Chalk talk

Sales 1-888-509-7303 (US toll free)
Play Video

OpenSSL Heartbeat (Heartbleed) Vulnerability (CVE-2014-0160) and its High-Level Mechanics

In this SOC Talk, Elastica walks through the mechanics of the flaw (at a high level), how an attacker can exploit it, and its underlying ramifications.

There was a devastating security flaw in the OpenSSL implementation of the SSL / TLS protocol (CVE-2014-0160), known as the heartbleed vulnerability. The vulnerability occurs in what is known as the heartbeat extension to the SSL / TLS protocol, and it specifically impacts version 1.0.1 and beta versions of 1.0.2 of OpenSSL. Even though OpenSSL is just one implementation of the SSL / TLS protocol, it is the most widely deployed implementation. In this SOC Talk, Elastica walks through the mechanics of the flaw (at a high level), how an attacker can exploit it, and its underlying ramifications. It is important to stress that the flaw is not inherent to the SSL / TLS protocol itself, but rather to the specific OpenSSL implementation.

Read next

Musings on Third-Party Testing (Part 1): The Good