Heartbeat OpenSSL Leads to Hearbleed Flaw

The Secure Sockets Layer (SSL) is at the foundation of all Web based communications, and when security flaws are found, immediate fixes are required. On April 7, the open-source OpenSSL project issued an advisory regarding a critical vulnerability that could potentially leave millions of users at risk.

The flaw—identified as CVE-2014-0160 and called “TLS heartbeat read overrun”—has been present in OpenSSL since March 2012, but it was just recently discovered.

However, the flaw has been unofficially dubbed “Heartbleed” by security research firm Codenomicon, which is the name that has caught on in most subsequent media reports.

“A missing bounds check in the handling of the TLS [Transport Layer Security] heartbeat extension can be used to reveal up to 64k of memory to a connected client or server,” the OpenSSL advisory warns.

Read the full story at eWEEK:
Heartbeat SSL Flaw Puts Linux Distros at Risk

Sean Michael Kerner is a senior editor at InternetNews.com. Follow him on Twitter @TechJournalist.

News Around the Web