ADDRESS
- Address: 185 S Orange Ave, Newark, NJ 07103
- Email: hw289@njms.rutgers.edu
- Website: http://research.njms.rutgers.edu
- Telephone:973-972-5237
Heartbleed OpenSSL Vulnerability: a Forensic Case Study at Medical School
Image courtesy of FenixFeather
Heartbleed vulnerability in OpenSSL was released to public that remote attacker may get sensitive data, possibly including user authentication credentials and secret keys, through incorrect memory handling in the TLS heartbeat extension. By choosing this topic, the case study I am doing is real, including the case analysis, procedures and findings. My employer is a public institution which has several medical schools with clinical practices instead of a for-profit company. The institution has been notified to take further actions and procedures including internal audit including server inventory audit and risk assessment. Initial internal audit has been completed in a short timeframe and user communities are kept updated. Further Phase 2 work is still ongoing and is not completed yet as external auditors is involved and the senior management and corporate office of information technology are taking the lead.
Keywords: Heartbleed, Vulnerability, IT Audit, SSL