Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

CrowdStrike Releases Heartbleed Scanner

After details of the critical “Heartbleed” vulnerability in OpenSSL emerged earlier this month, there has been widespread concern among system administrators, network security teams, software developers and essentially anyone with any technical connection to the Internet.

After details of the critical “Heartbleed” vulnerability in OpenSSL emerged earlier this month, there has been widespread concern among system administrators, network security teams, software developers and essentially anyone with any technical connection to the Internet.

Heartbleed Scanner

In short, the Heartbleed vulnerability allows attackers to repeatedly access 64K blocks of memory by sending a specially crafted packet to a server running a vulnerable version of OpenSSL. 

In response to significant concern, CrowdStrike has released a free tool aimed at helping organizations detect the presence of systems (such as web servers, VPNs, secure FTP servers, databases, routers, phones etc.) on their networks that are vulnerable to the OpenSSL Heartbleed vulnerability.

“We realized that there was a largely unmet demand for an easy to use UI tool capable of also scanning the internal networks and non-HTTPS services for this vulnerability since this problem is so much bigger than just external websites,” Dmitri Alperovitch, Co-Founder & CTO of CrowdStrike wrote in a blog post

Developed by CrowdStrike’s Robin Keir, and released as a free tool available to anyone, CrowdStrike Heartbleed Scanner shows a list of vulnerable servers and outputs the contents of the 64kb of memory that a vulnerable server returns back to the heartbeat SSL request.

The scanner runs on both 32-bit and 64-bit versions of Windows XP or later and can be downloaded here

Related: Heartbleed Flaw Used to Bypass Two-factor Authentication, Hijack User Sessions: Mandiant

Advertisement. Scroll to continue reading.
Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is founder and director of several leading cybersecurity industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Shane Barney has been appointed CISO of password management and PAM solutions provider Keeper Security.

Edge Delta has appointed Joan Pepin as its Chief Information Security Officer.

Vats Srivatsan has been appointed interim CEO of WatchGuard after Prakash Panjwani stepped down.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.