Skip to main content

Posts

Showing posts from 2014

HeartBleed - An open source failure?????

                                                                                      Heart Bleed.... The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).   On 8th April , when Microsoft stopped giving support to WinXP, the major vulnerability in the open source OpenSSL was found.The 1000s of websites using OpenSSL like Facebook,Google,Yahoo are affected due a simple OpenSSL programming mistake . A programming blunder enabled attackers to pull down 64k chunks of "secure" server memory. Of course, a hacker would then have to shift through this captured memory for social security numbers, credit-card numbers, and