International Journal of Life Science and Engineering
Articles Information
International Journal of Life Science and Engineering, Vol.1, No.2, May 2015, Pub. Date: Apr. 18, 2015
A Perfunctory Negligence on the Undying Capabilities Resulted in the Heart Bleed Vulnerability in Open SSL
Pages: 45-49 Views: 3072 Downloads: 1153
Authors
[01] Edward Danso Ansong, Department of Computer Science & Information Technology, Valley View University, Oyibi, Ghana.
[02] Dominic Damoah, Department of Computer Science & Information Technology, Valley View University, Oyibi, Ghana.
[03] J. B. Hayfron-Acquah, Department of Computer Science, Kwame Nkrumah University of Science & Technology, Kumasi, Ghana.
Abstract
The denunciation on Open SSL tool caused total devastation and trust concerns with modern security technologies purported to be secured. A careful relook at the Heart bleed vulnerability provides insights with lessons that should inform how cryptographic software libraries are built and implemented. This article outlines the antecedents of a retinue of security vulnerabilities with the Open SSL solution. The evidence adduced is that Open SSL is indeed not entirely secure after all until subjected to rigorous testing.
Keywords
Cryptography, Open SSL, Heart Bleed, SSL and TLS
References
[01] (n.d.). Retrieved June 26, 2014, from https://minotaur.fi.muni.cz:8443/~xsvenda/docuwiki/lib/exe/fetch.php?media=public:pb173:openssl_en_v4.pdf
[02] Canada Tax Agency Hacked Using Heartbleed. (2014, April 15). (S. Mlot, Producer) Retrieved June 17, 2014, from http://www.pcmag.com/article2/0,2817,2456583,00.asp
[03] Cyberoam. (2014, June 12). (A Sophos Company) Retrieved June 27, 2014, from http://www.cyberoam.com/blog/openssl-continues-to-bleed-out-more-flaws-more-critical-vulnerabilities-found/
[04] Debian. (2008, May 13). Debian Security Advisory. (Debian) Retrieved June 27, 2014, from http://www.debian.org/security/2008/dsa-1571
[05] Experts, L. C. (2014). LWG Consulting: Post Disaster Technical Experts. (LWG Consulting) Retrieved June 26, 2014, from http://www.lwgconsulting.com/news/sites_affected_by_heartbleed_bug.aspx
[06] Goodin, D. (2014, June 20). Risk Assessment and Hacktivism. (ArsTechnica) Retrieved June 27, 2014, from http://arstechnica.com/security/2014/06/google-unveils-independent-fork-of-openssl-called-boringssl/
[07] IBM Security Bulletin. (2013, May 15). (IBM) Retrieved June 27, 2014, from http://www-01.ibm.com/support/docview.wss?uid=swg21637525
[08] Irish websites ‘vulnerable’ to Heartbleed bug - Technology Industry News _ Market & Trends . (2014, April 21). Retrieved June 17, 2014, from www.irishtimes.com
[09] Julian, S. (2014, April 12). Cato. Retrieved June 15, 2014, from http://www.cato.org/publications/commentary/nsas-heartbleed-problem-problem-nsa?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+CatoRecentOpeds+%28Cato+Recent+Op-eds%29
[10] lepidum. (2014, June 16). (lepidum) Retrieved July 11, 2014, from http://ccsinjection.lepidum.co.jp/
[11] Mcree, R. (2012, April 24). InfoSec Handlers Diary Blog. Retrieved June 26, 2014, from https://isc.sans.edu/diary/OpenSSL+reissues+fix+for+ASN1+BIO+vulnerability/13042
[12] Mutton, P. (2014, April 8). Netcraft. Retrieved June 27, 2014, from http://news.netcraft.com/archives/2014/04/08/half-a-million-widely-trusted-websites-vulnerable-to-heartbleed-bug.html
[13] Pelletier, P. (2012, October 27). [Cryptography] Just How Bad is OpenSSL? Retrieved June 26, 2014, from http://lists.randombit.net/pipermail/cryptography/2012-October/003388.html
[14] Pravir Chandra, M. M. (2002). Network Security with OpenSSL. O'Reilly.
[15] Rapid7. (2011, February 18). Retrieved June 25, 2014, from https://www.rapid7.com/db/vulnerabilities/http-openssl-cve-2011-0014 and http://www.openssl.org/news/secadv_20110208.txt
[16] Rapid7. (2012, April 19). Retrieved June 25, 2014, from https://www.rapid7.com/db/vulnerabilities/http-openssl-cve-2012-2110 , http://www.openssl.org/news/secadv_20120419.txt , http://www.openssl.org/news/secadv_20120424.txt
[17] Ristic, I. (2013). OPENSSL COOKBOOK; A Guide to the Most Frequently Used OpenSSL Features and Commands. London: Feisty Duck Limited.
[18] Security Focus. (2002, July 20). Retrieved June 25, 2014, from http://www.securityfocus.com/bid/5366/discuss
[19] Seltzer, L. (2014, April 21). ZDnet. Retrieved June 27, 2014, from http://www.zdnet.com/openbsd-forks-prunes-fixes-openssl-7000028613/
[20] websense. (2014). How to use OpenSSL and Microsoft Certificate Authority to create a websense manager SSL certificate. Retrieved June 11, 2014, from http://www.websense.com/support/article/kbarticle/How-to-use-OpenSSL-and-Microsoft-Certification-Authority
600 ATLANTIC AVE, BOSTON,
MA 02210, USA
+001-6179630233
AIS is an academia-oriented and non-commercial institute aiming at providing users with a way to quickly and easily get the academic and scientific information.
Copyright © 2014 - American Institute of Science except certain content provided by third parties.