What is Heartbleed?
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library that is used by many internal and external applications to secure information traveling on a network. This weakness allows for the potential stealing of user credentials that would be protected information, under normal conditions, by the SSL/TLS encryption. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
The Heartbleed Bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
Are Core Security products affected?
None of Core Security's products have the Heartbleed bug.
Test for Heartbleed using Core Impact Pro
Core Security has released an exploit to test for the Heartbleed bug. This was released on Wednesday, April 9, 2014 to all Core Impact Pro customers.
What else can you do to lower risk to your critical business assets?
The Core Attack Intelligence Platform can simulate attacks and conduct live tests to associate known vulnerabilities (such as Heartbleed), previous attack patterns, and security/network data to identify potential attack paths to your critical business assets. The platform helps you proactively identify attack paths to your key assets, ensuring bugs like Heartbleed are prioritized and remediated immediately.