#1
|
||||
|
||||
What is the Heartbleed bug?
Heartbleed is a flaw in OpenSSL, the open-source encryption standard used by the majority of sites on the web that need to transmit data users want to keep secure. It basically gives you a "secure line" when you're sending an email or chatting on IM.
Encryption works by making it so that data being sent looks like nonsense to anyone but the the intended recipient. Occasionally, one computer might want to check that there's still a computer at the end of its secure connection, so it will send out what's known as a "heartbeat," a small packet of data that asks for a response. Due to a programming error in the implementation of OpenSSL, the researchers found that it was possible to send a well-disguised packet of data that looked like one of these heartbeats to trick the computer at the other end of a connection into sending over data stored in its memory. How bad is that? It's really bad. Web servers can keep a lot of information in their active memory, including user names, passwords, and even the content that user have uploaded to a service. But worse even than that, the flaw has made it possible for hackers to steal encryption keys, the codes used to turn gibberish encrypted data into readable information. With encryption keys, hackers can intercept encrypted data moving to and from a site's servers and read it without establishing a secure connection. This means that unless the companies running vulnerable servers change their keys, even future traffic will be susceptible. |
#2
|
|||
|
|||
Heartbleed, the bug being called one of the Internet's biggest security threats, has been around for two years. Heartbleed is a security bug in the open-source OpenSSL cryptography library, which is widely used to implement the Internet's Transport Layer Security.
|
#3
|
|||
|
|||
Heartbleed is a security bug tht was discovered in April 2014 at the OpenSSL cryptography library, which is a widely used implementation of the Transport Layer Security (TLS) protocol. Heartbleed may be utilized regardless of whether the party using a vulnerable OpenSSL instance for TLS is a server or a client. It output is available from improper input validation in the implementation of the TLS heartbeat extension, thus the bug's name derives from "heartbeat".
|
#4
|
|||
|
|||
Matured placement
Blog about sissy life
best fashion shop sexy panties on women sexy toys http://sissies.purplesphere.in/?view.madyson beauty salon games rubber female suit nappies for cats reserve bank of south africa statistics about poverty discount boys clothes purple haze cannabis strain oxford dictionary of english online |
Thread Tools | Search this Thread |
Display Modes | |
|
|