Some call it CVE-2014-0160. Some like to refer to it as TLS heartbeat read overrun. Some know it as OpenSSL v1.0.1. I like to say it’s the worst thing to happen to the Internet since BuzzFeed.
However you know it, the bug commonly known as Heartbleed remains shrouded in mystery to many. But no longer! By the end of this article, you, my fellow Brunonian, will be able to proudly discuss the intricacies of Heartbleed with your friendly local CS concentrator. Kind of like how you discussed that book in AP English after only reading the Sparknotes.
(Disclaimer: CS people, please don’t get angry at me for the technical transgressions I’ve committed in this article.)
What is Heartbleed?
Brief review: HTTPS is a thing. (You know, like https://) The S stands for Secure. It’s for when you don’t want other people to be able to see your passwords and other personal information.
You know that little lock in the top left corner?
Well, Heartbleed allows hackers to unlock that lock (in certain cases) and see parts of your personal information. Yeah. No bueno. Especially when the https:// precedes yourbank.com.
What’s up with the name?
Sometimes, when your computer is talking to a website, it sends it a “heartbeat” to let it know that it’s still there. Kind of like when your doctor uses a stethoscope to make sure you’re still there. Without getting into technical details, suffice to say that the bug came from those heartbeats. So someone thought, “Oh, it would be kind of cool to nickname the bug Heartbleed, cause the site is bleeding information to hackers. Get it?”
And so it was.
How bad is it?
How bad would it be if your heart were bleeding?
Shit. Have all my passwords been stolen?
Uh, it’s sort of difficult to say. One of the worst things about Heartbleed is that it’s really hard to tell if anyone actually took advantage of it, and if so, who.