A really simple explanation of the Heartbleed bug
Upcoming SlideShare
Loading in...5
×
 

A really simple explanation of the Heartbleed bug

on

  • 779 views

The Heartbleed bug has compromised a large portion of the internet, but many people still don't understand what is going on exactly. This presentation tries to give a simple and understandable ...

The Heartbleed bug has compromised a large portion of the internet, but many people still don't understand what is going on exactly. This presentation tries to give a simple and understandable explanation in everyday English.

Statistics

Views

Total Views
779
Views on SlideShare
765
Embed Views
14

Actions

Likes
0
Downloads
49
Comments
0

3 Embeds 14

https://www.facebook.com 10
https://twitter.com 3
http://poweroverprocrastination.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    A really simple explanation of the Heartbleed bug A really simple explanation of the Heartbleed bug Presentation Transcript

    • HEARTBLEED Bug (In plain, simple English) by Nicolas Sonnet
    • Before we try to understand heartbleed, let’s have a small lesson on a thing called encryption
    • When you’re on the internet you send out packages of data (and you send more than you think) password game score credit card nr. Name Message Selfie Facebook status Your latest Tweet A picture of your cat E-mail Location info
    • IT people quickly realized that it was easy to intercept these data and use them for doubtful purposes password game score credit card nr. Name Message Selfie Facebook status Your latest Tweet A picture of your cat E-mail Location info
    • That’s why they came up with encryption HTTP HTTP S (Not Encrypted) (Encrypted)
    • To put it simple, it works the same way you used to pass secret messages as a kid. It’s just harder to crack... uyfi%ù c897è§ e$%47 oi”he654 Yé§èl$$ ly$$%§ a = # b = 2 c = z d = à e = & f = 5 ... # = a 2 = b z = c à = d & = e 5 = f ... -%%+=iughec emoiuzh$^µù Screw this!
    • The secret key to decoding the information is shared between you and the site or server through a certificate # = a 2 = b z = c à = d & = e 5 = f ... a = # b = 2 c = z d = à e = & f = 5 ... (This happens automatically in the background by the way)
    • Now that this is covered, let’s get to the point… Heartbleed
    • With Heartbleed, anyone with knowledge could obtain the information contained in the certificate password game score credit card nr. Name Message Selfie Facebook status Your latest Tweet A picture of your cat E-mail Location info a = # b = 2 c = z d = à e = & f = 5 ... a = # b = 2 c = z d = à e = & f = 5 ... # = a 2 = b z = c à = d & = e 5 = f ...
    • This means that a hacker could simply see what you’re sending on a (very) large scale But this also means that even if you would change your password, the hacker would still be able to see it.
    • What to do? ■ A fix has been found, but it takes some time for the sites to update their certificates ■ Wait for the site to update their certificate* ■ Change your password ■ Once the sites are recovered, change your password on non-affected sites too ■ DON’T change your password until the certificate has been updated* ■ DON’T use the same password on multiple sites** *There are several lists of impacted sites out there. Just check the next slide ** If you have trouble remembering your passwords, there are a few good password tools out there such as LastPass
    • Find out more The Heartbleed bug has its own site: http://heartbleed.com/ Mashable created a good follow-up list of potentially impacted sites & services: http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/ LastPass even has a good site checker: https://lastpass.com/heartbleed/ There is also a good Lifehacker article on Heartbleed: http://lifehacker.com/what-the-heartbleed-security-bug-means-for-you-1560801201