China
Africa
Explore chapters and articles related to this topic
Network Security
Published in Mário Marques da Silva, Cable and Wireless Networks, 2018
OpenSSL is a widely used open source toolkit responsible for implementing the SSL/TLS algorithms in a server. OpenSSL is a collaborative project that implements a commercial grade SSL/TLS. The Heartbleed corresponds to a vulnerability detected in OpenSSL versions 1.0.1 to 1.0.1f, being of buffer overflow type. The Heartbleed vulnerability results from an improper use of the memory that takes place during the keep alive handshaking implemented between both parties when they want to keep the session open even when they do not have any data to exchange, as defined in RFC 6520. The damages of the exploitation of this vulnerability may include message contents (eavesdropping), client credentials, session keys, or even copies of the server’s private keys. The immunization to this vulnerability relies on upgrading the OpenSSL to a version equal or newer than OpenSSL 1.0.1g.
Cyber Insecurity Is Growing
Published in Larry B. Rainey, Mo Jamshidi, Engineering Emergence, 2018
The defect appears to have been accidentally introduced by an update in December 2011. OpenSSL is a widely used and free tool. At the disclosure of Heartbleed, approximately 500,000 of the Internet’s secure web servers certified by trusted authorities were believed to be vulnerable to the attack. The new OpenSSL version repaired this vulnerability by including a bounds check to ensure that the payload length specified is no longer than the data that is actually sent. Unfortunately, that check is only the start of an implemented correction because elimination of the vulnerability requires the 500,000 users of this software to upgrade to the new version. In addition, because this problem is related to security certificates, protecting systems from attacks that exploit the Heartbleed vulnerability requires that companies revoke old SSL certificates, generate new keys, and issue new certificates (Peters 2015). At least eight operating versions of OpenSSL were shipped containing the bug. While the OpenSSL program is complex, the cause of the vulnerability is simple. The software never verified the design assumption that the length of the content to be returned to the caller was less than or equal to the length of the payload sent.
Machine Learning – Supervised Learning
Published in Rakesh M. Verma, David J. Marchette, Cybersecurity Analytics, 2019
Rakesh M. Verma, David J. Marchette
Slow HTTP and Slow Loris are attacks that allow a single machine to keep a large number of requests to a web server active to consume resources and hence block legitimate users access to the site. Hulk is a tool for constructing denial-of-service attacks (for research purposes) that are designed to be as unpredictable as possible. Each attack is crafted to have different properties from the previous one. Golden Eye is another tool designed to test http denial-of-service attacks. The Heartbleed attack was an exploitation of a bug in the OpenSSL cryptographic library that allowed the attacker to read unencrypted data, such as passwords, by exploiting a buffer overflow.
Exploratory text data analysis for quality hypothesis generation
Published in Quality Engineering, 2018
Theodore T. Allen, Zhenhuan Sui, Kaveh Akbari
Cluster or topic 3 experiences a sudden increase in topic proportion in April 2014 and a sudden decrease in topic proportion in October 2014, while other topics’ changes are relatively constant, fluctuating around zero. This pattern is consistent with the timing of the public disclosure of the vulnerability, “Heartbleed”, on April 1, 2014. This vulnerability resulted from a lack of bounds in memory allocations for operating systems, which allowed large amounts of information to be stolen from any susceptible computer.