Site Map - skip to main content

Hacker Public Radio

Your ideas, projects, opinions - podcasted.

New episodes every weekday Monday through Friday.
This page was generated by The HPR Robot at


hpr1491 :: Heartbleed

A summary of the "Heartbleed" OpenSSL vulnerability

<< First, < Previous, , Latest >>

Thumbnail of laindir
Hosted by laindir on 2014-04-21 is flagged as Clean and is released under a CC-BY-SA license.
heartbleed, openssl, vulnerability, security. (Be the first).
The show is available on the Internet Archive at: https://archive.org/details/hpr1491

Listen in ogg, spx, or mp3 format. Play now:

Duration: 00:21:37

Privacy and Security.

In this open series, you can contribute shows that are on the topic of Privacy and Security

The "Heartbleed" vulnerability in OpenSSL (CVE-2014-0160) is a bounds checking error in the heartbeat implementation that could return up to 64K of private data to the client. This can lead to server certificate private keys, session cookies, clear text passwords, or other sensitive data being leaked from the server to the client. This vulnerability exists in OpenSSL versions 1.0.1 through 1.0.1f and 1.0.2 beta.

It is important for server administrators to update OpenSSL as soon as possible and take steps to secure any private data which may have been leaked. This may include updating server certificates and revoking certificates that may have been compromised.

Users should ensure that web sites they use have been secured and should update passwords or other authentication information.

CVE info: https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

Heartbleed Explanation


Comments

Subscribe to the comments RSS feed.

Leave Comment

Note to Verbose Commenters
If you can't fit everything you want to say in the comment below then you really should record a response show instead.

Note to Spammers
All comments are moderated. All links are checked by humans. We strip out all html. Feel free to record a show about yourself, or your industry, or any other topic we may find interesting. We also check shows for spam :).

Provide feedback
Your Name/Handle:
Title:
Comment:
Anti Spam Question: What does the letter P in HPR stand for?
Are you a spammer?
What is the HOST_ID for the host of this show?
What does HPR mean to you?