skip to main content - dyslexic font - mobile - text - print

Hacker Public Radio

Your ideas, projects, opinions - podcasted.

New episodes Monday through Friday.

hpr1491 :: Heartbleed

<< First, < Previous, Latest >>


Hosted by laindir on 2014-04-21 and released under a CC-BY-SA license.
Listen in ogg, spx, or mp3 format. | Comments (0)

Part of the series: Privacy and Security

In this open series, you can contribute shows that are on the topic of Privacy and Security

The "Heartbleed" vulnerability in OpenSSL (CVE-2014-0160) is a bounds checking error in the heartbeat implementation that could return up to 64K of private data to the client. This can lead to server certificate private keys, session cookies, clear text passwords, or other sensitive data being leaked from the server to the client. This vulnerability exists in OpenSSL versions 1.0.1 through 1.0.1f and 1.0.2 beta.

It is important for server administrators to update OpenSSL as soon as possible and take steps to secure any private data which may have been leaked. This may include updating server certificates and revoking certificates that may have been compromised.

Users should ensure that web sites they use have been secured and should update passwords or other authentication information.

CVE info: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

Heartbleed Explanation


Comments

Subscribe to the comments RSS feed.

Leave Comment

Name
E-mail (Will not appear online)
Website
Title
Comment
Powered by Comment Script