An exploit known as “Heartbleed” put the secure information of millions of users at risk
Daniel Konicek Staff Writer
The modern person lives a lot of their life on the internet. Banking, messaging, insurance, and even taxes can be handled online. People trust these processes, thanks to software they are usually not even aware of. But, earlier this month it was revealed that this software was flawed, putting the passwords and information of millions of users at risk. This flaw is known as “Heartbleed.”
A software called Transport Layer Security (TSL) and it’s predecessor Secure Socket Layer (SSL), is widely used to encrypt data exchanges that require security, such as PIN numbers, banking passwords, credit card information, or other sensitive information. Essentially, the program gives both sides of the exchange a key to translate the encrypted data. This makes it impossible for a user intercepting the data to read it without the key.
The two sides of this exchange maintain synchronization using what is called “heartbeats,” small messages that ask if the other side is still connected. The user computer asks the server to repeat a small word, such as “cat,” specifying that the word is a number of letters long. A third party could take advantage of the heartbeat by asking the server to repeat a 500 letter word, but ask again for “cat.” The server would repeat “cat,” then include 497 characters in it’s recent memory. This would include any recent password changes, transactions, and other information. In this way, any user could access personal passwords.
The cause of the bug was not malicious, but a simple accident. Because the heartbeat code lacked an instruction to keep the heartbeat request to a certain length, the programmers potentially exposed millions of users to identity theft or worse. Billions of dollars in the U.S. alone are processed online daily. Without security, businesses worldwide could have been crippled.
The patch for this exploit is now out, but anybody with password-protected accounts is encouraged to change them immediately. Considering that the origin of this bug was a simple oversight, the danger it caused has been extreme.

