Before its release itself, the Heartbeat Extension for OpenSSL had a bug and the developers failed to notice it and released it with the flaw. The Heartbeat Extension provides a new protocol for TLS/DTLS allowing the usage of keep-alive functionality without performing a renegotiation and a basis for path MTU (PMTU) discovery for DTLS. Heartbeat extension was introduced for the Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) protocols in February 2012. OpenSSL is a widely used implementation of Transport Layer Security. By the name OpenSSL itself, we can understand that it is open-source software that facilitates communication over SSL protocol. The majority of Online Services use OpenSSL, a security standard that encrypts the communication between a user (You) and the Server. SSL simply means Secure Socket Layer. Here we are going to discuss this most spoken Vulnerability and how to test it. Rapid7 has released guidance on detecting vulnerability via Nexpose, and Metasploit has released a module for Heartbleed.Many of us have been hearing the word Heartbleed and are wondering what is that and how severe is this and why everyone is talking about it.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |