1 |
What is the CVE-2014-0160? |
2 |
Why it is called the Heartbleed Bug? |
3 |
What makes the Heartbleed Bug unique? |
4 |
Is this a design flaw in SSL/TLS protocol specification? |
5 |
What is being leaked? |
6 |
What is leaked primary key material and how to recover? |
7 |
What is leaked secondary key material and how to recover? |
8 |
What is leaked protected content and how to recover? |
9 |
What is leaked collateral and how to recover? |
10 |
Recovery sounds laborious, is there a short cut? |
11 |
How revocation and reissuing of certificates works in practice? |
12 |
Am I affected by the bug? |
13 |
What versions of the OpenSSL are affected? |
14 |
How common are the vulnerable OpenSSL versions? |
15 |
How about operating systems? |
16 |
How can OpenSSL be fixed? |
17 |
Should heartbeat be removed to aid in detection of vulnerable services? |
18 |
Can I detect if someone has exploited this against me? |
19 |
Can IDS/IPS detect or block this attack? |
20 |
Can attacker access only 64k of the memory? |
21 |
Is this a MITM bug like Apple's goto fail bug was? |
22 |
Does TLS client certificate authentication mitigate this? |
23 |
Does OpenSSL's FIPS mode mitigate this? |
24 |
Does Perfect Forward Secrecy (PFS) mitigate this? |
25 |
Can heartbeat extension be disabled during the TLS handshake? |
26 |
Who found the Heartbleed Bug? |
27 |
What is the Defensics SafeGuard? |
28 |
Who coordinates response to this vulnerability? |
29 |
Is there a bright side to all this? |
30 |
What can be done to prevent this from happening in future? |
31 |
Where to find more information? |