SSL is cryptographic protocol for secure comunications.
How does SSL work?
- Client initiate a connection
- Server sends back un encrypted certificate
- Certificate contains server name, certificate authority, public key
- Client decrypt the certificate using the public key
- Client checks CA against his browser CA trusted list
- Client encrypts a secret number, using public key
- Server decrypt secret number
- Now both parts have the secret number
Install & use on Linux
Install & use on Windows
Heartbleed Bug (OpenSSL)
When users are connecting to a server, the memory is recicled.
A hacker may be able to make a request beyond the size of his request.
Firesheep (Firefox add-on)
Is an add-on that demonstrate how big the problem is.