The Matter of Heartbleed

Durumeric, Zakir; Li, Frank; Kasten, James; Amann, Johanna; Beekman, Jethro G.; Payer, Mathias; Weaver, Nicolas; Adrian, David; Paxson, Vern; Bailey, Michael; Halderman, J. Alex

doi:10.1145/2663716.2663755

articleNov 5, 2014GOLD OA

The Matter of Heartbleed

ZDZakir Durumeric FLFrank Li JKJames Kasten JAJohanna Amann JGJethro G. Beekman

University of California, Berkeley · University of Michigan–Ann Arbor · +3 more institutions

Indexed incrossref

Abstract

The Heartbleed vulnerability took the Internet by surprise in April 2014. The vulnerability, one of the most consequential since the advent of the commercial Internet, allowed attackers to remotely read protected memory from an estimated 24--55% of popular HTTPS sites. In this work, we perform a comprehensive, measurement-based analysis of the vulnerability's impact, including (1) tracking the vulnerable population, (2) monitoring patching behavior over time, (3) assessing the impact on the HTTPS certificate ecosystem, and (4) exposing real attacks that attempted to exploit the bug. Furthermore, we conduct a large-scale vulnerability notification experiment involving 150,000 hosts and observe a nearly 50%…

Citation impact

654

total citations

FWCI: 81.18
Percentile: 100%
References: 5

Citations per year

Authors

11

Topics & keywords

Topics

Keywords

Exploit
Vulnerability (computing)
Computer security
Surprise
Certificate
Computer science
The Internet
Population

No related works found for this paper.