OpenSSL has evolved a great deal in terms of security since the disclosure of the Heartbleed vulnerability back in 2014.
OpenSSL, an open source library that implements the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols, is widely used by organizations to protect communications.
In April 2014, the world learned that OpenSSL was affected by a critical vulnerability, dubbed Heartbleed and tracked as CVE-2014-0160, that could be exploited to steal potentially sensitive information from supposedly protected communications without leaving a trace.
“The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software,” the researchers who discovered Heartbleed wrote on a website dedicated to the vulnerability. “This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.”
There have been some reports of attacks exploiting Heartbleed following its disclosure, and it has even been claimed that the NSA had known about the vulnerability prior to its disclosure and leveraged it to gather critical intelligence, a claim that the agency denied.
The discovery and disclosure of the Heartbleed vulnerability represented a turning point for OpenSSL.
Following the disclosure and patching of Heartbleed in April 2014, the cybersecurity community and the tech industry turned their attention to the open source p ..
Support the originator by clicking the read the rest link below.
