Heartbleed


Also found in: Dictionary.
Related to Heartbleed: Shellshock, OpenSSL

Heartbleed

A bug in the widely used OpenSSL Internet security protocol that was discovered on April 1, 2014. Heartbleed enabled a large amount of memory (RAM) to be accessed, which could disclose passwords and private keys. Although a patch was forthcoming in a matter of days, more than a half million Web servers were vulnerable until the patch was applied. See OpenSSL, SSL and TLS.
Mentioned in ?
References in periodicals archive ?
At any given time, we should expect for one per cent of high-urgency vulnerabilities to be actively exploited while 56 percent of all OpenSSL versions are still vulnerable to Heartbleed," Dabboussi continued.
According to industry estimates, about 300,000 website owners have not been able to fix Heartbleed even after eight months of the vulnerability being widely reported and fixed.
While the long-term impact of Shellshock remains undetermined, Gula believes it surpasses Heartbleed in severity due in part to detection difficulty.
Given that the flaw has been around for more than ten years, almost all Linux and Unix machines running will be vulnerable and this could have a bigger impact than Heartbleed which we saw earlier this year," said Wolfgang Kandek, chief technical officer for Qualys, Inc.
Unlike Heartbleed , which was quite hard to exploit properly, Shellshock can be exploited with just a couple of lines of code, giving just about anyone the ability to run arbitrary code on an affected computer.
With the cloud comes questions about data security, and never were those questions louder or more urgent than this past spring when the Heartbleed bug hit the headlines.
The Heartbleed bug, which may have affected more than 500,000 PCs and mobile devices, enabled attackers to steal secure data and pose as genuine users, for instance.
According to the Internet research firm Netcraft, an estimated number of 500,000 foreign websites could have been affected by Heartbleed.
The Heartbleed vulnerability leaves no trace and it is still not known what data was stolen and in what volumes.
Of the three flaws, Heartbleed was by far the most significant.
And concerns about security may be ramped up in the wake of the recently discovered Heartbleed security hole in OpenSSL.