Presentations
Templates
Features
Teams
Pricing
Log in
Sign up
Log in
Sign up
Menu
Heartbleed
Yannick PÉROUX - 24 Avril 2014 - CA645
Dublin City University
Overview
Exploit the Heartbeat extension of SSL/TLS
Buffer over-read attack
Can read up to 64kb of memory
Only for OpenSSL
Non-detectable by intrusion systems
Discovery
Introduced in 2011
Discovered by two teams early April 2014
Fixed & made public the 7th
~500,000 affected servers
Possibilities
Can read random chunks of memory
The heap is your limit!
See decrypted traffic
Cookies, SIDs…
POST requests -> logins, passwords…
Certificates
Privates keys
Works in both ways !
heartbleed
By Yannick Péroux
Made with Slides.com
heartbleed
1,132
Yannick Péroux
k4nar
More from
Yannick Péroux