Advertisement

Blog

How the Heartbleed Bug Performs Its Nefarious Activities

A few days ago, the cyberworld was embarrassed to discover a major memory-handling bug in the Heartbeat extension of the Transport Layer Security protocol used in the popular OpenSSL cryptographic software library. The Heartbeat extension allows a client to tell a server that it's still connected, even if it's not doing anything at the moment, thereby preventing the server from shutting down the link between them.

The Internet and other news channels are being flooded with stories about how a vast number of users' passwords, credit card numbers, and things like online banking communications are vulnerable to attack. There are also a lot of discussions and explanations about the Heartbleed bug works; most of them make my eyes glaze over in confusion.

But then someone pointed me toward a cartoon explanation of the bug on XKCD.com. I have to say that this is the clearest explanation one could get. Take a look, and see what you think.

Click here for a larger image.(Source: XKCD.com)

Click here for a larger image.
(Source: XKCD.com)

I also have to say I am in awe of the comic's creator, Randall Munroe. His subjects range from statements on life and love to mathematical and scientific in-jokes. When it comes to the science and technology side of things, he has a unique gift for presenting complex information in an incredibly understandable way.

One of my personal all-time favorites was the XKCD Radiation Dose Chart. I often use it to locate obscure radiation-related information, such as the dose one might expect from eating a banana. How about you? Do you have a personal XKCD favorite?

— Max Maxfield, Editor of All Things Fun & Interesting Circle me on Google+

This article was originally published on EBN's sister publication EE Times.

3 comments on “How the Heartbleed Bug Performs Its Nefarious Activities

  1. t.alex
    April 23, 2014

    Pretty nice and quick explanation of the bug 🙂

  2. Anand
    April 28, 2014

    The Heartbleed bug can ofcourse be exploited. God knows if somebody hasn't already figured out how to use the bug for his own benefit. First the ransomware, and now the heartbleed bug, account holders will be sweating really hard if these two things are used in collaboration.

  3. ahdand
    April 29, 2014

    @ananadvy: Another hacked event I guess. Anyway this is not something new. Even the most sensitive accounts too have been hacked. 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.