Watch every course in the library with a membership.
Each course includes high-quality videos taught by expert instructors.

Start Your Free Trial Now

Heartbleed Tactics for Small IT Shops

with David Gassner

Video: Understanding the nature of the Heartbleed bug

Protect your sites—and your servers—from Heartbleed. Learn how to audit, test, and fix vulnerability issues associated with OpenSSL.
please wait ...
Heartbleed Tactics for Small IT Shops
Video duration: 0s 16m 43s Beginner


Protect your sites—and your servers—from Heartbleed. This course is aimed at administrators that maintain their own small servers, and provides the information needed to diagnose as well as fix any problems. David Gassner shows how to test your secure servers, fix the services that use the compromised OpenSSL software, and audit your other vulnerable systems.

Developer IT

Understanding the nature of the Heartbleed bug

As has been widely publicized, a severe hole in internet security, known as The Heartbleed Bug has been discovered. This bug affects a significant percentage of secure HTTP servers around the world. Heartbleed is a bug in OpenSSL, an open Source Software Package that's widely used to manage security certificates and encryption between internet clients and servers. It primarily affects HTTP servers, the servers that host websites, and specifically HTTP servers that use OpenSSL versions 1.0.1, through 1.0.1f.

This isn't an architectural problem with OpenSSL itself, it's just some bad code that was introduced into the product. The bug is in the implementation of the Transport Layer Security protocol, or TLS and specifically, a part of the protocol known as the heartbeat extension. The heartbeat extension is used to create a handshake between a client and a server, as they initiate encrypted communication. The problem, is that this bug allows memory and data to leak through.

Here's the technical description, a missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. 64k doesn't sound like a lot, but this hole in the security of the TLS heartbeat extension can be exploited over and over again once it's been discovered. This means that servers and client computers, and even mobile devices such as cell phones and tablets that are connected to the internet are potentially vulnerable if they use particular versions of Open SSL.

As an IT administrator or business owner, it's critical to understand the nature of the bug, how to find out whether your systems are vulnerable, and how to go about fixing the issue. Here's the sort of data that can be leaked through the Heartbleed bug. Primary keys are the digital security certificates, that manage encryption. These are the keys to the kingdom. And the heartbleed bug lets those leak from server memory. Also, secondary keys such as user credentials, user names and passwords, or other information that's being used to authenticate users can be leaked.

Once that information has been compromised it's possible to get to other protected contents, information as sensitive as credit card numbers. And finally, collateral information such as memory addresses or other internal technical info. Some of this information is temporary and transient. For example, if someone has captured memory addresses. From a current server session it wouldn't be useful once you've updated OpenSSL to a safe version, and restarted your server. But everything else that might have been compromised needs to be closely evaluated, and if warranted, it needs to be changed.

This is laborious and a major pain, but it might be necessary. Don't underestimate this issue. If you secure hosted services, you should immediately find out whether your systems need attention. Some organizations including national governments, have actually shut down critical web-based services until they're confident that this bug has been corrected on their servers. It's that serious. Deal with it now and you might save yourself some bigger trouble down the road.

You can easily find out whether your systems are vulnerable, if they are vulnerable it's tough to know what information might have been stolen, if any, so it's best to be safe. Security experts world wide are recommending that you change or replace potentially compromised security assets, such as certificates, passwords, and so on. To learn more about the bug and find resources to deal with it, go to the website that's been set up for this purpose at This webpage will be kept up to date as information develops.

It includes information about the nature of the bug, and, down at the bottom at the page, a list of resources that you can use to find out how to deal with particular servers. In the following movies I'll describe key strategies you can follow, to find and fix vulnerabilities in your own systems.

There are currently no FAQs about Heartbleed Tactics for Small IT Shops.






Don't show this message again
Share a link to this course

What are exercise files?

Exercise files are the same files the author uses in the course. Save time by downloading the author's files instead of setting up your own files, and learn by following along with the instructor.

Can I take this course without the exercise files?

Yes! If you decide you would like the exercise files later, you can upgrade to a premium account any time.

Become a member Download sample files See plans and pricing

Please wait... please wait ...
Upgrade to get access to exercise files.

Exercise files video

How to use exercise files.

Learn by watching, listening, and doing, Exercise files are the same files the author uses in the course, so you can download them and follow along Premium memberships include access to all exercise files in the library.

Exercise files

Exercise files video

How to use exercise files.

For additional information on downloading and using exercise files, watch our instructional video or read the instructions in the FAQ .

This course includes free exercise files, so you can practice while you watch the course. To access all the exercise files in our library, become a Premium Member.

* Estimated file size

Are you sure you want to mark all the videos in this course as unwatched?

This will not affect your course history, your reports, or your certificates of completion for this course.

Mark all as unwatched Cancel


You have completed Heartbleed Tactics for Small IT Shops.

Return to your organization's learning portal to continue training, or close this page.


Upgrade to View Courses Offline


With our new Desktop App, Annual Premium Members can download courses for Internet-free viewing.

Upgrade Now

After upgrading, download Desktop App Here.

Become a Member and Create Custom Playlists

Join today and get unlimited access to the entire library of online learning video courses—and create as many playlists as you like.

Get started

Already a member?

Log in

Exercise files

Learn by watching, listening, and doing! Exercise files are the same files the author uses in the course, so you can download them and follow along. Exercise files are available with all Premium memberships. Learn more

Get started

Already a Premium member?

Exercise files video

How to use exercise files.

Ask a question

Thanks for contacting us.
You’ll hear from our Customer Service team within 24 hours.

Please enter the text shown below:

Exercise files

Access exercise files from a button right under the course name.

Mark videos as unwatched

Remove icons showing you already watched videos if you want to start over.

Control your viewing experience

Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.

Interactive transcripts

Click on text in the transcript to jump to that spot in the video. As the video plays, the relevant spot in the transcript will be highlighted.

You started this assessment previously and didn’t complete it.

You can pick up where you left off, or start over.

Resume Start over

Learn more, save more. Upgrade today!

Get our Annual Premium Membership at our best savings yet.

Upgrade to our Annual Premium Membership today and get even more value from your subscription:

“In a way, I feel like you are rooting for me. Like you are really invested in my experience, and want me to get as much out of these courses as possible this is the best place to start on your journey to learning new material.”— Nadine H.

Thanks for signing up.

We’ll send you a confirmation email shortly.

Sign up and receive emails about and our online training library:

Here’s our privacy policy with more details about how we handle your information.

Keep up with news, tips, and latest courses with emails from

Sign up and receive emails about and our online training library:

Here’s our privacy policy with more details about how we handle your information.

submit Lightbox submit clicked
Terms and conditions of use

We've updated our terms and conditions (now called terms of service).Go
Review and accept our updated terms of service.