How does the Heartbleed bug work?

1 Reply

The Heartbleed bug is everywhere, so it is nice to understand it a little. xkcd has drawn it, but a few words might help to interpret his comic. The “heartbeat” option allows a computer to check that it still has a connection to a server. The computer sends a message, for example “asdfgh” that the server repeats back to acknowledge that it is there. Now, the bug allows tricking the server by telling it that the message sent is much longer than it really is, for example saying that the message “asdfgh” is 64 000 characters. Then the server does not stop after “asdfgh,” but continues with further 63 994 characters from its memory. Since many people use one server, these extra characters may contain usernames and passwords that other people have entered. The heart bleeds.

More information and advice about how to protect oneself at Vox or thousands of other places.

Enhanced by Zemanta

1 thought on “How does the Heartbleed bug work?

  1. Pingback: One year blogging anniversary | Ø-blog

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.