Chances are by now you’ve heard about the Heartbleed bug terrorizing the Internet.
The reason this bug is so scary is because it’s a flaw in a very popular bit of software that is supposed to protect sensitive information, like passwords and credit cards.
The flaw is in software called OpenSSL. OpenSSL encrypts data as it flows across the Internet. You type your password into your computer, OpenSSL translates those typed letters into a secret code. The website has the key to unscramble, or decrypt, the code so the website can read it.
OpenSSL lets hackers grab that encrypted information and read it in so-called plain text, as if it were never encrypted in the first place.
The Heartbleed bug grabs that info from a computer’s memory and tricks the server into sending the info to hackers. (Here is a more technical explanation of the bug.)
Here’s a picture of the Heartbeat bug circulating on the Internet, tweeted out by security researcher Mark Loman on Tuesday when he found that Yahoo.com had the bug. Yahoo has since fixed its web servers.
His picture shows what the bug looks like to hackers, minus the blue highlighting, which shows the bug in action at Yahoo.com, and the red boxes, which obscure someone’s actual password.
Here’s what the picture means, Krishna Narayanaswamy, chief scientist as security company Netskope told Business Insider:
“On the left side you are seeing the data as it is transmitted on the network. The data are represented as ASCII code. On the right side you are seeing that data transformed to human readable alphanumeric characters.”
In other words, the stuff on the right is what the hacker can see and sometimes it’s a full password, a credit card number, or other private information.
Business Insider Emails & Alerts
Site highlights each day to your inbox.