Heartbleed


Also found in: Dictionary.
Related to Heartbleed: Shellshock, OpenSSL

Heartbleed

A bug in the widely used OpenSSL Internet security protocol that was discovered on April 1, 2014. Heartbleed enabled a large amount of memory (RAM) to be accessed, which could disclose passwords and private keys. Although a patch was forthcoming in a matter of days, more than a half million Web servers were vulnerable until the patch was applied. See OpenSSL, SSL and TLS.
Copyright © 1981-2019 by The Computer Language Company Inc. All Rights reserved. THIS DEFINITION IS FOR PERSONAL USE ONLY. All other reproduction is strictly prohibited without permission from the publisher.
Mentioned in ?
References in periodicals archive ?
This paper discusses the technique of Heartbleed vulnerability and its affect on the web servers of Bangladesh after the patch is available.
The name "Heartbleed" given to the bug is a play on the word "heartbeat."
The year 2014 witnessed some of the most notorious security breaches with major attacks from Heartbleed, Bash, Poodle and Drupal core SQL injection vulnerabilities.
Security experts compared this latest flaw to other significant problems that had come to light this year such as the Heartbleed bug.
Shellshock comes only months after the discovery of Heartbleed, a massive vulnerability in the Internet's cryptography protocol, Open SSL.
Given that the flaw has been around for more than ten years, almost all Linux and Unix machines running will be vulnerable and this could have a bigger impact than Heartbleed which we saw earlier this year," said Wolfgang Kandek, chief technical officer for Qualys, Inc.
Raimund Genes, chief technology officer, said: "Shellshock could be notably more widespread than the infamous Heartbleed from earlier this year.
Unlike Heartbleed , which was quite hard to exploit properly, Shellshock can be exploited with just a couple of lines of code, giving just about anyone the ability to run arbitrary code on an affected computer.
Shellshock's impact could be far worse than the Heartbleed bug earlier this year.
With the cloud comes questions about data security, and never were those questions louder or more urgent than this past spring when the Heartbleed bug hit the headlines.
The Heartbleed bug, which may have affected more than 500,000 PCs and mobile devices, enabled attackers to steal secure data and pose as genuine users, for instance.
New bugs found in software that caused "Heartbleed" cyber threat Security researchers have uncovered new bugs in the Web encryption software that caused the pernicious "Heartbleed" Internet threat that surfaced in April.