ABSTRACT
2014 was the year of the Heartbleed, the common name for a vulnerability in the nearly ubiquitous OpenSSL's encryption implementation library, which IBM Security Systems characterized as "one of the most widespread and impactful security vulnerabilities of all time." The name "Heartbleed" itself explains the vulnerability—"Heart" of the Heartbleed came from the Heartbeat protocol and "bleed" stands for data leakage. Heartbleed is a well-known bug in OpenSSL, a popular open-source protocol used extensively on the Internet to implement SSL and TLS encryption. The vulnerability can be exploited to access and read the memory of systems thought to be protected by encryption, including secret cryptography keys, usernames, passwords, and even content. By exploiting the Heartbleed vulnerability, an attacker can send a Heartbeat request message and retrieve up to 64 kB of memory from the victim's server.
