11 Heartbleed Facts: Vulnerability Discovery, Mitigation Continue

  • 17 April 2014
  • 0 replies
  • 333 views

Userlevel 7
Badge +54
Millions of websites, applications from Cisco and VMware, Google Play apps, as well as millions of Android devices are vulnerable -- and the list keeps growing.

Just how many products and websites need to be patched, and related digital certificates revoked and reissued, before the Heartbleed vulnerability will be mitigated?

Heartbleed, the recently spotted vulnerability in OpenSSL, could allow attackers to steal websites' private keys. Google engineer Neel Mehta and the Finnish security firm Codenomicon discovered the flaw separately this month. But information about the vulnerability, which later became known as Heartbleed, wasn't made public until OpenSSL issued an April 7 security advisory about a "TLS heartbeat read overrun." At that time, more than half of all web servers, collectively hosting more than 500 million websites, were thought to be vulnerable.
 
Full Article

0 replies

Be the first to reply!

Reply