Adri Jovin, profile picture
Uploaded byAdri Jovin
PPTX, PDF203 views

Heartbleed Bug: A case study

The Heartbleed bug was a vulnerability in OpenSSL cryptographic software that allowed attackers to steal information that was intended to be protected by SSL/TLS encryption. It allowed attackers to eavesdrop on communications, steal data from services and users, and impersonate services and users. The bug was discovered in the heartbeat extension of TLS and occurred due to a programming mistake in how heartbeat messages were handled that leaked the contents of server memory to clients and vice versa. It compromised primary encryption keys, credentials, and other protected content and collateral data. Many operating systems and services were vulnerable to the bug before patches were released.

Embed presentation

Download to read offline
Heartbleed Bug– A case study Adri Jovin J J, M.Tech., Ph.D. UITC203 CRYPTOGRAPHY AND NETWORK SECURITY
Heartbleed Bug • Vulnerability in OpenSSL cryptographic software library • Allows stealing of information by the SSL/TLS encryption • SSL/TLS- security and privacy over the internet for most applications • Discovered by Riku, Antti and Matti at Codenomicon and Neel Mehta of Google Security and reported on April, 2014 • Allows attackers to  eavesdrop on communications  steal data directly from the services and users and  impersonate services and users UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 2 } Release of message content Masquerading
Why heartbleed? Bug discovered in the heartbeat extension of TLS Exploitation leaked contents from server to client and from client to server Left a large amount of private keys and other secrets exposed to the internet Is the protocol specification wrong??? No….problem with implementation…a programming mistake UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 3
What’s wrong with implementation??? Heartbeat message structure: UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 4 struct { HeartbeatMessageType type; uint16 payload_length; opaque payload[HeartbeatMessage.payload_length]; opaque padding[padding_length]; } HeartbeatMessage; /* Read type and payload length first */ hbtype = *p++; n2s(p, payload); pl = p; Incoming Heartbeat message: /* Enter response type, length and copy payload */ *bp++ = TLS1_HB_RESPONSE; s2n(payload, bp); memcpy(bp, pl, payload); Response Heartbeat message: hbtype = *p++; n2s(p, payload); if (1 + 2 + payload + 16 > s->s3->rrec.length) return 0; /* silently discard per RFC 6520 sec. 4 */ pl = p; Fixed Incoming Heartbeat message:
What is leaked? 1. Primary key material 2. Secondary key material 3. Protected content 4. Collateral UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 5
Leaked primary key material and recovery Leakage • Encryption keys • Leaked key allows attacker to decrypt any past or future traffic to protected services and impersonate Recovery • Requires vulnerability patch • Revocation of compromised keys • Reissuing/redistribution of new keys UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 6
Leaked secondary key material and recovery Leakage • User credentials used in vulnerable services Recovery • Restore trust • Users can change their password and possible encryption keys • Session keys and session cookies should be invalidated UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 7
Leaked protected content and recovery Leakage • Actual content handled by the vulnerable service (e.g.)personal/financial details Recovery • Provider should inform users of the leakage • Restore trust to the primary and secondary key material UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 8
Leaked collateral and recovery Leakage • Other details exposed to the attacker in the leaked memory content • Technical details such as memory addresses and security measures such as canaries Recovery • Can be fixed using patch UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 9
Vulnerability of OpenSSL • OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable • OpenSSL 1.0.1g is NOT vulnerable • OpenSSL 1.0.0 branch is NOT vulnerable • OpenSSL 0.9.8 branch is NOT vulnerable UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 10
Vulnerable Operating Systems • Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4 • Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11 • CentOS 6.5, OpenSSL 1.0.1e-15 • Fedora 18, OpenSSL 1.0.1e-4 • OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) and 5.4 (OpenSSL 1.0.1c 10 May 2012) • FreeBSD 10.0 - OpenSSL 1.0.1e 11 Feb 2013 • NetBSD 5.0.2 (OpenSSL 1.0.1e) • OpenSUSE 12.2 (OpenSSL 1.0.1c) UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 11
Non-vulnerable Operating Systems • Debian Squeeze (oldstable), OpenSSL 0.9.8o-4squeeze14 • SUSE Linux Enterprise Server • FreeBSD 8.4 - OpenSSL 0.9.8y 5 Feb 2013 • FreeBSD 9.2 - OpenSSL 0.9.8y 5 Feb 2013 • FreeBSD 10.0p1 - OpenSSL 1.0.1g (At 8 Apr 18:27:46 2014 UTC) • FreeBSD Ports - OpenSSL 1.0.1g (At 7 Apr 21:46:40 2014 UTC) UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 12
References The Heartbleed Bug “https://heartbleed.com/” What is the Heartbleed bug, how does it work and how was it fixed? “https://www.csoonline.com/article/3223203/what-is- the-heartbleed-bug-how-does-it-work-and-how-was-it-fixed.html” Anatomy of OpenSSL's Heartbleed: Just four bytes trigger horror bug “https://www.theregister.co.uk/2014/04/09/heartbleed_explained/” UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 13

More Related Content

PPTX
TLS v1.3
bySiddhartha Rao
 
PDF
Central Iowa Linux Users Group May 2020 Meeting: WireGuard
byAndrew Denner
 
PPT
Secure Sockets Layer and Transport Layer Security
byAl Mamun
 
PDF
Configuring Site-to-Site VPN's on ASA Firewalls
byKelvin Charles
 
PPTX
WHONIX OS
byAkshay Vasava
 
PDF
$HOME Sweet $HOME SANSFIRE Edition
byXavier Mertens
 
PDF
Juniper heartbleed bug
byKappa Data
 
PDF
How Encryption For Strong Security Works
byguestf50fcba
 
TLS v1.3
bySiddhartha Rao
 
Central Iowa Linux Users Group May 2020 Meeting: WireGuard
byAndrew Denner
 
Secure Sockets Layer and Transport Layer Security
byAl Mamun
 
Configuring Site-to-Site VPN's on ASA Firewalls
byKelvin Charles
 
WHONIX OS
byAkshay Vasava
 
$HOME Sweet $HOME SANSFIRE Edition
byXavier Mertens
 
Juniper heartbleed bug
byKappa Data
 
How Encryption For Strong Security Works
byguestf50fcba
 

What's hot

PDF
St Louis Linux Users Group Wireguard (for Fun and Networking)
byAndrew Denner
 
ODP
Security, Hack1ng and Hardening on Linux - an Overview
byKaiwan Billimoria
 
PDF
Linux Security, from Concept to Tooling
byMichael Boelen
 
PDF
How Encryption for Strong Security Works
bys1170087
 
PDF
Week13 presentation
bygintamalove
 
PPT
SSH.ppt
byjoekr1
 
PDF
How to prevent ssh-tunneling using Palo Alto Networks NGFW
byYudi Arijanto
 
PPTX
Cryptocurrency Mining - Bitcoin Cloud Mining - Arkonix Mining
byArkonix Mining
 
PPTX
Not petya business case
byAlexander Kravchenko
 
PDF
Weaponization of IoT
byJose L. Quiñones-Borrero
 
PPT
Linux Security
bynayakslideshare
 
PDF
Top ten OSS products cutting out costs and making a difference in the public ...
byUbertas
 
PDF
Cryto Party at CCU
byJose L. Quiñones-Borrero
 
PDF
Suricata: A Decade Under the Influence (of packet sniffing)
byJason Williams
 
PPT
Firewall
byਇਹ ਵੀ ਕੋਈ ਕੰਮ ਕਰਨ ਦੀ ਉਮਰ ਆ ਕਾਕਾ ਤਾ ਅਜੇ ਪੜਦਾ ਆ
 
PDF
Blockaudit Presentation
byAntoine Chabert
 
PPTX
Owning nx os-sec-t_2010
byblh42
 
ODP
Linux Network Security
byAmr Ali
 
PDF
10 tk3193-firewall 2
bySetia Juli Irzal Ismail
 
PDF
Custom Rules & Broken Tools
byNotSoSecure Global Services
 
St Louis Linux Users Group Wireguard (for Fun and Networking)
byAndrew Denner
 
Security, Hack1ng and Hardening on Linux - an Overview
byKaiwan Billimoria
 
Linux Security, from Concept to Tooling
byMichael Boelen
 
How Encryption for Strong Security Works
bys1170087
 
Week13 presentation
bygintamalove
 
SSH.ppt
byjoekr1
 
How to prevent ssh-tunneling using Palo Alto Networks NGFW
byYudi Arijanto
 
Cryptocurrency Mining - Bitcoin Cloud Mining - Arkonix Mining
byArkonix Mining
 
Not petya business case
byAlexander Kravchenko
 
Weaponization of IoT
byJose L. Quiñones-Borrero
 
Linux Security
bynayakslideshare
 
Top ten OSS products cutting out costs and making a difference in the public ...
byUbertas
 
Cryto Party at CCU
byJose L. Quiñones-Borrero
 
Suricata: A Decade Under the Influence (of packet sniffing)
byJason Williams
 
Firewall
byਇਹ ਵੀ ਕੋਈ ਕੰਮ ਕਰਨ ਦੀ ਉਮਰ ਆ ਕਾਕਾ ਤਾ ਅਜੇ ਪੜਦਾ ਆ
 
Blockaudit Presentation
byAntoine Chabert
 
Owning nx os-sec-t_2010
byblh42
 
Linux Network Security
byAmr Ali
 
10 tk3193-firewall 2
bySetia Juli Irzal Ismail
 
Custom Rules & Broken Tools
byNotSoSecure Global Services
 

Similar to Heartbleed Bug: A case study

PPTX
Heart Bleed Bug - A case study (Course: Cryptography and Network Security)
byAdri Jovin
 
DOCX
Report on Heartbleed
byShiva Sagar
 
PDF
How to exploit heartbleed vulnerability demonstration
byPankaj Rane
 
PPTX
Heartbleed
byPunit Goswami
 
PDF
Heartbleed
byMohammed Danish Amber
 
PPTX
Heartbleed
byShiva Sagar
 
PDF
Heartbleed
byn|u - The Open Security Community
 
PDF
Heartbleed by-danish amber
byRaghunath G
 
PDF
The Heartbleed Bug
byn|u - The Open Security Community
 
PDF
Impact of HeartBleed Bug in Android and Counter Measures
byijcsa
 
PDF
Ciso platform-annual-summit-2014-antti-karjalainen-dicoverer-of-heartbleed
byPriyanka Aash
 
PDF
[CLASS 2014] Palestra Técnica - Jonathan Knudsen
byTI Safe
 
PPT
Open ssl heart bleed weakness.
byKhaled Mosharraf
 
PDF
OSDC 2014: Christopher Kunz - Software defined networking in an open-source c...
byNETWAYS
 
PPT
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
byCASCouncil
 
PPTX
Heartbleed Bug Flaw in Servers and its reverse
byMohamed Hisham Ache
 
PPTX
44cafe heart bleed
byiphonepentest
 
PPTX
Heartbleed
byShyam Bahadur Sunari Magar
 
PDF
When the internet bleeded : RootConf 2014
byAnant Shrivastava
 
PPTX
[QA Night Recife] Heartbleed SecInf
byGuilherme Motta
 
Heart Bleed Bug - A case study (Course: Cryptography and Network Security)
byAdri Jovin
 
Report on Heartbleed
byShiva Sagar
 
How to exploit heartbleed vulnerability demonstration
byPankaj Rane
 
Heartbleed
byPunit Goswami
 
Heartbleed
byMohammed Danish Amber
 
Heartbleed
byShiva Sagar
 
Heartbleed
byn|u - The Open Security Community
 
Heartbleed by-danish amber
byRaghunath G
 
The Heartbleed Bug
byn|u - The Open Security Community
 
Impact of HeartBleed Bug in Android and Counter Measures
byijcsa
 
Ciso platform-annual-summit-2014-antti-karjalainen-dicoverer-of-heartbleed
byPriyanka Aash
 
[CLASS 2014] Palestra Técnica - Jonathan Knudsen
byTI Safe
 
Open ssl heart bleed weakness.
byKhaled Mosharraf
 
OSDC 2014: Christopher Kunz - Software defined networking in an open-source c...
byNETWAYS
 
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
byCASCouncil
 
Heartbleed Bug Flaw in Servers and its reverse
byMohamed Hisham Ache
 
44cafe heart bleed
byiphonepentest
 
Heartbleed
byShyam Bahadur Sunari Magar
 
When the internet bleeded : RootConf 2014
byAnant Shrivastava
 
[QA Night Recife] Heartbleed SecInf
byGuilherme Motta
 

More from Adri Jovin

PPTX
Planning Assessment for Outcome-based Education
byAdri Jovin
 
DOCX
Curriculum Vitae of Adri Jovin John Joseph
byAdri Jovin
 
PPTX
Introduction to Relational Database Management Systems
byAdri Jovin
 
PPTX
Introduction to ER Diagrams
byAdri Jovin
 
PPTX
Introduction to Database Management Systems
byAdri Jovin
 
PPTX
Neural Networks
byAdri Jovin
 
PPTX
Introduction to Genetic Algorithm
byAdri Jovin
 
PPTX
Introduction to Fuzzy logic
byAdri Jovin
 
PPTX
Introduction to Artificial Neural Networks
byAdri Jovin
 
PPTX
Introductory Session on Soft Computing
byAdri Jovin
 
PPTX
Creative Commons
byAdri Jovin
 
PPTX
Image based security
byAdri Jovin
 
PPTX
Blockchain Technologies
byAdri Jovin
 
PPTX
Introduction to Cybersecurity
byAdri Jovin
 
PPTX
Advanced Encryption System & Block Cipher Modes of Operations
byAdri Jovin
 
PPTX
Zoom: Privacy and Security - A case study
byAdri Jovin
 
PPTX
Elliptic Curve Cryptography
byAdri Jovin
 
PPTX
El Gamal Cryptosystem
byAdri Jovin
 
PPTX
Data Encryption Standard
byAdri Jovin
 
PPTX
Classical cryptographic techniques, Feistel cipher structure
byAdri Jovin
 
Planning Assessment for Outcome-based Education
byAdri Jovin
 
Curriculum Vitae of Adri Jovin John Joseph
byAdri Jovin
 
Introduction to Relational Database Management Systems
byAdri Jovin
 
Introduction to ER Diagrams
byAdri Jovin
 
Introduction to Database Management Systems
byAdri Jovin
 
Neural Networks
byAdri Jovin
 
Introduction to Genetic Algorithm
byAdri Jovin
 
Introduction to Fuzzy logic
byAdri Jovin
 
Introduction to Artificial Neural Networks
byAdri Jovin
 
Introductory Session on Soft Computing
byAdri Jovin
 
Creative Commons
byAdri Jovin
 
Image based security
byAdri Jovin
 
Blockchain Technologies
byAdri Jovin
 
Introduction to Cybersecurity
byAdri Jovin
 
Advanced Encryption System & Block Cipher Modes of Operations
byAdri Jovin
 
Zoom: Privacy and Security - A case study
byAdri Jovin
 
Elliptic Curve Cryptography
byAdri Jovin
 
El Gamal Cryptosystem
byAdri Jovin
 
Data Encryption Standard
byAdri Jovin
 
Classical cryptographic techniques, Feistel cipher structure
byAdri Jovin
 

Recently uploaded

PDF
Recursive Self Improvement vs Continuous Learning
byBob Marcus
 
PPTX
The Future of IT Service Management AI Automation & Beyond.pptx
byChetu
 
PDF
Innovative AI Solutions for Business Growth.pdf
byVox Works
 
PPTX
Basics of Identity Access Management In mordern Infrastructure
byPrinceXavier18
 
PDF
Guided Substation Engineering with CoMPAS: Simplifying IEC 61850
byDanBrown980551
 
PDF
Generative AI in UiPath: Mastering the Generative Extractor for Intelligent D...
byDianaGray10
 
PDF
Agentic Automation for Testers – A Hands-On Deep Dive
byUiPathCommunity
 
PDF
Safeguarding AI-Based Financial Infrastructure
bysleepandremedies
 
PDF
Ransomware_Resilience_Strategic_Playbook.pdf
byAfonso Henrique Rodrigues Alves
 
PDF
Knowing and Doing: Knowledge graphs, AI, and work
bymarainglezakis1
 
PDF
eResource Scheduler Enterprise Resource Management and Scheduling Software.pdf
byeResource Scheduler
 
PDF
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
PDF
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
PDF
TrustArc Webinar - Assessing AI Risk with Confidence
byTrustArc
 
PPTX
The Landscape of Computer Software Development Companies
byYash Singh
 
PDF
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
PPTX
TCP/IP Presentation - Information Systems & Operations Management
byadriangallianispetka
 
PDF
Taming the Chaos: How to Turn Unstructured Data into Decisions
bySafe Software
 
PDF
Top 7 Manufacturing Software for Small Businesses Boosting Growth in 2025
byEnvertis Software Solutions
 
PDF
The Future of Search: Why LLM Optimization Matters for Every Website
byav0763436
 
Recursive Self Improvement vs Continuous Learning
byBob Marcus
 
The Future of IT Service Management AI Automation & Beyond.pptx
byChetu
 
Innovative AI Solutions for Business Growth.pdf
byVox Works
 
Basics of Identity Access Management In mordern Infrastructure
byPrinceXavier18
 
Guided Substation Engineering with CoMPAS: Simplifying IEC 61850
byDanBrown980551
 
Generative AI in UiPath: Mastering the Generative Extractor for Intelligent D...
byDianaGray10
 
Agentic Automation for Testers – A Hands-On Deep Dive
byUiPathCommunity
 
Safeguarding AI-Based Financial Infrastructure
bysleepandremedies
 
Ransomware_Resilience_Strategic_Playbook.pdf
byAfonso Henrique Rodrigues Alves
 
Knowing and Doing: Knowledge graphs, AI, and work
bymarainglezakis1
 
eResource Scheduler Enterprise Resource Management and Scheduling Software.pdf
byeResource Scheduler
 
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
TrustArc Webinar - Assessing AI Risk with Confidence
byTrustArc
 
The Landscape of Computer Software Development Companies
byYash Singh
 
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
TCP/IP Presentation - Information Systems & Operations Management
byadriangallianispetka
 
Taming the Chaos: How to Turn Unstructured Data into Decisions
bySafe Software
 
Top 7 Manufacturing Software for Small Businesses Boosting Growth in 2025
byEnvertis Software Solutions
 
The Future of Search: Why LLM Optimization Matters for Every Website
byav0763436
 

Heartbleed Bug: A case study

  • 1.
    Heartbleed Bug– Acase study Adri Jovin J J, M.Tech., Ph.D. UITC203 CRYPTOGRAPHY AND NETWORK SECURITY
  • 2.
    Heartbleed Bug • Vulnerabilityin OpenSSL cryptographic software library • Allows stealing of information by the SSL/TLS encryption • SSL/TLS- security and privacy over the internet for most applications • Discovered by Riku, Antti and Matti at Codenomicon and Neel Mehta of Google Security and reported on April, 2014 • Allows attackers to  eavesdrop on communications  steal data directly from the services and users and  impersonate services and users UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 2 } Release of message content Masquerading
  • 3.
    Why heartbleed? Bug discoveredin the heartbeat extension of TLS Exploitation leaked contents from server to client and from client to server Left a large amount of private keys and other secrets exposed to the internet Is the protocol specification wrong??? No….problem with implementation…a programming mistake UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 3
  • 4.
    What’s wrong withimplementation??? Heartbeat message structure: UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 4 struct { HeartbeatMessageType type; uint16 payload_length; opaque payload[HeartbeatMessage.payload_length]; opaque padding[padding_length]; } HeartbeatMessage; /* Read type and payload length first */ hbtype = *p++; n2s(p, payload); pl = p; Incoming Heartbeat message: /* Enter response type, length and copy payload */ *bp++ = TLS1_HB_RESPONSE; s2n(payload, bp); memcpy(bp, pl, payload); Response Heartbeat message: hbtype = *p++; n2s(p, payload); if (1 + 2 + payload + 16 > s->s3->rrec.length) return 0; /* silently discard per RFC 6520 sec. 4 */ pl = p; Fixed Incoming Heartbeat message:
  • 5.
    What is leaked? 1.Primary key material 2. Secondary key material 3. Protected content 4. Collateral UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 5
  • 6.
    Leaked primary keymaterial and recovery Leakage • Encryption keys • Leaked key allows attacker to decrypt any past or future traffic to protected services and impersonate Recovery • Requires vulnerability patch • Revocation of compromised keys • Reissuing/redistribution of new keys UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 6
  • 7.
    Leaked secondary keymaterial and recovery Leakage • User credentials used in vulnerable services Recovery • Restore trust • Users can change their password and possible encryption keys • Session keys and session cookies should be invalidated UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 7
  • 8.
    Leaked protected contentand recovery Leakage • Actual content handled by the vulnerable service (e.g.)personal/financial details Recovery • Provider should inform users of the leakage • Restore trust to the primary and secondary key material UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 8
  • 9.
    Leaked collateral andrecovery Leakage • Other details exposed to the attacker in the leaked memory content • Technical details such as memory addresses and security measures such as canaries Recovery • Can be fixed using patch UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 9
  • 10.
    Vulnerability of OpenSSL •OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable • OpenSSL 1.0.1g is NOT vulnerable • OpenSSL 1.0.0 branch is NOT vulnerable • OpenSSL 0.9.8 branch is NOT vulnerable UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 10
  • 11.
    Vulnerable Operating Systems •Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4 • Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11 • CentOS 6.5, OpenSSL 1.0.1e-15 • Fedora 18, OpenSSL 1.0.1e-4 • OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) and 5.4 (OpenSSL 1.0.1c 10 May 2012) • FreeBSD 10.0 - OpenSSL 1.0.1e 11 Feb 2013 • NetBSD 5.0.2 (OpenSSL 1.0.1e) • OpenSUSE 12.2 (OpenSSL 1.0.1c) UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 11
  • 12.
    Non-vulnerable Operating Systems •Debian Squeeze (oldstable), OpenSSL 0.9.8o-4squeeze14 • SUSE Linux Enterprise Server • FreeBSD 8.4 - OpenSSL 0.9.8y 5 Feb 2013 • FreeBSD 9.2 - OpenSSL 0.9.8y 5 Feb 2013 • FreeBSD 10.0p1 - OpenSSL 1.0.1g (At 8 Apr 18:27:46 2014 UTC) • FreeBSD Ports - OpenSSL 1.0.1g (At 7 Apr 21:46:40 2014 UTC) UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 12
  • 13.
    References The Heartbleed Bug“https://heartbleed.com/” What is the Heartbleed bug, how does it work and how was it fixed? “https://www.csoonline.com/article/3223203/what-is- the-heartbleed-bug-how-does-it-work-and-how-was-it-fixed.html” Anatomy of OpenSSL's Heartbleed: Just four bytes trigger horror bug “https://www.theregister.co.uk/2014/04/09/heartbleed_explained/” UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 13