Logo
  • PHP
    • HipHop / HHVM
    • Modern PHP
    • PHPStorm
    • LAMP
    • Laravel
    • Composer
    • PDO
  • JavaScript
    • node.js
    • AngularJS
  • CSS
    • SASS
    • “CSS4” (CSS level 4)
  • HTML
  • Git
  • LAMP
  • Vagrant
  • UI / UX
  • Architecture of …
  • Off-Topic
With ♥ from Berlin
April 11, 2014
Chris
Linux, Security, Server
1

The SSL Heartbleed bug explained in 30 seconds

PreviousNext
hearthbleed-ssl-bug

Another excellent comic by xkcd (a site that publishes dev/op/web-related comics, usually nailing things right to the head): This time explaining one of the worst bugs in IT history, the OpenSSL “Heartbleed Bug” (links to official bug page). For everybody who lived under a rock in the last days: Several weeks ago a bug in the open source OpenSSL library (that is used in, well, nearly everything that uses SSL, from major websites to NAS systems, from Android to routers) was discovered and major websites were informed secretly (to prevent criminals getting notice on that). The bug is basically a broken parameter check that allows the user/attacker to request a “full” memory dump. A full memory dump. With passwords, SSH keys, etc. in it.

A few days ago, TheVerge wrote an article about the bug, reaching mass attention, opening heaven for cyber-criminals. Side-fact: It’s interesting to see the extreme mass of news coverage created by bugs in (open source) software these days: Heartbleed and Apple’s OpenSSL bug (test site) have made it to the #1 article in quality newspapers, tv news and for sure online newspapers all over Europe. Somebody ran a mass test against the top1000/top10.000 pages in the world, checking major websites for vulnerability – and listed the results here on GitHub. This list is unproven, but the names are awesome. Note that this list has been created after the bug went viral, so we don’t talk about a theoretical bug here.

You can make a basic check for the bug on this Heartbleed test site.

 

heartbleed ssl bug explanation

More like this on xkcd.com.

This article was written quite a while ago (8 years), please keep this in mind when using the information written here. Links, code and commands might be outdated or broken.

Random articles

  • A quick guideline on how to fix the Hearthbleed bug (and update OpenSSL) on UbuntuA quick guideline on how to fix the Hearthbleed bug (and update OpenSSL) on Ubuntu
  • (Links) How to fix an extremely slow Symfony inside a Vagrant box(Links) How to fix an extremely slow Symfony inside a Vagrant box
  • Creator of Slim framework and “PHP – The right way” writes book: “Modern PHP”, available 2015Creator of Slim framework and “PHP – The right way” writes book: “Modern PHP”, available 2015
  • Serious hard-to-fix bug in OAuth and OpenID discovered, lots of major sites affectedSerious hard-to-fix bug in OAuth and OpenID discovered, lots of major sites affected
  • The architecture of StackOverflowThe architecture of StackOverflow
  • Crossbrowser-safe HTML5 video (IE6+) with a few lines of code and just one .mp4 video fileCrossbrowser-safe HTML5 video (IE6+) with a few lines of code and just one .mp4 video file
  • How Snapchat wants to earn money (by establishing vertical videos)How Snapchat wants to earn money (by establishing vertical videos)
  • Generate Vagrant boxes with Laravel, HipHop, Nginx, WordPress, MySQL, MariaDB, MongoDB, RabbitMQ etc. with one clickGenerate Vagrant boxes with Laravel, HipHop, Nginx, WordPress, MySQL, MariaDB, MongoDB, RabbitMQ etc. with one click
  • MINI, an extremely simple barebone PHP applicationMINI, an extremely simple barebone PHP application
bugdisaster recoveryhearthbleedOpenSSLsslworst casexkcd
Share this

Leave A Comment Cancel reply

php

Why Modern PHP is Awesome And How You Can Use It Today (Slides by Matt Stauffer)

This article was written quite a while ago (8 years), please keep this in mind when using the information written

laracon-2014-eu-amsterdam

Laracon 2013 – Kapil Verma: Engineering Complex Applications with Laravel 4 (40min video)

More videos of 2013’s and 2014’s Laracon events from US and EU on their Youtube channel. This article was written

Beautiful, minimal WordPress theme ZUKI by Elmastudio (with 30% discount)

First a little disclaimer: I’m not affiliated with the company, don’t get money (or anything else) for saying this and

composer

[Link] How to require versions of PHP, HHVM / HipHop, GD, curl, openssl etc. with Composer

Jeremy Kendall has just published a short and excellent overview on how to require versions of PHP (and explicit 64-bit

hearthbleed-ssl-bug

The SSL Heartbleed bug explained in 30 seconds

Another excellent comic by xkcd (a site that publishes dev/op/web-related comics, usually nailing things right to the head): This time

Useful basic linux stuff: Show kernel version, distribution name and distribution version on Ubuntu systems

Always nice to know: Show kernel version: uname -r Show kernel version and CPU: uname -a Show distribution version: lsb_release

php mvc

Preview-release of (my) “php-mvc” project (a simple php mvc barebone)

Voila! The very first pre-final release of the “php-mvc” repository is online: https://github.com/panique/php-mvc and http://www.php-mvc.net. It’s a very simple but very

modern-php

Creator of Slim framework and “PHP – The right way” writes book: “Modern PHP”, available 2015

Definitly something every non-superexpert-PHP-developer should have on its books-to-buy-in-2015-list: Josh Lockhart, creator of the legendaray Slim framework and the famous

Compare 250+ cloud server plans with Cloud Cost Calculator

How cool is that ? The Cloud Cost Calculator compares more than 250 cloud server plans of Amazon, Rackspace, DigitalOcean,

php

PHP 5.7 gets refactored core, is 10%-30% faster than PHP 5.5! Wow!

What an announcement! The awesome PHP core guys have refactored the Zend Engine (which drives PHP) and could successfully speed

1/4

Categories

Search

digitalocean coupon
Free $10 coupon for DigitalOcean SSD cloud VPS hosting
vagrant
How to setup a local server (in a virtual machine) with Vagrant in PHPStorm
Joshua Davis – my hero of Flash – in two excellent interviews (audio, video)
vagrant
A super-simple Vagrant LAMP stack bootstrap (installable with one command)
css3-chrome-font
Google rolls out Chrome 37, finally fixes horrible font-rendering
New project: Building a naked PHP skeleton / boilerplate application from scratch
digitalocean coupon
DigitalOcean VPS coupon codes for december 2013 and early 2014
Hacked french TV channel exposed passwords in TV interview (video, screenshots, links)
organizing css
Jonathan Snook – CSS is a Mess – How to organize CSS in big projects (54min video talk)
js javascript
Push database changes to all clients in real-time (!) with AngularJS and Firebase
php
“Belt” adds very clever everyday functions to PHP, comes with JavaScript naming styles and eventually solves the needle/haystack problem
dev coding cards deck
Nice gifts for devs: Nerdy playing-cards decks
redaktionelle-hochlastseiten
Hochlastseiten mit PHP, MySQL und Apache am Beispiel stern.de (deutscher Artikel)
Install MINI in 30 seconds inside Ubuntu 14.04 LTS
bitdeli git github stats
Get visitor stats for your GitHub repo with BitDeli

Tags

apache bash centos composer conference coupon CSS debian fonts framework git GitHub hack HHVM HipHop HTML HTML5 IDE JavaScript JS LAMP laravel linux mod_rewrite MVC MySQL Nginx optimization PHP PHP 5.5 PHP 5.6 phpmyadmin PHPStorm security server SSD Ubuntu UI UX vagrant video virtual machine voucher VPS wordpress
Side-Project: Wordle-Solver:
www.wordle-helper.info

Pages

  • Privacy Policy
 
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
Cookie SettingsAccept All
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT