There was a devastating security flaw in the OpenSSL implementation of the SSL / TLS protocol (CVE-2014-0160). The vulnerability occurs in what is known as the heartbeat extension to this protocol, and it specifically impacts version 1.0.1 and beta versions of 1.0.2 of OpenSSL. Even though OpenSSL is just one implementation of the SSL / TLS protocol, it is the most widely deployed implementation. In this SOC Talk, Elastica's CTO Dr. Zulfikar Ramzan walks through the mechanics of the Heartbeat (Heartbleed) flaw (at a high level), how an attacker can exploit it, and its underlying ramifications. It is important to stress that the flaw is not inherent to the SSL / TLS protocol itself, but rather to the specific OpenSSL implementation.
Thanks for watching!
Check out additional SOCTalks at elastica.net
And please feel free to follow us on our other Social Media platforms:
Facebook - facebook.com/ElasticaInc
Twitter - twitter.com/ElasticaInc
LinkedIn - linkedin.com/company/Elastica