Home / Series / Chaos Communication Congress / Aired Order / Season 31 / Episode 78

Heartache and Heartbleed: The insider’s perspective on the aftermath of Heartbleed (#6212)

Speaker: Nick Sullivan Two weeks after the Heartbleed bug was announced, CloudFlare patched the Heartbleed bug, created a challenge to prove the bug could be used to find private keys (uncovering a second bug in OpenSSL) and turned its entire network into a giant honeypot. This session will discuss the specific steps taken to prevent early disclosure, creating and scaling the first public vulnerability test, how the CloudFlare Heartbleed challenge showed that you can reveal private SSL keys (how a second bug in OpenSSL made this possible) the incredible impact of revoking over 100,000 certificates in a single day, and the results of our honeypot revealing the proportion of attack traffic versus research traffic.

English
  • Originally Aired December 28, 2014
  • Runtime 60 minutes
  • Created December 30, 2014 by
    Administrator admin
  • Modified December 30, 2014 by
    Administrator admin