The Heartbleed Bug Explained In One Cartoon

Just days ago one of the largest Internet security flaws in recent history was discovered: the Heartbleed bug.

While you’ve probably read several lengthy articles and FAQs detailing how the bug works, this cartoon is probably the simplest explanation yet.

The Heartbleed bug tricks a server into spilling out extra information from its memory. A server’s memory often includes sensitive personal information, such as your passwords, credit card numbers, and other data you wouldn’t want anyone else to see.

This information is usually encrypted, which means its translated to an indecipherable code when it’s transferred between servers, but Heartbleed can decode this encryption and store the codes used to protect your data. That’s because Heartbleed takes advantage of a vulnerability in OpenSSL, a popular encryption standard used to power a giant chunk of the Web.

Popular web comic XKCD has broken down how Heartbleed works through this cartoon.

Heartbleed attacks a vulnerability in OpenSSL called Heartbeat, which is a means of calling out to a server to make sure the connection is secure. The Heartbeat message usually contains arbitrary data and a length field denoting how many bytes of data are in the message. The server would then spit that exact message back to the original sender to prove that the connection is secure. The Heartbleed bug involves an issue with the server reading the length field incorrectly, which in turns tricks your server into spitting out more data than it should without realising it.

In cartoon form, it looks like this:

NOW WATCH: Tech Insider videos

Want to read a more in-depth view on the trends influencing Australian business and the global economy? BI / Research is designed to help executives and industry leaders understand the major challenges and opportunities for industry, technology, strategy and the economy in the future. Sign up for free at research.businessinsider.com.au.