yesterday, the news about the Heartbleed vulnerability on the network sparked heated discussion. This came from the OpenSSL project vulnerabilities allow an attacker to steal user information network data can be encrypted in a variety of transmission, because OpenSSL is widely used in Web server, mail protocol, communication protocol, the number of users affected by the time so it is difficult to estimate.
before we talk about the Heartbleed vulnerability, we have to say what is OpenSSL, but because of the SSL and have a great relationship and common user access to most is perhaps the SSL security protocol, so we first start from the introduction of SSL.
for the frequent use of Gmail or QQ mailbox in the browser users, if you pay attention will find whether it is the use of IE Chrome browser, once into the mail login interface, the browser address bar will be at the beginning of the HTTPS, while ordinary "basically is the beginning of the http. The extra s is an acronym for "security", which means that the communication between the user and the server is encrypted. For all kinds of passwords and private information about the network of products such encryption is very necessary.
Https transmission protocol is more secure than HTTP because of a SSL layer, and SSL is the full name of Secure Sockets Layer (secure socket layer), it is a security protocol proposed by the Netscape Co in its first version of the Web browser at the same time, its purpose is to provide security and data integrity for network communication. The communication between client and server applications without the attacker eavesdropping.
between the client and the server through the SSL communication process may need public key and private key, certificate and other documents to confirm the safety, and the OpenSSL suite can realize SSL protocol and provides the certificate key, package management functions commonly used, coupled with its open source and cross platform characteristics, it will naturally become many developers choose.
to support the SSL protocol is not necessarily to use OpenSSL, but because OpenSSL has been widely used, so the Heartbleed vulnerability naturally caused widespread impact. The Heartbleed vulnerability was first discovered by security researchers at Codenomicon and Google Security, which allows attackers to remotely read data from the OpenSSL server’s memory using 64kb. Moreover, as long as the attacker needs, it can be repeated in the presence of the vulnerability of the server, until you find the data you want.
although the 64KB data does not sound great, but from the online release of the picture we can see that it is sufficient to contain