OpenSSL Heartbeat (Heartbleed) Vulnerability (CVE-2014-0160) and its High-Level Mechanics
There was a devastating security flaw in the OpenSSL implementation of the SSL / TLS protocol (CVE-2014-0160).
The vulnerability occurs in what is known as the heartbeat extension to this protocol, and it specifically impacts version 1.0.1 and beta versions of 1.0.2 of OpenSSL. Even though OpenSSL is just one implementation of the SSL / TLS protocol, it is the most widely deployed implementation.
In this SOC Talk, Elastica’s CTO Dr. Zulfikar Ramzan walks through the mechanics of the Heartbeat (Heartbleed) flaw (at a high level), how an attacker can exploit it, and its underlying ramifications.
It is important to stress that the flaw is not inherent to the SSL / TLS protocol itself, but rather to the specific OpenSSL implementation.
Check out additional SOC Talks at elastica.net