Premium Essay

Inb255 Security Log News

In:

Submitted By kashifilham
Words 1318
Pages 6
SCIENCE AND ENGINEERING FACULTY
INB255 Security
Semester 1 2014 Security News Log News 1 Title: Heartbleed: Serious OpenSSL zero day vulnerability revealed
Author:
Steven J. Vaughan-Nicols
Reference details:
Vaughan-Nicols, Steven J. (2014). Heartbleed: Serious OpenSSL zero day vulnerability revealed
Retrieved From: http://www.zdnet.com/heartbleed-serious-openssl-zero-day-vulnerability-revealed-7000028166/
Summary:
Heartbleed bug is one of the latest bug, and a quite dangerous one as well. It was found in OpenSSL cryptographic library. This bug can be used to reveal secured message contents, online credit card transactions. It is also capable of collecting primary and secondary SSL keys. So it can practically hack a system and leave without leaving a trace of what it did. Cloudfire, a security company said that, they have fixed the bug. However their method was not suitable for broad use. A lot of companies are working to fix this bug.
Type of information asset item refers to:
The information asset this article is referring to can be personal details, passwords or confidential messages.
Value of asset to person/organization:
The value is not determined in this article, as heartbleed is a new issue. However due to it’s capability, it is safe to assume that it can access personal data and modify them. In that case data might become unavailable to user himself.
Security goals compromised:
This bug is capable of breaching confidentiality, integrity and availability.
Threat/vulnerability/attack details:
This bug is a considered threat to information, which can exploit system’s vulnerability and open the door for hackers.

SCIENCE AND ENGINEERING FACULTY
INB255 Security
Semester 1 2014 Security News Log News 2

Title:
8 charged in AT&T ID theft fraud case, including outsourced

Similar Documents