The high-risk OpenSSL vulnerability Heartbleed published in April 7 has become the leading news of IT security for two consecutive weeks. Now IT experts are arguing about the impact of the vulnerability and the cost of fixing the vulnerability: To fix the vulnerability, many enterprises and projects need to extract manpower to build and pack patches, implement patches, scan risky servers and devices, and reset the Administrator and user password, you can also revoke and re-issue certificates. EWEEK gave a preliminary figure: $0.5 billion. In addition, Steve Marquess, chairman of the OpenSSL Software Foundation, revealed on the mail list that since the publication of the vulnerability, the Foundation has received a donation of $23 thousand, exceeding the total amount of all previous donations.
OpenSSL TLS heartbeat read remote information leakage (CVE-2014-0160)
Severe OpenSSL bug allows attackers to read 64 KB of memory, fixed in half an hour in Debian
OpenSSL "heartbleed" Security Vulnerability
Provides FTP + SSL/TLS authentication through OpenSSL and implements secure data transmission.
OpenSSL Heartbleed vulnerability upgrade method
For more information about Heartbleed, click here.
Heartbleed: click here
This article permanently updates the link address: