HeartBleed memo
HeartBleed : http://heartbleed.com/
- Reference: http://www.symantec.com/content/ja/jp/enterprise/images/outbreak/Heartbleed_vulnerability.pdf
- http://www.gizmodo.jp/2014/04/heartbleed.html
- Heartbeat を利用した攻撃
1. Request for Heartbeat
- Declaration payload size : 64KB
- Actual payload size : 0KB
2. Write payload on Memory
3. Response for Heartbeat
- Response payload size : 64KB
About Heartbeat:
This is expand function for TLS protocol
This keeps TLS session while no connection