Skip to ContentSkip to Footer
IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more
In-depth

Heartbleed FUD: scarier than Jedward as triplets?

Davey Winder thinks the fact password reset floodgates are about to open...

by: Davey Winder
15 Apr 2014
Data Security

As the media, the IT security industry, open source pundits and Joe User alike get swept away by the story so the FUD floodgates have opened. And FUD (that's Fear, Uncertainty and Doubt) would be a more unwelcome trio than if Jedward were triplets.

Beyond the fact that the heartbeat function of OpenSSL, which sends a server response to clients letting them know it is in effect alive, is flawed the facts have been in short supply. It should send back the amount of data the client sent. However, thanks to a German software developer working on the open source protocol who forgot to validate a variable containing a length when he added some functionality to OpenSSL in 2011, a hacker could actually request data from the server memory up to 65,536 bytes in length.

The bad guys could make such requests over and over again and this could include login credentials and private SSL certificates.

I know this, for a fact, because I have sat back and waited for the evidence to emerge. If I had jerked my knee a week ago I, like many security 'experts' would be reassuring clients that private encryption keys were safe and extensive testing had shown this to pretty much be the case. Cloudflare were so sure that it would be difficult, if not impossible, to do so that the company issued a challenge to white hats to have a go at a vulnerable server set up for the purpose of testing. It took just hours for a couple of them to succeed. Cloudflare responded by changing its reissue and revoke advice from a medium to high priority.

In This Article
Featured Resources

The Total Economic Impact™ Of Turbonomic Application Resource Management for IBM Cloud® Paks

Business benefits and cost savings enabled by IBM Turbonomic Application Resource Management

Free Download

The Total Economic Impact™ of IBM Watson Assistant

Cost savings and business benefits enabled by Watson Assistant

Free Download

The field guide to application modernisation

Moving forward with your enterprise application portfolio

Free Download

AI for customer service

Discover the industry-leading AI platform that customers and employees want to use

Free Download

Most Popular

Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
The benefits of a hardware update for SMBs
Sponsored

The benefits of a hardware update for SMBs

2 Aug 2022
Skip to HeaderSkip to Content