Heartbleed bug attacks security

Views 111 | Time to read: 1 minutes | Uploaded: 4 - 15 - 2014 | By: Adam Hess


Heartbleed is a security oversight in an open source project called open SSL that theoretically created gaps in security for an incredible number of websites. The bug, in most basic terms, gave the cracker the ability to request up to 64kb of data from the server regardless of how large the package they were meant to be returned was. This allowed anything from usernames and passwords to credit card numbers and social security numbers to be sent to the wrong recipient.

This simple error is one of the largest oversights in recent security history. The bug was introduced by a then Ph.D. student, Dr. Robin Seggelmann, and became widely adopted with the 1.0.1 update to open SSL. The code was introduced on New Years Eve of 2012 and approved to be a part of the main code base a short time after. Analysts have since found that it is possible, though very difficult, to steal SSL keys from the server. An SSL key would give a cracker unrestricted access to all traffic on a server. Be sure to check the heartbleed website, heartbleed.com, to find out how best to protect your information.


Comments

Be the first to comment
Sign In