Homework 4
CSCE 813 – Farkas
Spring 2014
Score: 10 points
Due: April 25, 2014 2:00 am
1. Consider the Heartbleed vulnerability of OpenSSL. Find a technical description of the vulnerability. You can start out at the general description on Wikipedia, http://en.wikipedia.org/wiki/Heartbleed
a. Briefly explain the basis of the vulnerability.
b. Consider the March 3rd lecture and the Risk Analysis in Software Design publication by Gary McGraw, http://www.cigital.com/papers/download/bsi3-risk.pdf
c. Explain how the Heartbleed vulnerability could have been prevented by following the secure software development approach.
2. Examine how your browser (choose one) handles certificates and cookies.
a. Comment on what information can be obtained from the certificates and cookies and how it can be used for good and bad.
b. Show how to enable certificate revocation check in your browser.
c. What is the performance degradation when you enable the check?