Heartbleed Bug Series – Part 1: So, what is this, anyways?

The newly discovered Heartbleed bug is being touted as the Web’s worst security bug ever. So, I decided to write a series of 3 posts explaining what it is, which sites are affected and what you should do to protect yourselves from this “Greatest Virtual Horror of All Time.” 

So, what does it do?

It allows hackers to steal passwords and login details when users visit vulnerable sites — undetected. Now what’s even worse is that the affected sites probably have no idea they’re vulnerable.

Some experts have even estimated that up to 66% of the Internet’s servers could be affected. Also, each server has to be fixed manually so, it could take a while to do it.

But, how can this be? The web is so secure!

The web is not secure. It seems to be secure!

The problem affects a piece of software called OpenSSL, which is used for security on popular web servers. With OpenSSL, websites can provide encrypted information to visitors, so the data transferred (including usernames, passwords, and cookies) cannot be seen by others while it goes from your computer to the website.

OpenSSL is an open source project, meaning it was developed by really talented volunteers, free of charge, to help the internet community. It happens that version 1.0.1 of OpenSSL, released on April 19, 2012, has a little bug that allows for a person (who may be a malicious hacker) to retrieve information from the memory of the web server without leaving a trace. This honest mistake was introduced with a new feature implemented by Dr. Robin Seggelmann, a German programmer who often contributes to security code.

 

Heartbleed exploits a built-in feature of OpenSSL called “heartbeat.”

When your computer accesses a website, the website will respond back to let your computer know that it is active and listening for your requests: this is called “heartbeat”. This call and response is done by exchanging data. Normally when your computer makes a request, the heartbeat will only send back the amount of data your computer sent. However, this is not the case for servers currently affected by the bug. The hacker is able to make a request to the server and request data from the servers memory beyond the total data of the initial request, up to 65,536 bytes.

The data that lives beyond this request “may contain data left behind from other parts of OpenSSL” according to CloudFlare. What’s stored in that extra memory space is completely dependent on the platform. As more computers access the server, the memory at the top is recycled. This means that previous requests may still reside in the memory block the hacker requests back from the server. Now, these bits of data consist of login credentials, cookies and other data that can be exploited by hackers.

I still don’t get it. Could you explain it in an easier-to-understand way?

Alright here are a couple of webcomics, from Xkcd, which might help you understand Heartbleed in an easier way:

heartbleed_explanation

 

heartbleed

 

Check out other parts of the series:

Heartbleed Bug Series Part-2: How bad is it?

Heartbleed Bug Series Part-3: How to protect oneself?

 

Advertisements

Published by

Shaminder Pal Singh

I am a student by day and tech blogger by night. I try to bring to the public the latest and greatest news from the tech world!

2 thoughts on “Heartbleed Bug Series – Part 1: So, what is this, anyways?”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s