A potentially critical security vulnerability in OpenSSL has been discovered that allows an attacker to read up to 64kilobytes of memory from the server running a vulnerable OpenSSL version. As a normal user, you may not aware what is OpenSSL. It is cryptographic library which is used for encrypting communication between web server and users – used by plenty of websites including Google, Yahoo, Twitter. The bug( CVE-2014-0160), dubbed as ‘HeartBleed‘, was independently discovered by Neel Mehta from Google Security team and Codenomicon. The bug appropriately named HeartBleed because vulnerability is located in HeartBeat extension and it leads to memory leak. The attacker can read only up to 64k of memory during one iteration of the attack. However, according to Heardbleed.com, an attacker can “keep reconnecting or during an active TLS connection keep requesting arbitrary number of 64 kilobyte chunks of memory content until enough secrets are revealed”. An attacker can retrieve the private key used for encrypting the communication that will allow to read all information passed to server and user like it wasn’t encrypted at all. How to fix it? If your server is using OpenSSL 1.0.1 and 1.0.1f, then better upgrade to 1.0.1g. If you are using […]
For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com
The post OpenSSL vulnerability allows hackers to read 64k of memory on target server appeared first on National Cyber Security.
View full post on National Cyber Security