Impact of Heartbleed for Gluu Customers - PowerPoint PPT Presentation

About This Presentation
Title:

Impact of Heartbleed for Gluu Customers

Description:

If you are running a Shibboleth IDP front ended by an Apache HTTPD server, the private SAML IDP key in the JVM’s memory (i.e. tomcat) would not be exposed to the Apache httpd process. – PowerPoint PPT presentation

Number of Views:43

less

Transcript and Presenter's Notes

Title: Impact of Heartbleed for Gluu Customers


1
 Impact of Heart bleed for Gluu Customers
  • This blog provides a good analysis to understand
    the impact of Heart bleed
  •  
  • If you are running a Shibboleth IDP front ended
    by an Apache HTTPD server, the private SAML IDP
    key in the JVMs memory (i.e. tomcat) would not
    be exposed to the Apache httpd process.
  •  
  • However, if the web servers private key is
    compromised, and then you have HTTP, not HTTPS!
  •  
  • Password credentials could have leaked. After
    patching and re-keying the server, people should
    be advised to reset their password credentials.
  •  
  • I think this is the biggest impact.
  • It highlights the cost of our societal
    over-reliance on passwordsbasically the cost of
    doing nothing. Passwords stolen from one site are
    used elsewhere. So even if your web server wasnt
    compromised, a person maybe has the same password
    in a server that was. So the integrity of
    password authentication has managed to slip to a
    new all-time low.
Write a Comment
User Comments (0)
About PowerShow.com