How does the Heartbleed bug work?

The Heartbleed bug is everywhere, so it is nice to understand it a little. xkcd has drawn it, but a few words might help to interpret his comic. The “heartbeat” option allows a computer to check that it still has a connection to a server. The computer sends a message, for example “asdfgh” that the server repeats back to acknowledge that it is there. Now, the bug allows tricking the server by telling it that the message sent is much longer than it really is, for example saying that the message “asdfgh” is 64 000 characters. Then the server does not stop after “asdfgh,” but continues with further 63 994 characters from its memory. Since many people use one server, these extra characters may contain usernames and passwords that other people have entered. The heart bleeds.

More information and advice about how to protect oneself at Vox or thousands of other places.

Enhanced by Zemanta
Advertisements

One thought on “How does the Heartbleed bug work?

  1. Pingback: One year blogging anniversary | Ø-blog

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s