The Heartbleed Bug: An Open Secure Sockets Layer Vulnerability
Journal: International Journal of Science and Research (IJSR) (Vol.3, No. 6)Publication Date: 2014-06-15
Authors : Thabiso Peter Mpofu; Noe Elisa; Nicholaus Gati;
Page : 1470-1473
Keywords : OpenSSL; Heartbleed bug; secure; Transport Layer Security; Secure Sockets Layer; vulnerability;
Abstract
The Open Secure Sockets Layer (OpenSSL) is used to provide a secure platform for transactions that happen over the internet. About two thirds of the servers on the internet use the OpenSSL platform to provide secure transaction over the internet. The OpenSSL is a widely used open source implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS). Transactions such as online shopping, emails and online banking are carried out on the internet through the OpenSSL and other platforms which provide a security. Vulnerabilities have however been found in the OpenSSL that has resulted in a wide public outcry all over the world. A vulnerability referred to as the Heartbleed Bug has sent shockwaves all over the internet. From the study we conducted, the scope of the data that has been potentially compromised is astronomical and includes usernames, passwords, bank account and credit card numbers, medical data, documents in online cloud storage. Not only has all of this user data been directly compromised, but, what are worse, the private keys of the servers running the vulnerable versions of OpenSSL were also almost certainly compromised. We recommend patching of affected applications or/and upgrade to versions that are not vulnerable in order to mitigate the risks identified.
Other Latest Articles
- Digital Currency: The Emergence of Bitcoins
- Improvement of Carrier to Interference plus Noise Ratio in WiMAX Networks Using Femtocell Base Station Concept
- An Efficient VLSI Implementation of Lossless ECG Encoder Design
- Performance Analysis of Hierarchical Routing Protocols of Wireless Sensor Network: A Survey
- Implementation of Three Phase Induction Motor Control Drive Using PID and FUZZY Technique and Their Comparison
Last modified: 2014-06-27 19:17:45