Impact levels : Heartbleed vs. Bugs Bash Bugs | Revista Publicando
Impact levels : Heartbleed vs. Bugs Bash Bugs
Vol. 2 No. 5 (2015), Information Sciences
Vol. 2 No. 5 (2015)

Impact levels : Heartbleed vs. Bugs Bash Bugs

Information Sciences
Published 2015-10-20
Janeth Inés Mora Secaira
Quevedo State Technical University
Juan Pablo Verrezueta Vásquez
Luber Distributor
Vol 2. No 5. 2015
Ver PDF (ES)

Keywords

Heartbleed
Bash
Bug
Ciberseguridad
OpenSSL
Heartbeat
Vulnerabilidad. Heartbleed
Bash
Bug
Cybersecurity
OpenSSL
Heartbeat
Vulnerability

How to Cite

Mora Secaira, J. I., & Verrezueta Vásquez, J. P. (2015). Impact levels : Heartbleed vs. Bugs Bash Bugs. Revista Publicando, 2(5), 65-77. Retrieved from https://revistapublicando.org/revista/index.php/crv/article/view/104
ACM ACS APA ABNT Chicago Harvard IEEE MLA Turabian Vancouver

Download Citation

Endnote/Zotero/Mendeley (RIS) BibTeX

Abstract

Social, economic and cultural relations depend, increasingly, technologies and infrastructure of information and communication (cyberspace), making it necessary to articulate a national security system cybersecurity (Fojon, 2010). The vulnerabilities of information systems coupled with the diversity of exploit in the second quarter of 2014 left exposed for more than two years since its verification or heartbleed security hole present in the OpenSSL Bug (Gujrathi, 2014) library, which allowing reading some information in the RAM of the computer, enterprise-level scenarios of financial, electronic service providers and others, compromising information from millions of users. Until the date of rectification heartbleed, was considered the main mistake of the flaws that have suffered servers throughout history, without being more than a programming error, that little by little was solved by deploying patches and updates OpenSSL libraries to protocol. Unfortunately, in September 2014, the presence of a new vulnerability was determined Bash, the same that is based on the command line that runs on Linux and Mac OS platforms, referring to a simple process as the cutting and pasting of the code.
To demonstrate these vulnerabilities a virtual scenario arises. Thus the level of impact that has each of these issues will be determined, a comparison between them and indicate what would be the measures to take in case of such problems in these solutions.

Ver PDF (ES)

References

Amour, L. S., & Petullo, W. M. (2015). Improving Application Security Through TLS-Library Redesign

Britos, D., Vargas, L., Arias, S., Giraudo, N., & Veneranda, G. (2013). Laboratorio Remoto Virtual para la Enseñanza de. Tercera Conferencia de Directores de Tecnologí­a de Información y Comunicación en las Instituciones de Educación Superior: soluciones de Enseñanza y la Investigación. Cartagena de Indias.

Blacksun, S. (2014). BLACKSUN. Obtenido de HeartBleed Explained: https://support.blacksun.ca/index .php?/News/NewsItem/View/74/ blacksun-update--heartbleedexplained

Cve-2014-0160. (2015). common vulnerabilities and exposures. obtenido de https://cve.mitre.org/cgibin/ cvename.cgi?name=CVE- 2014-0160.

Cve-2014-6271. (2014). common vulnerabilities and exposures. obtenido de https://cve.mitre.org/cgibin/ cvename.cgi?name=cve- 2014-6271

Durumeric, Z., Kasten, J., Adrian, D., Halderman, J. A., Bailey, M., Li, F., ... & Paxson, V. (2014, November). The matter of Heartbleed. In Proceedings of the 2014 Conference on Internet Measurement Conference (pp. 475-488). ACM.

Fernández, V. (2012). Dolthink Tecnologí­a e Inovación. Obtenido de Compras seguras en Internet: http://www.dolthink.com/compr as-seguras-internet.html

Fojón Chamorro, e., & sanz villalba, á. f. (2010). ciberseguridad en España: una propuesta para su gestión. ARI, 102, 2010.

Graham, R. (2014). Bash 'shellshock' bug is wormable. Obtenido de http://blog.erratasec.com/2014/0 9/bash-shellshock-bug-iswormable.

html#.VRhefuGRZoh Internet Engineering Task Force - IETF. (2012). Transport Layer Security (TLS) and Datagram Transport

Jawi, S. M., Ali, F. H. M., & Zulkipli, N. H. N. (2015). Nonintrusive SSL/TLS Proxy with JSON-Based Policy. In Information Science and Applications (pp. 431-438). Springer Berlin Heidelberg.

Nacional, c. c. (2012). guí­a avanzada nmap. Valencia

Netcraft. (2015). March 2015 Web Server Survey. Obtenido de http://news.netcraft.com/archives/2015/03/19/march-2015-web-server-survey.html#more-18769

Ramos, D. A., & Engler, D. (2015). Under-Constrained Symbolic Execution: Correctness Checking for Real Code. In 24th USENIX Security Symposium (USENIX Security 15). USENIX Association.

Saleem, S. (2015). Analysing the Resolution of Security Bugs in Software Maintenance (Doctoral dissertation, The Open University).

Servidio, j. s., & taylor, r. d. (2015). safe and sound: cybersecurity for community banks. journal of taxation & regulation of financial institutions,28(4).

ZNET. (2014). First attacks using'shellshock' Bash bug discovered

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Copyright (c) 2019 Janeth Inés Mora Secaira, Juan Pablo Verrezueta Vásquez

Downloads

Download data is not yet available.