Heartbleed-bug

Heartbleed-bug er en fejl i open-source krypteringsbiblioteket OpenSSL som gør det muligt for en angriber at læse en servers eller en klients hukommelse, hvilket f.eks. tillader dem at læse en servers eller en klients SSL private keys, private data; PIM-data (fx billeder, kodeord, brugernavne...).^[1] Undersøgelser af logfiler lader til at vise at nogle angribere kan have udnyttet fejlen gennem mere end 5 måneder før den blev opdaget og offentliggjort.^[2]^[3]^[4]

^ Chen, Brian X. (2014-04-09). "Q. and A. on Heartbleed: A Flaw Missed by the Masses". New York Times. Hentet 2014-04-10.
^ Heartbleed vulnerability may have been exploited months before patch [Updated] | Ars Technica
^ "No, we weren't scanning for hearbleed before April 7"
^ "Were Intelligence Agencies Using Heartbleed in November 2013?", 2014-04-10, Peter Eckersley, EFF.org

[NYT-20140409-1] Chen, Brian X. (2014-04-09). "Q. and A. on Heartbleed: A Flaw Missed by the Masses". New York Times. Hentet 2014-04-10.

[2] Heartbleed vulnerability may have been exploited months before patch [Updated] | Ars Technica

[3] "No, we weren't scanning for hearbleed before April 7"

[4] "Were Intelligence Agencies Using Heartbleed in November 2013?", 2014-04-10, Peter Eckersley, EFF.org

[1]

[2]

[3]

[4]