xkcd: Heartbleed Explanation

'Heartbleed' Online Bug: How to Protect Yourself - ABC News Apr 09, 2014 Testing your site for the heartbleed vulnerability I've seen a number of articles on the heartbleed vulnerability that suggest testing your site to see if it was affecting using Filippo Valsorda's testing page which can be found here: https://fili

SSL Server Test . This free online service performs a deep analysis of the configuration of any SSL web server on the public Internet. Please note that the information you submit here is used only to provide you the service. We don't use the domain names or the test results, and we never will.

OpenSSL versions 1.0.1 through 1.0.1f contain a flaw in its implementation of the TLS/DTLS heartbeat functionality. This flaw allows an attacker to retrieve private memory of an application that uses the vulnerable OpenSSL library in chunks of 64k at a time. Note that an attacker can repeatedly leverage the vulnerability to retrieve as many 64k chunks of memory as are necessary to retrieve the

Heartbleed is a security bug in the OpenSSL cryptography library, which is a widely used implementation of the Transport Layer Security (TLS) protocol. It was introduced into the software in 2012 and publicly disclosed in April 2014.

Apr 08, 2014