Linked Questions

So the heartbeat bug can lead to memory read overrun, exposing (parts of) the process memory, because it reads the payload when there actually is no (or less) payload. But what do you need a payload ...

I've read lots of reports of the HeartBleed bug but have not been able to find a description at the source-code level, such as this one for the goto fail bug. Can anyone provide, or point to, such an ...

I was wondering, what it means in the Heartbleed exploit. Let me explain. I'm trying to understand what does "hello" and "heartbeat" mean. Example: hello = h2bin("16 03 02 00 dc 01 00 00 d8 03 02 53 ...

I was reading some blog posts about the Heartbleed vulnerability (who's not nowadays) and was thinking about the following. Situation A If I would use a regular SSL/TLS connection the handshake will ...

CVE-2014-0160 http://heartbleed.com This is supposed to be a canonical question on dealing with the Heartbeat exploit. I run an Apache web server with OpenSSL, as well as a few other utilities ...

If I have a web crawler (using a non-patched version of OpenSSL) that can be coaxed to connect to an evil https-site, can they get everything from my process memory? To attack a server you can keep ...

I've noticed, based on the logging of my NAS, that my IP address is targeted by a hacker. I already took action by automaticly ban the IP address permanently after five unsuccesful login attemps. ...

I've learned the theory behind the SSL/TLS protocols and how effective they are to achieve a secure communication between clients and servers. Do all the implementations OpenSSL, PolarSSL, MatrixSSL, ...

Questions about Heartbleed have been showing up in the popular questions list today since morning, from the security stack exchange to android I have been reading many of them, most of them are ...

Today's xkcd has characters discussing heartbleed: Megan: I mean, this bug isn't just broken encryption. Megan: It lets website visitors make a server dispense random memory contents. Megan: It's ...

If I understand correctly the hearbleed vulnerability, only the heap of the OpenSSL process can be retrieved by an attacker (or part of depending on the memory allocation type that is used). Then, how ...