Photo from Flickr by snoopsmaus, Some Rights Reserved

What is the Heartbleed Bug?

[responsive]Photo from Flickr by snoopsmaus, Some Rights Reserved[/responsive]
The bottom line is that the Heartbleed bug can rob you of your identity. In this blog post I’ll explain what Heartbleed is, how it works and what you need to do to protect your identity.

They call the bug “Heartbleed” because it works with a standard protocol called Heartbeat that is embedded in SSL strings.  SSL stands for Secure Sockets Layer, the standard security protocal for establishing an encrypted (secure) link between a web server and a user’s browser. Whenever you go to a website beginning with HTTPS: you are using SSL.

The way the Heartbeat protocol works is it allows a computer at one end of a connection to send a “Heartbeat Request” message, consisting of a payload, typically a text string, along with the payload’s length as a 16-bit integer. The receiving computer then must send the exact same payload back to the sender.

Hackers using the Heartbleed bug by sending a malformed heartbeat request with a small payload and large length field to the server in order to obtain the contents of server’s memory.  Using this method hackers can read up to 64 kilobytes of server memory that most likely contains information that was used in a previous SSL connection including data like your login and password as well as session or transaction data.  This server memory is usually where critical data is being held.

A hacker using the Heartbleed bug can send a request to the server with a payload of the word “cat” and payload length of 64K.  What will then happen is that the server will send back the work “cat” along with 497 bytes of whatever was in memory at the time.

By doing this repeatedly hackers can retrieve sensitive data, compromising the security of the server and its users.

Additionally, if you log on to a corrupted or malicious server, it can do a “reverse Heartbleed attack,”  which is basically the same as the regular Heartbleed attack except now the server is obtaining sensitive information from your computer.

Patches are coming out, so until you notified by any websites that use SSL, be careful when accessing any site URL that begins with HTTPS. Ask the web site’s owner to verify that they have patched the Heartbleed vulnerability

According to technical report the following sites have made announcements recommending that users update their passwords:

  • Akamai Technologies[90]
  • Amazon Web Services[91]
  • Ars Technica[92]
  • Bitbucket[93]
  • BrandVerity[94]
  • Freenode[95]
  • GitHub[96]
  • IFTTT[97]
  • Internet Archive[98]
  • Mojang[99]
  • Mumsnet[38]
  • PeerJ[100]
  • Pinterest[101]
  • Prezi[102]
  • Reddit[103]
  • Something Awful[104]
  • SoundCloud[105]
  • SourceForge[106]
  • SparkFun[107]
  • Stripe[108]
  • Tumblr[109][110]
  • Wattpad[citation needed]
  • Wikimedia (including Wikipedia)[111][112]
  • Wunderlist[113]

For more information on this subject watch this video on TechCrunch, What is Heartblead the Video:

Do you need help with online or network security? Contact Oasis Technology, Inc. today for information about our Managed IT Services and our Titan® Intrusion Prevention System and other solutions to help protects you threats like the Heartbleed bug.

George Baldonado
Oasis Technology, Inc
“We put the knowledge in technology” ®