Data Center Journal

Volume 32 | June 2014

Issue link:

Contents of this Issue


Page 17 of 32

THE DATA CENTER JOURNAL | 15 i n early April, a security vulner- ability was unveiled, affecting over 500,000 websites. Today, this epidemic is known as Heartbleed, a bug found in OpenSSL that permeated mainstream media, forcing users worldwide to change user names and passwords on favorite websites. A report by the Pew Research Center's Internet and American Life Project, uncovered a substantial ri between the number of users who were aware of Heartbleed, and those who took action to safeguard their data. Despite the fact that 64 percent of Internet users knew of the vulner- ability, a mere 39 percent reacted to it by making adjustments to their accounts. Although users can play a large part in mitigating the affects of a vulnerability such as Heartbleed, the bigger question lies with Internet data centers (IDC), Cloud hosting facilities and Internet service providers (ISP). How can they better prepare and equip themselves to fend off the results of these vulnerabilities, while protecting their customers? heartBleeD 101 Heartbleed is a security bug in the open-source, OpenSSL cryptog- raphy library, oen utilized to imple- ment the Internet's Transport Layer Security (TLS) protocol. It allows Internet users to access the system's stored data that is protected by the vulnerable versions of the OpenSSL soware. is particular security vulner- ability le an open door for malicious actors to easily access sensitive data. ey were able to exploit OpenSSL TLS Heartbeat Extension protocols in a variety of OpenSSL versions, accessing server and user informa- tion. Hackers were not only able to access user names and passwords, but also intercept communications using acquired secret keys. is ultimately allowed them to steal data from ser- vice providers by mimicking either the service providers or users. Heartbleed is the sort of vulner- ability that keeps security experts up at night. is OpenSSL vulnerability has been around for over two years and when used is practically untraceable, leaving many people concerned about the extent of the damage. e OpenSSL TLS Heartbeat Extension protocol implements blind trust from the length of the payload in the communicating field. Meaning, the data did not have the correct bound checks from the beginning of the data stream to the end point. is protocol allows disclosure of data up to 64K memory to any connected network cli- ent or server, therefore putting sensi- tive information contained in that data memory at risk of being exposed.

Articles in this issue

Links on this page

Archives of this issue

view archives of Data Center Journal - Volume 32 | June 2014