There was a devastating security flaw in the OpenSSL implementation of the SSL / TLS protocol (CVE-2014-0160), known as the heartbleed vulnerability. The vulnerability occurs in what is known as the heartbeat extension to the SSL / TLS protocol, and it specifically impacts version 1.0.1 and beta versions of 1.0.2 of OpenSSL. Even though OpenSSL is just one implementation of the SSL / TLS protocol, it is the most widely deployed implementation. In this SOC Talk, Elastica’s CTO Dr. Zulfikar Ramzan walks through the mechanics of the flaw (at a high level), how an attacker can exploit it, and its underlying ramifications. It is important to stress that the flaw is not inherent to the SSL / TLS protocol itself, but rather to the specific OpenSSL implementation.