Behind 'Heartbleed,' a terrifying new internet security problem
Thinkstock
Internet security experts are seriously concerned about an implementation problem with some versions of OpenSSL (a cryptographic library that powers Secure Sockets Layer or Transport Security Layer encryption). So what's OpenSSL? It's basically that little padlock symbol you see in your browser when visiting a secure website. And the problem with these secure sites is called "Heartbleed:"
Even if you've never heard of OpenSSL, it's probably a part of your life in one way or another — or, more likely, in many ways. The apps you use, the sites you visit; if they encrypt the data they send back and forth, there's a good chance they use OpenSSL to do it. The Apache web server that powers something like 50 percent of the internet's web sites, for example, utilizes OpenSSL.
Through a bug that security researchers have dubbed "Heartbleed," it seems that it's possible to trick almost any system running any version of OpenSSL from the past 2 years into revealing chunks of data sitting in its system memory.
Why that's bad: very, very sensitive data often sits in a server's system memory, including the keys it uses to encrypt and decrypt communication (read: usernames, passwords, credit cards, etc.) This means an attacker could quite feasibly get a server to spit out its secret keys, allowing them to read to any communication that they intercept like it wasn't encrypted it all. Armed with those keys, an attacker could also impersonate an otherwise secure site/server in a way that would fool many of your browser's built-in security checks. [TechCrunch]
This is a programming mistake, not a problem with the cryptography itself. Luckily, there are patches out already, and web companies are scrambling to bring their systems up to date. Here is more information, and here is a tool to test whether a server is vulnerable.
The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
-
Film reviews: ‘Send Help’ and ‘Private Life’Feature An office doormat is stranded alone with her awful boss and a frazzled therapist turns amateur murder investigator
-
Movies to watch in Februarythe week recommends Time travelers, multiverse hoppers and an Iraqi parable highlight this month’s offerings during the depths of winter
-
ICE’s facial scanning is the tip of the surveillance icebergIN THE SPOTLIGHT Federal troops are increasingly turning to high-tech tracking tools that push the boundaries of personal privacy
-
‘One Battle After Another’ wins Critics Choice honorsSpeed Read Paul Thomas Anderson’s latest film, which stars Leonardo DiCaprio, won best picture at the 31st Critics Choice Awards
-
Son arrested over killing of Rob and Michele ReinerSpeed Read Nick, the 32-year-old son of Hollywood director Rob Reiner, has been booked for the murder of his parents
-
Rob Reiner, wife dead in ‘apparent homicide’speed read The Reiners, found in their Los Angeles home, ‘had injuries consistent with being stabbed’
-
Hungary’s Krasznahorkai wins Nobel for literatureSpeed Read László Krasznahorkai is the author of acclaimed novels like ‘The Melancholy of Resistance’ and ‘Satantango’
-
Primatologist Jane Goodall dies at 91Speed Read She rose to fame following her groundbreaking field research with chimpanzees
-
Florida erases rainbow crosswalk at Pulse nightclubSpeed Read The colorful crosswalk was outside the former LGBTQ nightclub where 49 people were killed in a 2016 shooting
-
Trump says Smithsonian too focused on slavery's illsSpeed Read The president would prefer the museum to highlight 'success,' 'brightness' and 'the future'
-
Trump to host Kennedy Honors for Kiss, StalloneSpeed Read Actor Sylvester Stallone and the glam-rock band Kiss were among those named as this year's inductees
