Logo
  • PHP
    • HipHop / HHVM
    • Modern PHP
    • PHPStorm
    • LAMP
    • Laravel
    • Composer
    • PDO
  • JavaScript
    • node.js
    • AngularJS
  • CSS
    • SASS
    • “CSS4” (CSS level 4)
  • HTML
  • Git
  • LAMP
  • Vagrant
  • UI / UX
  • Architecture of …
  • Off-Topic
With ♥ from Berlin
April 11, 2014
Chris
Linux, Security, Server
1

The SSL Heartbleed bug explained in 30 seconds

PreviousNext
hearthbleed-ssl-bug

Another excellent comic by xkcd (a site that publishes dev/op/web-related comics, usually nailing things right to the head): This time explaining one of the worst bugs in IT history, the OpenSSL “Heartbleed Bug” (links to official bug page). For everybody who lived under a rock in the last days: Several weeks ago a bug in the open source OpenSSL library (that is used in, well, nearly everything that uses SSL, from major websites to NAS systems, from Android to routers) was discovered and major websites were informed secretly (to prevent criminals getting notice on that). The bug is basically a broken parameter check that allows the user/attacker to request a “full” memory dump. A full memory dump. With passwords, SSH keys, etc. in it.

A few days ago, TheVerge wrote an article about the bug, reaching mass attention, opening heaven for cyber-criminals. Side-fact: It’s interesting to see the extreme mass of news coverage created by bugs in (open source) software these days: Heartbleed and Apple’s OpenSSL bug (test site) have made it to the #1 article in quality newspapers, tv news and for sure online newspapers all over Europe. Somebody ran a mass test against the top1000/top10.000 pages in the world, checking major websites for vulnerability – and listed the results here on GitHub. This list is unproven, but the names are awesome. Note that this list has been created after the bug went viral, so we don’t talk about a theoretical bug here.

You can make a basic check for the bug on this Heartbleed test site.

 

heartbleed ssl bug explanation

More like this on xkcd.com.

This article was written quite a while ago (9 years), please keep this in mind when using the information written here. Links, code and commands might be outdated or broken.

Random articles

  • A quick guideline on how to fix the Hearthbleed bug (and update OpenSSL) on UbuntuA quick guideline on how to fix the Hearthbleed bug (and update OpenSSL) on Ubuntu
  • (Links) How to fix an extremely slow Symfony inside a Vagrant box(Links) How to fix an extremely slow Symfony inside a Vagrant box
  • PHP’s HipHop outperforms PHP 5.5 with Zend OPCache and Nginx by 15-20 timesPHP’s HipHop outperforms PHP 5.5 with Zend OPCache and Nginx by 15-20 times
  • Install Laravel 4 on Ubuntu 12.04 LTS (a how-to tutorial)Install Laravel 4 on Ubuntu 12.04 LTS (a how-to tutorial)
  • How to install PHP curl extension (in 5 seconds)How to install PHP curl extension (in 5 seconds)
  • Laracon 2013 – Kapil Verma: Engineering Complex Applications with Laravel 4 (40min video)Laracon 2013 – Kapil Verma: Engineering Complex Applications with Laravel 4 (40min video)
  • A quick history of Comic Sans, the most wrongly used font everA quick history of Comic Sans, the most wrongly used font ever
  • Bézier Curves – Under the Hood (4min video)Bézier Curves – Under the Hood (4min video)
  • First view: Ubuntu 14.04 LTS brings PHP 5.5 and Apache 2.4First view: Ubuntu 14.04 LTS brings PHP 5.5 and Apache 2.4
bugdisaster recoveryhearthbleedOpenSSLsslworst casexkcd
Share this

Leave A Comment Cancel reply

How Snapchat wants to earn money (by establishing vertical videos)

Snapchat is worth 15-19 billion dollars. An insane number, making everybody ask: How the hell is this possible, why has

This picture shows the icon of blindness

How blind people use websites (video with Sina Bahram, blind accessibility researcher)

162 million people worldwide are blind or visually impaired at a level that does not allow to read texts. An

Hacking ATMs – A conference talk about the current security state of Windows XP driven cash machines

A few days ago the 30th edition of Germany’s Chaos Communication Congress took place, a high-profile event for IT-security and

sass laravel

Extremely easy SASS in Laravel (with pure PHP)

Working with SASS is awesome: it reduces your workload dramatically, makes web projects much cleaner, DRYs your code, adds awesome

How to get a single table out of a massive MySQL .sql database backup file (mysql dump splitter)

Imagine the following situation: Somebody backs up an entire MySQL database – a very large one – with common tools.

Frontend Ops Conf 2014 – Rebooting Flickr On A Node.js Stack, One Page At A Time (from PHP) by Bertrand Fan

This article was written quite a while ago (8 years), please keep this in mind when using the information written

photoshop-cc-deal

Adobe offers Photoshop for $9.99 per month (limited deal)

Currently Adobe offers the very latest version of Photoshop (which is Photoshop CC) for just $9.99 or 12,99€ (EU zone:

modern-php

Creator of Slim framework and “PHP – The right way” writes book: “Modern PHP”, available 2015

Definitly something every non-superexpert-PHP-developer should have on its books-to-buy-in-2015-list: Josh Lockhart, creator of the legendaray Slim framework and the famous

organizing css

Jonathan Snook – CSS is a Mess – How to organize CSS in big projects (54min video talk)

This article was written quite a while ago (9 years), please keep this in mind when using the information written

Migrating Wikipedia to HHVM (@Scale Conference 2014)

Awesome topic, superfresh, directly from Scale Conference 2014. The title says everthing. Full quote from video’s description: As a top

1/4

Categories

Search

php
Awesome list of Design Patterns with PHP code examples
Increase your HTML / CSS coding speed with EMMET
php
A super-simple introduction into PHP namespaces (7min video)
How to get a single table out of a massive MySQL .sql database backup file (mysql dump splitter)
shadow dom
A quick video introduction into Shadow-DOM, the game-changing DOM-subtree-technology
battlefield-3-free
Electronic Arts / Origin offers Battlefield 3 for free (limited promo action) !
phpstorm 7.0 php
A perfect video tutorial to get started with xdebug in PHPStorm
zend framework 3
First view on Zend Framework 3 by Matthew O’Phinney
hiphop php
Vote for “Hack” for HipHop/HHMV support (future style PHP) in PHPStorm 8
How Snapchat wants to earn money (by establishing vertical videos)
github-logo-octocat
GitHub rolls out .PSD diff and viewing
ilovepreloaders – A tumblr collection of preloader animations
pdo-debug
Debug PDO with this one-line function. Yeah!
You made a mess with Git ? Here’s a flowchart guideline on how to fix
nginx php 5.5
[Link] Set up Nginx with PHP 5.5 easily

Tags

apache bash centos composer conference coupon CSS debian fonts framework git GitHub hack HHVM HipHop HTML HTML5 IDE JavaScript JS LAMP laravel linux mod_rewrite MVC MySQL Nginx optimization PHP PHP 5.5 PHP 5.6 phpmyadmin PHPStorm security server SSD Ubuntu UI UX vagrant video virtual machine voucher VPS wordpress
Side-Project: Wordle-Solver:
www.wordle-helper.info

Pages

  • Privacy Policy
 
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Cookie SettingsAccept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT