Check out Infrared Photography section of our forum.
HEARTBLEED Bug - Running the Code
Apr 22, 2014 12:52:50 #
This is a bit technical, about 11 minutes long, but if you understand computer programming at all, this video explanation shows how the HEARTBLEED bug steals sensitive information from websites.
http://www.howtogeek.com/187539/heartbleed-running-the-code/
The Short Explanation...
It has been in existence for about 2 years, but was not designed to steal info from YOUR computer.
This data theft is performed by a group of thieves that attack website servers... this does NOT exist on YOUR computer.
When anyone sends a request to connect to a website, the website server must receive a hello message (also known generally as a HEARTBEAT signal, hence HEARTBLEED) of the correct format from that computer and copy it back to that computer exactly, or it will ignore the connection.
HEARTBLEED, running on these thieves computers, abuses this strategy to copy the hello message back to the thieves computers and then whatever data is in adjacent memory.
That extra data could be garbage, or it could be sensitive data from a previous user login.
As explained, its like panning for gold... sometimes they get mud, sometimes they get gold.
Automatically sending this to myriad servers on a continuous basis and screening the data for key data types can yield lots of gold.
It was easily fixed on the website servers... hopefully all have been.
Phil
http://www.howtogeek.com/187539/heartbleed-running-the-code/
The Short Explanation...
It has been in existence for about 2 years, but was not designed to steal info from YOUR computer.
This data theft is performed by a group of thieves that attack website servers... this does NOT exist on YOUR computer.
When anyone sends a request to connect to a website, the website server must receive a hello message (also known generally as a HEARTBEAT signal, hence HEARTBLEED) of the correct format from that computer and copy it back to that computer exactly, or it will ignore the connection.
HEARTBLEED, running on these thieves computers, abuses this strategy to copy the hello message back to the thieves computers and then whatever data is in adjacent memory.
That extra data could be garbage, or it could be sensitive data from a previous user login.
As explained, its like panning for gold... sometimes they get mud, sometimes they get gold.
Automatically sending this to myriad servers on a continuous basis and screening the data for key data types can yield lots of gold.
It was easily fixed on the website servers... hopefully all have been.
Phil
Apr 22, 2014 15:00:14 #
Interesting explanation, Phil! Been cautious about it, but unclear how it can steal passwords, etc. Thanks for the update!
Apr 22, 2014 15:07:00 #
Norton's Heartbleed check on UHH. It came back with:
HTTP URL provided.
The server is an HTTP server rather than HTTPS (Heartbleed does not affect HTTP).
Heartbleed is a serious vulnerability in OpenSSL, an open-source implementation of the SSL/TLS encryption used to secure the Internet. This vulnerability allows hackers to access sensitive data, eavesdrop on communications, and possibly impersonate services and users on web servers that use OpenSSL.
HTTP URL provided.
The server is an HTTP server rather than HTTPS (Heartbleed does not affect HTTP).
Heartbleed is a serious vulnerability in OpenSSL, an open-source implementation of the SSL/TLS encryption used to secure the Internet. This vulnerability allows hackers to access sensitive data, eavesdrop on communications, and possibly impersonate services and users on web servers that use OpenSSL.
If you want to reply, then register here. Registration is free and your account is created instantly, so you can post right away.