A summary of the "Heartbleed" OpenSSL vulnerability
Hosted by laindir on 2014-04-21 is flagged as Clean and is released under a CC-BY-SA license.
Listen in ogg,
mp3 format. | Comments (0)
In this open series, you can contribute shows that are on the topic of Privacy and Security
The "Heartbleed" vulnerability in OpenSSL (CVE-2014-0160) is a bounds checking
error in the heartbeat implementation that could return up to 64K of private
data to the client. This can lead to server certificate private keys, session
cookies, clear text passwords, or other sensitive data being leaked from the
server to the client. This vulnerability exists in OpenSSL versions 1.0.1 through 1.0.1f and 1.0.2 beta.
It is important for server administrators to update OpenSSL as soon as possible
and take steps to secure any private data which may have been leaked. This may
include updating server certificates and revoking certificates that may have
Users should ensure that web sites they use have been secured and should update
passwords or other authentication information.
CVE info: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
Subscribe to the comments RSS feed.
Note to Verbose Commenters
If you can't fit everything you want to say in the comment below then you really should record a response show instead.
Note to Spammers
All comments are moderated. All links are checked by humans. We strip out all html. Feel free to record a show about yourself, or your industry, or any other topic we may find interesting. We also check shows for spam :).