Pages

Thursday, 10 April 2014

Heartbleed Bug Leaks Information flaw in the OpenSSL software


OpenSSL, Neil Mehta, Heartbleed, cryptographic

Appeared in the OpenSSL, which is an open source software is used widely in encrypted Web connections, Vulnerability is described as serious to the extent that it enables hackers to access websites from just beyond the user's own data.

Where vulnerability allows new officially called "C in E - 2014 - 0160" CVE-2014-0160 for hackers to access the numeric keypad own servers and is used to encrypt communications previous and next.

The company Codenomicon along with the security researcher and engineer at the company "Google", "Neil Mehta," are two of the loophole was discovered and fired upon the name of "bleeding heart" Heartbleed.

The loophole allows Heartbleed for hackers to read 64K bytes of memory on the server and then Tabotha most sensitive data.

The Codenmicon that this loophole able to get the secret keys used to identify the service providers in the encrypted data traffic, as well as the names and passwords of users, and the actual content.

The company added that the competent security solutions that gap discovered allow hackers to eavesdrop on communications and steal data directly from service users, and enable them to impersonate services and users.

Described loophole "Hart Blade" as very serious, they do not require a radical change to the web, but requires anyone used to change passwords.

The vulnerability affects versions 1.0.1 to 1.0.2 and demo of "Open SSL" servers as a program that comes with several versions of "Linux" and is used in many common web servers.

To fix the gap, the company has developed for "Open SSL" by issuing the update "1.0.1 LG" 1.0.1g, which should be on the operators of Web sites to install it along with the abolition of security certificates that may be exposed to penetrate.

The "Open SSL" is one of the applications of cryptographic protocols "SSL" SSL or "T-feed" TLS, which is responsible for examining the communications between the web browser and the server.


2 comments: