A really simple explanation of the Heartbleed bug
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

A really simple explanation of the Heartbleed bug

  • 1,128 views
Uploaded on

The Heartbleed bug has compromised a large portion of the internet, but many people still don't understand what is going on exactly. This presentation tries to give a simple and understandable......

The Heartbleed bug has compromised a large portion of the internet, but many people still don't understand what is going on exactly. This presentation tries to give a simple and understandable explanation in everyday English.

More in: News & Politics
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,128
On Slideshare
1,114
From Embeds
14
Number of Embeds
3

Actions

Shares
Downloads
62
Comments
0
Likes
0

Embeds 14

https://www.facebook.com 10
https://twitter.com 3
http://poweroverprocrastination.com 1

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. HEARTBLEED Bug (In plain, simple English) by Nicolas Sonnet
  • 2. Before we try to understand heartbleed, let’s have a small lesson on a thing called encryption
  • 3. When you’re on the internet you send out packages of data (and you send more than you think) password game score credit card nr. Name Message Selfie Facebook status Your latest Tweet A picture of your cat E-mail Location info
  • 4. IT people quickly realized that it was easy to intercept these data and use them for doubtful purposes password game score credit card nr. Name Message Selfie Facebook status Your latest Tweet A picture of your cat E-mail Location info
  • 5. That’s why they came up with encryption HTTP HTTP S (Not Encrypted) (Encrypted)
  • 6. To put it simple, it works the same way you used to pass secret messages as a kid. It’s just harder to crack... uyfi%ù c897è§ e$%47 oi”he654 Yé§èl$$ ly$$%§ a = # b = 2 c = z d = à e = & f = 5 ... # = a 2 = b z = c à = d & = e 5 = f ... -%%+=iughec emoiuzh$^µù Screw this!
  • 7. The secret key to decoding the information is shared between you and the site or server through a certificate # = a 2 = b z = c à = d & = e 5 = f ... a = # b = 2 c = z d = à e = & f = 5 ... (This happens automatically in the background by the way)
  • 8. Now that this is covered, let’s get to the point… Heartbleed
  • 9. With Heartbleed, anyone with knowledge could obtain the information contained in the certificate password game score credit card nr. Name Message Selfie Facebook status Your latest Tweet A picture of your cat E-mail Location info a = # b = 2 c = z d = à e = & f = 5 ... a = # b = 2 c = z d = à e = & f = 5 ... # = a 2 = b z = c à = d & = e 5 = f ...
  • 10. This means that a hacker could simply see what you’re sending on a (very) large scale But this also means that even if you would change your password, the hacker would still be able to see it.
  • 11. What to do? ■ A fix has been found, but it takes some time for the sites to update their certificates ■ Wait for the site to update their certificate* ■ Change your password ■ Once the sites are recovered, change your password on non-affected sites too ■ DON’T change your password until the certificate has been updated* ■ DON’T use the same password on multiple sites** *There are several lists of impacted sites out there. Just check the next slide ** If you have trouble remembering your passwords, there are a few good password tools out there such as LastPass
  • 12. Find out more The Heartbleed bug has its own site: http://heartbleed.com/ Mashable created a good follow-up list of potentially impacted sites & services: http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/ LastPass even has a good site checker: https://lastpass.com/heartbleed/ There is also a good Lifehacker article on Heartbleed: http://lifehacker.com/what-the-heartbleed-security-bug-means-for-you-1560801201