Friendly forums for passionate Dems!
More than 91 million posts since 2001
Home Latest Greatest Videos Forums Hide ads Join up!
Home Latest Greatest
Videos Forums Help
Hide ads Join up!
Latest Discussions»General Discussion»Heartbleed's engineer: It...
Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

General Discussion

Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region Forums

steve2470

(37,457 posts) Fri Apr 11, 2014, 12:32 PM Apr 2014

Heartbleed's engineer: It was an 'accident'

http://www.zdnet.com/heartbleeds-engineer-it-was-an-accident-7000028335/

The Heartbleed bug has rocked the security industry and web services in the past few days. However, the programmer responsible for the oversight says that it was an accident that the flaw was introduced in the first place.

Heartbleed is an encryption flaw which affects OpenSSL's 1.0.1 and the 1.0.2-beta release, 1.01 which is used widely across the web and in a number of popular web services. The flaw can theoretically be used to view apparently-secure communication across HTTPS, usually denoted by a small closed padlock in a browser's address bar.

The data potentially at risk includes everything from passwords and encryption keys to financial details and personal identifiable information -- allowing a hacker to dip in, swipe data, and leave no trace of their existence.

Commenting on the discovery, Bruce Schneier wrote on his security blog Schneier on Security:

more at link above
InfoView thread info, including edit history TrashPut this thread in your Trash Can (My DU » Trash Can) BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks) 2 replies, 677 views
ShareGet links to this post and/or share on social media AlertAlert this post for a rule violation PowersThere are no powers you can use on this post EditCannot edit other people's posts ReplyReply to this post EditCannot edit other people's posts Rec (4) ReplyReply to this post
2 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
Heartbleed's engineer: It was an 'accident' (Original Post) steve2470 Apr 2014 OP
Heartbleed: Coder responsible for 'catastrophic' bug says it can be 'explained pretty easily' bemildred Apr 2014 #1
Just fix it!!! NT greytdemocrat Apr 2014 #2

bemildred

(90,061 posts)
1. Heartbleed: Coder responsible for 'catastrophic' bug says it can be 'explained pretty easily'
Reply to steve2470 (Original post)
Fri Apr 11, 2014, 12:41 PM
Apr 2014

The programmer responsible for creating the Heartbleed bug that affected millions of websites across the web has come forward to say that the flaw was a mistake and can “be explained pretty easily”.

Robin Seggelmann was working on the OpenSSL software that is used as encryption by major websites as part of his PhD when he amended a section of the code known as the “heartbeat”.

The "heartbeat" lets servers exchange brief messages with the user to check they’re still there. The user’s computer sends the server a randomly-chosen message (for example ‘coffee’) and its length (‘six characters long’).The server then returns this message to confirm that communications between the two are still working fine.

Seggelmann’s piece of code unfortunately created a loophole that let malicious users trick the server by claiming that their random message was as long as 64,000 characters. So, in the example above, the server sends back the word ‘coffee’ as well as tens of thousands of characters of potentially damaging information.

http://www.independent.co.uk/life-style/gadgets-and-tech/news/coder-responsible-for-catastrophic-heartbleed-bug-says-it-can-be-explained-pretty-easily-9254053.html

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post
Reply to this discussion
Latest Discussions»General Discussion»Heartbleed's engineer: It...
Home | Latest Discussions | Greatest Discussions | Latest Videos | All Forums

About | Copyright | Privacy | Terms of service | Contact

In Memoriam

© 2001 - 2024 Democratic Underground, LLC. Thank you for visiting.