alive.
The Heartbleed bug is a devastating vulnerability in the heartbeat extension of the SSL/TLS protocol (CVE-2014-0160). It specifically impacts version 1.0.1 and beta versions of 1.0.2 of OpenSSL. It compromises encryption keys, user credentials and actual content.
The Heartbleed bug allows attackers to • eavesdrop on communications online • get access to sensitive data such as passwords, social security numbers, financial records, etc • impersonate users and services • and, all this can be done multiple times and without a trace!
Watch how the Heartbleed bug works
Up to two-thirds of websites use OpenSSL and could be vulnerable. List of possibly affected sites Tool to test a website
What should you do?  Check if your favorite sites have implemented the Heartbleed patch.  If it has been patched, then log in and change your password. If you change your password and the site hasn’t been patched, then you’re giving a hacker a new password.
When password compromises happen, new machine learning based methods are needed to find the breaches and anomalies. Elastica’s Detect App on CloudSOC uses behavioral analysis to zero-in on threats to your assets in the cloud and gives you protection beyond simple username/password. Is there an alternative? LEARN MORE
Thank you.

Empfohlen

Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014Cloudflare
 
Heartbleed
HeartbleedHeartbleed
HeartbleedMohammed Danish Amber
 
Heartbleed
HeartbleedHeartbleed
HeartbleedShiva Sagar
 
Heartbleed Bug
Heartbleed BugHeartbleed Bug
Heartbleed BugNIKHIL P L
 
Pen-Testing with Metasploit
Pen-Testing with MetasploitPen-Testing with Metasploit
Pen-Testing with MetasploitMohammed Danish Amber
 
Heartbleed
Heartbleed Heartbleed
Heartbleed Shyam Bahadur Sunari Magar
 
The Heartbleed Attack
The Heartbleed AttackThe Heartbleed Attack
The Heartbleed AttackShreyas Kothari
 
Protecting your Data in Google Apps
Protecting your Data in Google AppsProtecting your Data in Google Apps
Protecting your Data in Google AppsElastica Inc.
 

Empfohlen

Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014Cloudflare
 
Heartbleed
HeartbleedHeartbleed
HeartbleedMohammed Danish Amber
 
Heartbleed
HeartbleedHeartbleed
HeartbleedShiva Sagar
 
Heartbleed Bug
Heartbleed BugHeartbleed Bug
Heartbleed BugNIKHIL P L
 
Pen-Testing with Metasploit
Pen-Testing with MetasploitPen-Testing with Metasploit
Pen-Testing with MetasploitMohammed Danish Amber
 
Heartbleed
Heartbleed Heartbleed
Heartbleed Shyam Bahadur Sunari Magar
 
The Heartbleed Attack
The Heartbleed AttackThe Heartbleed Attack
The Heartbleed AttackShreyas Kothari
 
Protecting your Data in Google Apps
Protecting your Data in Google AppsProtecting your Data in Google Apps
Protecting your Data in Google AppsElastica Inc.
 
How to Extend Security and Compliance Within Box
How to Extend Security and Compliance Within BoxHow to Extend Security and Compliance Within Box
How to Extend Security and Compliance Within BoxElastica Inc.
 
Protecting Your Data In Office 365
Protecting Your Data In Office 365Protecting Your Data In Office 365
Protecting Your Data In Office 365Elastica Inc.
 
Enabling Dropbox for Business
Enabling Dropbox for BusinessEnabling Dropbox for Business
Enabling Dropbox for BusinessElastica Inc.
 
Ciso Platform Webcast: Shadow Data Exposed
Ciso Platform Webcast: Shadow Data ExposedCiso Platform Webcast: Shadow Data Exposed
Ciso Platform Webcast: Shadow Data ExposedElastica Inc.
 
Shadow Data Exposed
Shadow Data ExposedShadow Data Exposed
Shadow Data ExposedElastica Inc.
 
Reasoning About Enterprise Application Security in a Cloudy World
Reasoning About Enterprise Application Security in a Cloudy WorldReasoning About Enterprise Application Security in a Cloudy World
Reasoning About Enterprise Application Security in a Cloudy WorldElastica Inc.
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 

Weitere ähnliche Inhalte

Mehr von Elastica Inc.

How to Extend Security and Compliance Within Box
How to Extend Security and Compliance Within BoxHow to Extend Security and Compliance Within Box
How to Extend Security and Compliance Within BoxElastica Inc.
 
Protecting Your Data In Office 365
Protecting Your Data In Office 365Protecting Your Data In Office 365
Protecting Your Data In Office 365Elastica Inc.
 
Enabling Dropbox for Business
Enabling Dropbox for BusinessEnabling Dropbox for Business
Enabling Dropbox for BusinessElastica Inc.
 
Ciso Platform Webcast: Shadow Data Exposed
Ciso Platform Webcast: Shadow Data ExposedCiso Platform Webcast: Shadow Data Exposed
Ciso Platform Webcast: Shadow Data ExposedElastica Inc.
 
Reasoning About Enterprise Application Security in a Cloudy World
Reasoning About Enterprise Application Security in a Cloudy WorldReasoning About Enterprise Application Security in a Cloudy World
Reasoning About Enterprise Application Security in a Cloudy WorldElastica Inc.
 

Mehr von Elastica Inc. (6)

How to Extend Security and Compliance Within Box
How to Extend Security and Compliance Within BoxHow to Extend Security and Compliance Within Box
How to Extend Security and Compliance Within Box
 
Protecting Your Data In Office 365
Protecting Your Data In Office 365Protecting Your Data In Office 365
Protecting Your Data In Office 365
 
Enabling Dropbox for Business
Enabling Dropbox for BusinessEnabling Dropbox for Business
Enabling Dropbox for Business
 
Ciso Platform Webcast: Shadow Data Exposed
Ciso Platform Webcast: Shadow Data ExposedCiso Platform Webcast: Shadow Data Exposed
Ciso Platform Webcast: Shadow Data Exposed
 
Shadow Data Exposed
Shadow Data ExposedShadow Data Exposed
Shadow Data Exposed
 
Reasoning About Enterprise Application Security in a Cloudy World
Reasoning About Enterprise Application Security in a Cloudy WorldReasoning About Enterprise Application Security in a Cloudy World
Reasoning About Enterprise Application Security in a Cloudy World
 

Kürzlich hochgeladen

Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Kürzlich hochgeladen (20)

Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

The Heartbleed Bug

  • 1. Zulfikar Ramzan, PhD, MIT Chief Technology Officer Elastica The Heartbleed Bug
  • 2. OpenSSL Heartbleed Bug Leaves Much Of The Internet At Risk - TechCrunch
  • 3. On 07 April 2014, security experts disclosed that a serious vulnerability had been identified in OpenSSL cryptographic software library that protects many web sites. This problem might have been there for almost 2 years, but just hidden in plain sight..
  • 4. When you transact online, your information is protected by the SSL/TLS encryption used to secure the Internet. OpenSSL is an open-source implementation of the SSL protocol. The Heartbeat protocol is a sub-part of SSL and is meant to ensure communications are kept alive.
  • 5. The Heartbleed bug is a devastating vulnerability in the heartbeat extension of the SSL/TLS protocol (CVE-2014-0160). It specifically impacts version 1.0.1 and beta versions of 1.0.2 of OpenSSL. It compromises encryption keys, user credentials and actual content.
  • 6. The Heartbleed bug allows attackers to • eavesdrop on communications online • get access to sensitive data such as passwords, social security numbers, financial records, etc • impersonate users and services • and, all this can be done multiple times and without a trace!
  • 7. Watch how the Heartbleed bug works
  • 8. Up to two-thirds of websites use OpenSSL and could be vulnerable. List of possibly affected sites Tool to test a website
  • 9. What should you do?  Check if your favorite sites have implemented the Heartbleed patch.  If it has been patched, then log in and change your password. If you change your password and the site hasn’t been patched, then you’re giving a hacker a new password.
  • 10. When password compromises happen, new machine learning based methods are needed to find the breaches and anomalies. Elastica’s Detect App on CloudSOC uses behavioral analysis to zero-in on threats to your assets in the cloud and gives you protection beyond simple username/password. Is there an alternative? LEARN MORE

Hinweis der Redaktion

  1. and it specifically impacts version 1.0.1 and beta versions of 1.0.2 of OpenSSL.
  2. and it specifically impacts version 1.0.1 and beta versions of 1.0.2 of OpenSSL.