Heartbleed Critical Vulnerability in OpenSSL

The security community is actively discussing over this week the openssl vulnerability that allows attacker to exploit the Heartbeat TLS and receive 64KB in the RAM memory. The attack can be repeated continuously to get sensitive information from end users such as their passwords.

Many online servers were affected by this critical vulnerability while patching openssl will not totally solve the situation. Administrators need to install new certificate for the servers and all account passwords should be changed.

The vulnerability was reported last Friday by codenomicon and on Monday a security fix were released and included in openssl 1.0.1g. Script based on python for Nmap were also issued to detect the vulnerable server and published for testing any active bug.

Heartbleed is one of the more serious bugs up to now because the attacker can take all the information without any traces which makes it complex to monitor and identify the attack. The real number of the attack is unknown up to now.

This makes that security testing for software’s and programs is one of the best way to secure the applications and end users and such glitches can rise at any moment. If you are using openssl make sure that you have applied the entire security requirement and you can also use snort signature to detect and monitor Heartbleed exploitation on your facilities.

Share
Subscribe
Notify of
guest
5 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
trackback

[…] Heartbleed vulnerability, made it clear that any new technology should consider several factor authentication. Standard authentication using login and password will not totally prevent attacks on remote system. […]

Eddie Mayan

The latest Heart Bleed has affected a large number of web
services. I had a very good discussion on Quora. I would like to share some
interesting points that may help in solving this issue.

· Assess the data

· Coordinate with others facing the same bug

· Gather Information

· Re-issue SSL certificates

· Re-set confidential information

Source: http://www.cloudways.com/blog/how-to-fix-openssl-heartbleed-bug/

Mourad

Hi Ed,

Thanks for bringing up the security measures to handle the heartbleed vulnerability.

Keep up the great work!

Mourad

Eddie Mayan

You are welcome 🙂

trackback

[…] OpenSSL trusts the length field from cyber criminals while it creates a response packet. The latest Heartbleed Bug vulnerability is a reminiscent; it was detected in OpenSSL implementations using the OpenSSL/DTLS Heartbeat […]