The strange part is that it appears to have been introduced in 2011, and known since March 2012.
According to the article:-
Known as the Heartbleed bug, the vulnerability allows anyone on the Internet to read the memory of systems that run vulnerable versions of OpenSSL, revealing the secret authentication and encryption keys to protect the traffic.
User names, passwords and the actual content of the communications can also be read.
No man-in-the-middle techniques of interception are required to exploit the out-of-bounds memory bug, and attacks leave no trace on vulnerable systems.
The link below has more information:-
No comments:
Post a Comment