Category Archives: Security

How does the Heartbleed bug work?

The Heartbleed bug is everywhere, so it is nice to understand it a little. xkcd has drawn it, but a few words might help to interpret his comic. The “heartbeat” option allows a computer to check that it still has a connection to a server. The computer sends a message, for example “asdfgh” that the server repeats back to acknowledge that it is there. Now, the bug allows tricking the server by telling it that the message sent is much longer than it really is, for example saying that the message “asdfgh” is 64 000 characters. Then the server does not stop after “asdfgh,” but continues with further 63 994 characters from its memory. Since many people use one server, these extra characters may contain usernames and passwords that other people have entered. The heart bleeds.

More information and advice about how to protect oneself at Vox or thousands of other places.

Enhanced by Zemanta
Advertisements