Skip to main content

Posts

Showing posts from April, 2014

How Heartbleed Works: The Code Behind the Internet's Security Nightmare

By now you've surely heard of Heartbleed,the hole in the internet's security that exposed countless encrypted transactions to any attacker who knew how to abuse it. But how did it actually work? Once you break it down, it's actually incredibly simple. And a little hilarious. But mostly terrifying. You can read our overview of Heartbleed here, but in general terms it's a flaw in something called OpenSSL, a security protocol that lets your computer and a server know they are who they say they are. It left major sites like Yahoo, Flickr, and Imgur vulnerable to data theft for years. It's pretty scary stuff, and worth a closer look. Fortunately, it's out there for everyone to see. The beauty of an open-source project like OpenSSL is that anyone can look at code; there's no way to hide anything in there on purpose. In fact, you can see precisely where Heartbleed was born and where it was fixed, even though you might not be able to make heads or tails of it....