Heartbleed OpenSSL Issue Description and Remediation

Posted by Brad on Apr 11, 2014 in Web Development | No Comments

Great article over at StackExchange.com on the recently announced Heartbleed bug in OpenSSL.

The bug allows any client who can connect to your SSL server to retrieve about 64kB of memory from the server at a time. The client doesn’t need to be authenticated in any way. By repeating the attack, the client can dump different parts of the memory in successive attempts. This potentially allows the attacker to retrieve any data that has been in the memory of the server process, including keys, passwords, cookies, etc.

And there’s a tester for sites available at filippo.io to see if your server is affected.

Here’s how the webcomic xkcd explains the exploit.

You must be logged in to post a comment.

Journal

Heartbleed OpenSSL Issue Description and Remediation

Leave a Reply

Recent Posts

Migrating Email Between Contracts at IONOS.com (Formerly 1and1.com)

SPF and DMARC Entries for IONOS.com Hosting

Manually Removing Joomla Components

Increasing VM Hard Drive Partition Size

Enabling GZIP Compression on IIS 7/8.5 for use with Umbraco 7

Archives

Follow Me

Recent Posts

Migrating Email Between Contracts at IONOS.com (Formerly 1and1.com)

SPF and DMARC Entries for IONOS.com Hosting

Manually Removing Joomla Components

Journal

Share this:

Leave a Reply

Recent Posts

Archives

Follow Me

Recent Posts