Skip to ContentSkip to Footer
In-depth

Heartbleed FUD: scarier than Jedward as triplets?

Davey Winder thinks the fact password reset floodgates are about to open...

by: Davey Winder
15 Apr 2014
Data Security

As the media, the IT security industry, open source pundits and Joe User alike get swept away by the story so the FUD floodgates have opened. And FUD (that's Fear, Uncertainty and Doubt) would be a more unwelcome trio than if Jedward were triplets.

Beyond the fact that the heartbeat function of OpenSSL, which sends a server response to clients letting them know it is in effect alive, is flawed the facts have been in short supply. It should send back the amount of data the client sent. However, thanks to a German software developer working on the open source protocol who forgot to validate a variable containing a length when he added some functionality to OpenSSL in 2011, a hacker could actually request data from the server memory up to 65,536 bytes in length.

I didn't think I would end this piece with a Celine Dion reference, but I imagine the Heartbleed FUD will go on...

The bad guys could make such requests over and over again and this could include login credentials and private SSL certificates.

I know this, for a fact, because I have sat back and waited for the evidence to emerge. If I had jerked my knee a week ago I, like many security 'experts' would be reassuring clients that private encryption keys were safe and extensive testing had shown this to pretty much be the case. Cloudflare were so sure that it would be difficult, if not impossible, to do so that the company issued a challenge to white hats to have a go at a vulnerable server set up for the purpose of testing. It took just hours for a couple of them to succeed. Cloudflare responded by changing its reissue and revoke advice from a medium to high priority.

In This Article
Featured Resources

Next-generation time series: Forecasting for the real world, not the ideal world

Solve time series problems with AI

Free download

The future of productivity

Driving your business forward with Microsoft Office 365

Free download

How to plan for endpoint security against ever-evolving cyber threats

Safeguard your devices, data, and reputation

Free download

A quantitative comparison of UPS monitoring and servicing approaches across edge environments

Effective UPS fleet management

Free download

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Royal Mint to recover gold from smartphones and laptops in world first
Technology

Royal Mint to recover gold from smartphones and laptops in world first

21 Oct 2021
Skip to HeaderSkip to Content