What is Heartbleed?
If you were a bad guy, or what is often referred to as a ‘Black hat’ then you might want to collect some information. Now, before the pitchforks come out and everybody stomps after their neighborhood computer nerd. We have to realize that this flaw is, and isn’t, very widespread. There are MANY sites that were running the software that was vulnerable to the attacks a Heartbleed savvy person could take advantage of.
What heartbleed isn’t.
Heartbleed ISNT a direct attack on your personal data. Unlike the attacks on Nieman Marcus and Target over the past year this is something a bit more passive. Heartbleed was a flaw in the way that a remote server could, or would, return data after a simple request.
Take a look at Randall’s interpretation, so-far its the best I’ve seen. Click Here To Read
What that was pointing out, if you missed, or weren’t sure, is that a computer was returning information to many many many people all at once. The trick is, the person in the scenario was figuring out that while the server would return whatever they wanted. They also guessed that if they changed the length of what they wanted back they would get quite a bit more.
Blow-By-Blow: First they check to see if the server is there. If the server is there, they ask it for POTATO, specifically 6 Letters of Potato. The server receives the input and says, hey, i can return that, and does, “POTATO” is the reply. 6 Letters, just what they asked for. Happy server!
Next, they check again, “Server, Are you still there? If so, Reply “bird” 4 letters. This is the start of understanding. I asked for 6 letters the first time, hoping to get potato back, and it worked, this time, lets see if i can get Bird back in 4 letters. ‘BIRD’ squawked the server. Success!
Now, lets see if the server is paying attention, or if maybe there is a flaw in this one. “Server, If you are still there, Please reply Hat, 500 letters. The server gets the command, promptly formats the response, ‘Hat. Lucas requests the “missed connections page. Eve (administrator) wants to set server’s master key to “1473726582347”…” That a lot of information to let slip.
So what does that mean? If anybody was wearing their black hat at the time they would be more than likely to start accessing any and all remote servers they could to poke and prod and see what they could get out.
Not all Black Hats do it for malicious reasons. Some are more of the, ‘I just want to see what would happen if I push this button’ Regardless of why they do it, they did it. Thus many of us are stuck with the burdon of resetting, updating and changing our account information with our Banks, Email Accounts, and even some smaller websites. By now, hopefully you have been contacted by any of the bigger corporations informing you of your risk levels and what you should, or shouldn’t do.
Ultimately, DON’T PANIC!
A great resource out there, Mashable, has taken their time to collect a list of all of the major players out there in the global net that were and in some cases weren’t affected by HeartBleed. I will link to that article, and call out just a few major sites that you DON’T need to worry about.
Linkedin, Apple, Amazon, Microsoft (including Hotmail and Outlook), AOL, Ebay, PayPal, Target, Walmart. Thats just a few.
Take a look at the article for more information. Click Here
For additional resources on the Heartbleed vulnerability here are a few other sites with great write-ups on the issues.
The main resource for the IT professionals fighting Heartbleed Bug main website.
Great site to read, Deemable Tech has a good article and a few suggestions mentioned here too.
The Company LastPass has setup a site checking tool, Check your site!
And there is always the ever changing Wikipedia too, Heartbleed on Wikipedia.