Add to collection(s) Add to saved
  1. Business
  2. Finance
  3. Personal Finance

Heartbleed – What is it?

advertisement 
What is Heartbleed?
Heartbleed is a vulnerability in
OpenSSL software.
OpenSSL is encryption software that
accesses websites through a “secure”
connection, HTTPS://.
How does it work?
To communicate, a client computer and the
server send back and forth a short block of
data. The block contains a value for the length
of the block.
The malformed block says its length is 64KB,
the maximum possible. The server copies that
much data from memory into the response.
It may send passwords, encryption keys, etc.
When happened when?
OpenSSL released
March 2012
Publicly reported as vulnerable 1 April 2014
Patch released
21 March 2014
(Some fixes had already been put in place then)
First proven attempted exploit
8 April 2014
Intentional vulnerability test
12 April 2014
How may sites are vulnerable?
(After vulnerability was reported publically)
How may sites are vulnerable?
A list the top 1,000 most popular web domains and mail
servers that remain vulnerable.
https://zmap.io/heartbleed/
What should you do?
Change all passwords as soon as you can.
Find out which sites are vulnerable
On vulnerable sites that have been patched:
Old passwords may be compromised
On sites not yet patched (ask about current status):
New passwords may become
compromised, so change them regularly
On sites not affected:
Was same password used elsewhere?
Which sites are not affected?
Almost all financial service sites are OK.
Amazon
BCPL
Dell
Ebay
Erickson
Gcflearnfree
Haband
MS Live ID
Mychart, (Erickson)
PayPal
US Treasury
Which are common patched sites?
Dropbox
Facebook
Google
Netflix
Norton
Skype
Wikipedia
Yahoo
Site List
http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/
Search for site
https://lastpass.com/heartbleed/
How do I manage?
Use a Password Manager, free - LastPass
Use a LastPass account, import your existing
passwords or save newly generated ones.
A good way to manage passwords in Windows,
includes an IE installer.
Supports Internet Explorer 8+, Firefox 2.0+, Chrome
18+, Safari 5+, Opera 11+.
http://www.pcmag.com/article2/0,2817,2407168,00.asp
https://lastpass.com/misc_download2.php
What does your son/daughter
know?
• Keep a separate, up to date record of your
passwords in a safe place.
• Make sure your designated representative
knows where that record is.
Related documents
Advisory-Note_Open-SSL
Advisory-Note_Open-SSL
Homework 3 Solutions
Homework 3 Solutions
Here - Penetration Testing ~ InfoSec ~ SANS
Here - Penetration Testing ~ InfoSec ~ SANS
Slides
Slides
Security Awareness for ISACA
Security Awareness for ISACA
Final Paper
Final Paper
What is monitoring?
What is monitoring?
OpenSSL is an open source project which
OpenSSL is an open source project which
SFYS: Outcomes from Stakeholder Consultations
SFYS: Outcomes from Stakeholder Consultations
Customer Vulnerability
Customer Vulnerability
Early Intervention Health Visiting
Early Intervention Health Visiting
Internet Safety
Internet Safety
Workforce Security Awareness Training
Workforce Security Awareness Training
Cyber Security Awareness Day 2013 Web
Cyber Security Awareness Day 2013 Web
Using Technology Responsibly
Using Technology Responsibly
preparing your organization for leadership transition
preparing your organization for leadership transition
Security Penetration Testing and Ethical Hacking
Security Penetration Testing and Ethical Hacking
SRA`s Presentation of the Climate Adaptation Guidebook
SRA`s Presentation of the Climate Adaptation Guidebook
student-parent
student-parent
Who found the Heartbleed Bug?
Who found the Heartbleed Bug?
Spectralink Product Bulletin – Heartbleed
Spectralink Product Bulletin – Heartbleed
CIT 480: Securing Computer Systems Lab #1: Cryptography
CIT 480: Securing Computer Systems Lab #1: Cryptography
Download
advertisement