If you're an IT professional, gadget blogger or token geek in your circle of friends, chances are, you've been hounded relentlessly over the past couple of days about "this Heartbleed thing."

"Do I need to update my antivirus?"

"Can I login to my bank account now?"

"Google already fixed it, right?"

We've heard them all, but the answers aren't all that clear or simple. In an attempt to take the pressure off -- it is the weekend after all -- we've put together a primer that should answer all of those questions and a few more. Next time someone asks you about that "Heartbleed thing," just shoot them in our direction.

HOW IT WORKS

The problem affects a piece of software called OpenSSL, used for security on popular web servers. With OpenSSL, websites can provide encrypted information to visitors, so the data transferred (including usernames, passwords and cookies) cannot be seen by others while it goes from your computer to the website.

OpenSSL is an open-source project, meaning it was developed by really talented volunteers, free of charge, to help the internet community. It happens that version 1.0.1 of OpenSSL, released on April 19th, 2012, has a little bug (a mistake introduced by a programmer) that allows for a person (including a malicious hacker) to retrieve information on the memory of the web server without leaving a trace. This honest mistake was introduced with a new feature implemented by Dr. Robin Seggelmann, a German programmer who often contributes security code.

Heartbleed exploits a built-in feature of OpenSSL called heartbeat.

Heartbleed exploits a built-in feature of OpenSSL called heartbeat. When your computer accesses a website, the website will respond back to let your computer know that it is active and listening for your requests: This is the heartbeat. This call and response is done by exchanging data. Normally when your computer makes a request, the heartbeat will only send back the amount of data your computer sent. However, this is not the case for servers currently affected by the bug. The hacker is able to make a request to the server and request data from the server's memory beyond the total data of the initial request, up to 65,536 bytes.

Much more here

Views: 110

Reply to This

Replies to This Discussion

Heartbleed is about to get worse, and it will slow the Internet to ...

Efforts to fix the notorious Heartbleed bug threaten to cause major disruptions to the Internet over the next several weeks as companies scramble to repair encryption systems on hundreds of thousands of Web sites at the same time, security experts say.

Estimates of the severity of the bug’s damage have mounted almost daily since researchers announced the discovery of Heartbleed last week. What initially seemed like an inconvenient matter of changing passwords for protection now appears much more serious. New revelations suggest that skilled hackers can use the bug to create fake Web sites that mimic legitimate ones to trick consumers into handing over valuable personal information.

I know at work, our registers and computers have been bogged down more than normal. I wonder if 'Heartbleed' is the culprit?

"Canadians filing taxes late due to 'Heartbleed' bug won't face penalties: CRA"

Canada Revenue Agency says Canadians will not face penalties if they’re late in filing their 2013 tax returns as a result of the 'Heartbleed' bug that forced the shutdown of the agency's website.

Link to original story: http://www.ctvnews.ca/canada/canadians-filing-taxes-late-due-to-hea...

The Android 4.1.1 system is susceptible to the "Reverse Heartbleed" virus - a variation of the bug that has alarmed authorities worldwide and last week helped hackers to steal social insurance numbers from the Canada Revenue Agency.

Link to original story: http://www.scmp.com/news/hong-kong/article/1492049/warning-heartble...

"Canadian arrested for hacking revenue agency using Heartbleed security bug"

Solis-Reyes, of London, Ontario, is suspected of stealing around 900 Social Insurance Numbers (SIN)

Link to original story: http://rt.com/news/heartbleed-arrest-canada-security-016/

"Did consumers know that websites for Netflix, Four Seasons Hotels, Turbo Tax, Amazon Web Services and Yahoo were all affected by Heartbleed, too? Probably not."

Link to original story: http://www.ottawacitizen.com/business/Heartbleed+wake+call+increasi...

Interesting, dont think US will be as generous.

RSS

"Destroying the New World Order"

TOP CONTENT THIS WEEK

THANK YOU FOR SUPPORTING THE SITE!

mobile page

12160.info/m

12160 Administrators

 

Latest Activity

tjdavis posted a photo
3 hours ago
Doc Vega commented on Doc Vega's blog post Is this proof that the story about Charlie Kirk's assassination is false?
"Less Prone as usual the official version of the truth does not match the evidence and is labeled…"
Saturday
Less Prone commented on Doc Vega's blog post This Memorable Anthem Given by Nick Freitas Hit the Nail on the Head Please Listen!
"Charlie Kirk was getting very critical against Israel and had turned down a lucrative deal from the…"
Saturday
Doc Vega's blog post was featured

The Army of Government Launched Psychopaths

They walk among us in most college towns. They seem relatively reasonable until political…See More
Saturday
Less Prone favorited Doc Vega's blog post Is this proof that the story about Charlie Kirk's assassination is false?
Saturday
Less Prone commented on Doc Vega's blog post Is this proof that the story about Charlie Kirk's assassination is false?
"Have to sign in to YT for this. So. What I do is to go to https://ytdown.io/en/ and download…"
Saturday
Doc Vega commented on Doc Vega's blog post Was a Planned Civil War Averted?
"cheeki kea, you are spot on. The old guard is about to collapse! "
Thursday
Doc Vega commented on Doc Vega's blog post Alligator Creek and a Japanese Massacre
"cheeki kea, the Japanese thought they could expand their empire and exact enough damage on the US…"
Thursday
Michelle Reichert favorited Burbia's video
Wednesday
cheeki kea posted a video

NEW DOCUMENTARY - Dissent Into Madness

TRANSCRIPT AND SOURCES: https://www.corbettreport.com/dissent-into-madness/What if the delusions of the dissidents are in fact real? What if their paranoid f...
Wednesday
cheeki kea commented on Doc Vega's blog post Alligator Creek and a Japanese Massacre
"Japan served themselves up no favours by inching out into the South Pacific as they soon found out.…"
Wednesday
cheeki kea commented on Doc Vega's blog post Was a Planned Civil War Averted?
"Their plans did not work out because we are the news now, and the old news is the enemy. "
Wednesday
Doc Vega posted a blog post

Alligator Creek and a Japanese Massacre

The year is 1942 just a few months after the Pearl Harbor disaster. Despite losses suffered by the…See More
Sep 30
Doc Vega commented on Burbia's video
Thumbnail

CHARLIE KIRK WAS CNP! JOSH REEVES 9-11-25

"With all due respect this guy comes off as a drunken asshole and he didn't even  know who…"
Sep 29
Doc Vega posted a blog post

Was a Planned Civil War Averted?

We are living in sadly historic times where good and evil are in battle all the time. Not that this…See More
Sep 28
Sandy posted a photo
Sep 28
Less Prone posted a video

President Trump addresses U.N. General Assembly - FULL SPEECH

President Donald Trump speaks at the United Nations General Assembly in New York City.Full video here: https://www.c-span.org/event/white-house-event/preside...
Sep 28
Burbia posted a video

2 MIN AGO: Western Provinces MAJOR New WEXIT Announcement - Canada EXPLODES!

In a stunning turn of events, Western provinces just made a major new WEXIT announcement — and it’s shaking the foundations of Canadian unity. Is Western sep...
Sep 27
Doc Vega posted a blog post

How You Provoke a Civil War

In the world of counter intelligence which is simply one aspect of many pertaining to asymmetrical…See More
Sep 26
Burbia commented on Burbia's video
Thumbnail

CHARLIE KIRK WAS CNP! JOSH REEVES 9-11-25

"I don't follow as much with Josh Reeves than I use to. He seems to be a documentary producing…"
Sep 25

© 2025   Created by truth.   Powered by

Badges  |  Report an Issue  |  Terms of Service

content and site copyright 12160.info 2007-2019 - all rights reserved. unless otherwise noted