Fall World 2014

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 27, Issue 3

Full Contents Now Available!

April 11, 2014

Website Operators Will have a Hard Time Dealing with the Heartbleed Vulnerability

IDG News Service — Website and server administrators will have to spend considerable time, effort and money to mitigate all the security risks associated with Heartbleed, one of the most severe vulnerabilities to endanger encrypted SSL communications in recent years.

The flaw, which was publicly revealed Monday, is not the result of a cryptographic weakness in the widely used TLS (Transport Layer Security) or SSL (Secure Sockets Layer) communication protocols, but stems from a rather mundane programming error in a popular SSL/TLS library called OpenSSL that's used by various operating systems, Web server software, browsers, mobile applications and even hardware appliances and embedded systems.

Attackers can exploit the vulnerability to force servers that use OpenSSL versions 1.0.1 through 1.0.1f to expose information from their private memory space. That information can include confidential data like passwords, TLS session keys and long-term server private keys that allow decrypting past and future SSL traffic captured from the server.

...

http://www.cio.com/article/751362/Website_Operators_Will_have_a_Hard_Time_Dealing_with_the_Heartbleed_Vulnerability