Heartbleed: First reports of exploits emerge, warns US government agency

By Graeme Burton
11 Apr 2014 View Comments
Heartbleed has created problems across the web world

The US Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), a part of the Deparment of Homeland Security, has warned that the first sightings of exploits seeking to take advantage of well-publicised security flaws in OpenSSL have appeared in the wild.

OpenSSL is an open-source security tool widely used to encrypt passwords when people log-in to a system. A flaw in the implementation of OpenSSL could allow the private key used in a Secure Sockets Layer (SSL) communication to be exposed. An attacker could then decrypt and read any secure data passed on the network link.

Further reading

In a freshly revised alert, the organisation warned that there are already indications that exploits have emerged to take advantage of the security flaw.

"ICS-CERT is aware of a public report of a vulnerability with proof-of-concept (PoC) exploit code that could expose private SSL keys used in the OpenSSL implementation of secure communication," claims the advisory.

It continues: "According to this report, the vulnerability in OpenSSL Versions 1.0.1 through 1.0.1f contain a flaw in its implementation of the transport layer security/datagram transport layer security (TLS/DTLS) heartbeat functionality that could disclose private/encrypted information to an attacker.

Ironically, while the ICS-CERT, one part of the US government, is battling to minimise the fall-out from the security flaw, another part of the US government - the US National Security Agency, predictably enough - has covertly been exploiting the flaw for at least two years, according to reports out today.

Reader comments
blog comments powered by Disqus
Newsletters
Windows 10 - will you upgrade?

Microsoft has made an early version of Windows 10 - its next operating system - available for download. The OS promises better integration and harmonisation across platforms, including mobile and desktop. Will your business be upgrading?

35 %
31 %
14 %
20 %