论文信息 - A Review and Analysis on Heartbleed on Italian Websites, a Year Later

A Review and Analysis on Heartbleed on Italian Websites, a Year Later

Heartbleed, a big Open Secure Socket Layer (OpenSSL) vulnerability appeared on the web on 7th April 2014. This highly risked vulnerability enabled attackers to remotely read protected memory contents from Hyper Text Transfer Protocol Secure (HTTPS) sites. In this paper, the authors will review and analyze Heartbleed vulnerability effects on secured websites, a year later (April 2015). To accomplish this, we conducted an analysis on a dataset of 100 Italian public and private sector websites like banks, stock exchanges, Cloud Organizations and services on HTTPS websites, thereby obtained that only 1% of the websites show the vulnerability. However, new vulnerabilities as Padding Oracle on Downgraded Legacy Encryption (POODLE) & Factoring Attack on RSA-Export Keys (FREAK) affect a lot of websites, particularly the websites used as point of accesses of Italian telematics process. We concluded the paper with the analysis of the Cloud risks that are very harmful for the Cloud customers as well as the Cloud venders due to Heartbleed attack. Keywords–Heartbleed; OpenSSL; Poodle; Freak; Vulnerability.

[1] Emmanuel Dreyfus. TLS hardening , 2014, ArXiv.

[2] Duong,et al. Here Come The ⊕ Ninjas Thai , 2011 .

[3] Muhammad Imran Tariq,et al. Towards Information Security Metrics Framework for Cloud Computing , 2012, CloudCom 2012.

[4] Camilius Sanga,et al. Using soft systems methodology and activity theory to exploit security of web applications against heartbleed vulnerability , 2015 .