What is Heartbleed, anyway?
If you're an IT professional, gadget blogger or token geek in your circle of friends, chances are, you've been hounded relentlessly over the past couple of days about "this Heartbleed thing."
"Do I need to update my antivirus?"
"Can I login to my bank account now?"
"Google already fixed it, right?"
We've heard them all, but the answers aren't all that clear or simple. In an attempt to take the pressure off -- it is the weekend after all -- we've put together a primer that should answer all of those questions and a few more. Next time someone asks you about that "Heartbleed thing," just shoot them in our direction.
HOW IT WORKS
The problem affects a piece of software called OpenSSL, used for security on popular web servers. With OpenSSL, websites can provide encrypted information to visitors, so the data transferred (including usernames, passwords and cookies) cannot be seen by others while it goes from your computer to the website.
OpenSSL is an open-source project, meaning it was developed by really talented volunteers, free of charge, to help the internet community. It happens that version 1.0.1 of OpenSSL, released on April 19th, 2012, has a little bug (a mistake introduced by a programmer) that allows for a person (including a malicious hacker) to retrieve information on the memory of the web server without leaving a trace. This honest mistake was introduced with a new feature implemented by Dr. Robin Seggelmann, a German programmer who often contributes security code.
Heartbleed exploits a built-in feature of OpenSSL called heartbeat.
Heartbleed exploits a built-in feature of OpenSSL called heartbeat. When your computer accesses a website, the website will respond back to let your computer know that it is active and listening for your requests: This is the heartbeat. This call and response is done by exchanging data. Normally when your computer makes a request, the heartbeat will only send back the amount of data your computer sent. However, this is not the case for servers currently affected by the bug. The hacker is able to make a request to the server and request data from the server's memory beyond the total data of the initial request, up to 65,536 bytes.
Replies to This Discussion
-
Permalink Reply by truth on
-
Heartbleed is about to get worse, and it will slow the Internet to ...
Efforts to fix the notorious Heartbleed bug threaten to cause major disruptions to the Internet over the next several weeks as companies scramble to repair encryption systems on hundreds of thousands of Web sites at the same time, security experts say.
Estimates of the severity of the bug’s damage have mounted almost daily since researchers announced the discovery of Heartbleed last week. What initially seemed like an inconvenient matter of changing passwords for protection now appears much more serious. New revelations suggest that skilled hackers can use the bug to create fake Web sites that mimic legitimate ones to trick consumers into handing over valuable personal information.
-
Permalink Reply by Tara on
-
I know at work, our registers and computers have been bogged down more than normal. I wonder if 'Heartbleed' is the culprit?
-
Permalink Reply by Central Scrutinizer on
-
Permalink Reply by Christopher on
-
"Canadians filing taxes late due to 'Heartbleed' bug won't face penalties: CRA"
Canada Revenue Agency says Canadians will not face penalties if they’re late in filing their 2013 tax returns as a result of the 'Heartbleed' bug that forced the shutdown of the agency's website.
Link to original story: http://www.ctvnews.ca/canada/canadians-filing-taxes-late-due-to-hea...
The Android 4.1.1 system is susceptible to the "Reverse Heartbleed" virus - a variation of the bug that has alarmed authorities worldwide and last week helped hackers to steal social insurance numbers from the Canada Revenue Agency.
Link to original story: http://www.scmp.com/news/hong-kong/article/1492049/warning-heartble...
"Canadian arrested for hacking revenue agency using Heartbleed security bug"
Solis-Reyes, of London, Ontario, is suspected of stealing around 900 Social Insurance Numbers (SIN)
Link to original story: http://rt.com/news/heartbleed-arrest-canada-security-016/
"Did consumers know that websites for Netflix, Four Seasons Hotels, Turbo Tax, Amazon Web Services and Yahoo were all affected by Heartbleed, too? Probably not."
Link to original story: http://www.ottawacitizen.com/business/Heartbleed+wake+call+increasi...
"Destroying the New World Order"
THANK YOU FOR SUPPORTING THE SITE!
Latest Activity
- Top News
- Everything
Death of an F-106 Pilot in Pursuit of the Unknown
The year in between 1970 and 1972 on July 14 on a single night when a series of events led to the…See More
"Hey, buddy! You're right, I can't get into my account! "
The Re-Evaluation of our Current Reality
Surprisingly, there has been talk of mankind being enveloped in an artificial reality for decades…See More
Source: Havana Syndrome investigation is "a massive CIA cover-up" | 60 Minutes
For years, the U.S. government has doubted the stories of those suffering from AHI, commonly called Havana Syndrome. Now, victims hope that reports of a newl...
Regrets That Cling to Me
Talking with my shadow in the nightI know it sounds contriteA vacuum without the lightThe silence…See More
Reality Is now Becoming Unhinged
Let’s take a trip down the modern-day rabbit hole we call everyday news and events, but on a more…See More
Ghislaine Maxwell & The Secret "Shadow" 9/11 Commission? | John Kiriakou
"You tuber Sabby Sabs sums up and joins dots. Don't miss this one."
"The Warriors is one of my favorite movies. I couldn't help but laugh at this spoof."
"cheeki kea, You might want to see predictions made by Robert Welch in 1957 and 1974 stating that…"
"cheeki kea, good points. We have a world full of twisted allied agendas that seem contradictory,…"
Ghislaine Maxwell & The Secret "Shadow" 9/11 Commission? | John Kiriakou
In this gripping excerpt from the Julien Dorey podcast, former CIA officer and whistleblower John Kiriakou reacts to a leaked email from 2003. The document r...
"Greetings to you Holyroller very awesome you've joined up with us all. I know you'll find…"
"Yes it's a sad and sorry situation we see evolving here. On one front and it's a large…"
When the Communists Take Over America!...Famous 1957 Anti-Communist Movie
"I remember this when I was a little seeing it on TV years after it was filmed and it scared me even…"
When the Communists Take Over America!...Famous 1957 Anti-Communist Movie
Starring Jack Webb and Robert Conrad, this 1957 movie by the United States Armed Forces Information Agency is perhaps the best known anti-communist movie eve...
© 2026 Created by truth.
Powered by
