It’s a technology fact: virtual peripherals controls hardware peripherals in the virtual domain size.
Once a system is connected to the Internet, the virtual domain assumes the dimensions of the Internet: worldwide.
Your screen, your webcam, your microphone, your input methods, your disks… practically each part of your computer/smartphone/device is controllable by the Internet.
Sometimes these features are enabled by the owner, other times by pirates attacking the system of the victim with a malware and least but not last, standing to Snowden revelations, even Governmental interception systems has the capability of activate a data stream from you computer.
In the previous article we have seen in depth how the Heartbleed vulnerability works. In practice we have seen the version of the bug usable in a client that attacks a server scenario (go to the article to learn more). What we will see now is the reverse vulnerability exploitation, where a malicious server attacks a vulnerable client.
The reverse heartbleed, in fact is dangerous too, because many clients are not upgradeable and will not receive fix for the openssl vulnerable version installed.
Stop the World, we are going to talk about the security news of the week (maybe of the month or of the year too): the hearbleed bug (MITRE CVE).
For one who hadn’t already read something about it, the heartbleed bug is a bug of the openssl library, used to encrypt internet traffic between between client and server and also for the server authentication step.
The heartbleed bug allow the attacker to get back, after a well crafted heartbeat request, 64kbyte of server memory. What can be stored in these 64KB? Everything, encryption keys included, and the attack is not traceable.