| 1 |
What is the CVE-2014-0160? |
| 2 |
Why it is called the Heartbleed Bug? |
| 3 |
What makes the Heartbleed Bug unique? |
| 4 |
Is this a design flaw in SSL/TLS protocol specification? |
| 5 |
What is being leaked? |
| 6 |
What is leaked primary key material and how to recover? |
| 7 |
What is leaked secondary key material and how to recover? |
| 8 |
What is leaked protected content and how to recover? |
| 9 |
What is leaked collateral and how to recover? |
| 10 |
Recovery sounds laborious, is there a short cut? |
| 11 |
How revocation and reissuing of certificates works in practice? |
| 12 |
Am I affected by the bug? |
| 13 |
What versions of the OpenSSL are affected? |
| 14 |
How common are the vulnerable OpenSSL versions? |
| 15 |
How about operating systems? |
| 16 |
How can OpenSSL be fixed? |
| 17 |
Should heartbeat be removed to aid in detection of vulnerable services? |
| 18 |
Can I detect if someone has exploited this against me? |
| 19 |
Can IDS/IPS detect or block this attack? |
| 20 |
Can attacker access only 64k of the memory? |
| 21 |
Is this a MITM bug like Apple's goto fail bug was? |
| 22 |
Does TLS client certificate authentication mitigate this? |
| 23 |
Does OpenSSL's FIPS mode mitigate this? |
| 24 |
Does Perfect Forward Secrecy (PFS) mitigate this? |
| 25 |
Can heartbeat extension be disabled during the TLS handshake? |
| 26 |
Who found the Heartbleed Bug? |
| 27 |
What is the Defensics SafeGuard? |
| 28 |
Who coordinates response to this vulnerability? |
| 29 |
Is there a bright side to all this? |
| 30 |
What can be done to prevent this from happening in future? |
| 31 |
Where to find more information? |
