What is Heartbleed?
Heartbleed is a vulnerability in OpenSSL that came to light in April of 2014; it was present on thousands of web servers, including those running major sites like Yahoo.
OpenSSL is an open source code library that implements the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. The vulnerability meant that a malicious user could easily trick a vulnerable web server into sending sensitive information, including usernames and passwords.
The TLS/SSL standards are crucial for modern web encryption, and while the flaw was in the OpenSSL implementation rather than the standards themselves, OpenSSL is so widely used—when the bug was made public, it affected 17% of all SSL servers—that it precipitated a security crisis.
To read this article in full, please click here
Leer másCSO Online
