Heartbleed Saga Continues: Highlights of Vulnerability's First 30 Days

 
 
By Sean Michael Kerner  |  Posted 2014-05-07 Email Print this article Print
 
 
 
 
 
 
 
 

On April 7, the Heartbleed vulnerability, one of the most impactful security incidents of the last decade, was first publicly disclosed. Technically, the Heartbleed flaw is identified as CVE-2014-0160 and called "TLS heartbeat read overrun." It is found within the open-source OpenSSL cryptographic library, which provides Secure Sockets Layer (SSL) encryption capabilities for data in transit. OpenSSL is widely deployed on servers and embedded devices, which is one of the many reasons why Heartbleed has been able to wreak so much havoc. Heartbleed could potentially enable an attacker to read the memory from a vulnerable server, which could lead to data theft. Only Google and CloudFlare were made aware of the flaw before it was first publicly disclosed, while other vendors were left scrambling to rapidly issue patches to users. While patches were made available on most platforms within days of the initial advisory, users of some mobile apps have been left at risk. The flaw also triggered a shutdown of the Canada Revenue Agency (CRA) Website, which delayed the tax filing deadline for millions of Canadians. Security firm FireEye reported that one of its clients had been attacked with the Heartbleed vulnerability by way of a virtual private network (VPN) connection. In this slide show, eWEEK takes a look back at some of the key developments in the first 30 days of the Heartbleed vulnerability.

 
 
 
 
 
 
 
 
Sean Michael Kerner is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
Rocket Fuel