Apr 10, 2014

Zulfikar Ramzan (CTO of cloud security firm Elastica) made this video, which does a great job of explaining the bug at a pretty high level. He also does a lot of videos for Khan Academy. Vimeo: OpenSSL Heartbeat (Heartbleed) Vulnerability (CVE-2014-0160) and its High-Level Mechanics Thanks to Greg Kumparak of TechCrunch for the link. Heartbleed Bug The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of … Highest Voted 'heartbleed-bug' Questions - Stack Overflow The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet.

Heartbleed Bug- Are You at Risk? | Stratosphere Networks

May 07, 2014 · "[U]nknown bugs are a reality, not a hypothetical, and a large part of the work of any security engineer is in minimizing the possibility of them happening," argued Auerbach. "Heartbleed was unusually widespread and unusually severe, but it is hardly one of a kind." Rita Mailheau reports, based on work by Ben Grubb from the Sidney Morning Herald, that Neel Mehta and his team from Google Security discovered Heartbleed on 2014-03-21 during a source code review, and that engineers at Finnish company Codenomicon (Antti Karjalainen, Riku Hietamäki, and Matti Kamunen) separately discovered Heartbleed on 2014-04 jammag writes: "Heartbleed has dealt a blow to the image of free and open source software. In the self-mythology of FOSS, bugs like Heartbleed aren't supposed to happen when the source code is freely available and being worked with daily. As Eric Raymond famously said, 'given enough eyeballs, all bu Apr 09, 2014 · The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content.

Heartbleed bug: What you need to know

Apr 08, 2014 · Made by Zulfikar Ramzan, MIT Ph.D. and CTO of cloud security firm Elastica, this video does a great job of explaining the bug at a pretty high level. Its still got a whole lot of acronyms and Apr 11, 2014 · The Heartbleed bug vulnerability works by disguising itself as a heartbeat, which tricks the server at the other end into sending data stored in its active memory.