How the Heartbleed bug works, as explained by a Web comic

By Konrad Krawczyk April 11, 2014

the heartbleed bug explained by a web comic xkcd bleeding heart — Image used with permission by copyright holder

Sometimes, the easiest way to explain a concept to someone is with the use of illustrations, or cartoons. Xkcd.com attempts to do just that with this simple comic, where it tells a short story of a hacker talking to a server, who uses the Heartbleed exploit to trick the server into leaking more information it’s supposed to, until it begins to divulges sensitive data.

First, check the comic out below.

heartbleed_explanation — Image used with permission by copyright holder

First the girl asks the server to indicate whether it’s still online by telling it to say “Potato,” and indicates the length of the word. The server responds with “Potato,” while withholding all of the information surrounding “Potato,” written out in a lighter hue in the server’s speech bubbles. The hacker then asks the server to repeat the same task, but instead replaces “Potato” with “Bird,” and indicates the length of the word. The server complies.

Then, the hacker asks the server to say “Hat,” but instead of noting that it’s a three-character word, she states that it’s 500 letters long. The server responds not only by saying “Hat,” but also by leaking out the information around the word. By doing so, it reveals sensitive server information, including a “master key,” which the hacker begins to jot down.

This is a basic explanation of how the Heartbleed bug works. The Heartbleed bug is a flaw in the OpenSSL method of data encryption used by many of the world’s websites, which was actually put into the code accidentally by a programmer roughly two years ago.

OpenSSL contains a function known as a heartbeat option. With it, while a person is visiting a website that encrypts data using OpenSSL, his computer periodically sends and receives messages to check whether both his PC and the server on the other end are both still connected. The Heartbleed bug allows hackers to send trick heartbeat messages, like the one pictured in the comic above, which can fool a site’s server into relaying data that’s stored in its RAM — including sensitive information such as usernames, passwords, credit card numbers, emails, and more. This is the part of the flaw that the Xkcd comic illustrates.

What do you think? Sound off in the comments below.

Editors' Recommendations

Topics

Konrad Krawczyk

Former Digital Trends Contributor

Konrad covers desktops, laptops, tablets, sports tech and subjects in between for Digital Trends. Prior to joining DT, he…

Computing

The 5 best MacBooks for video editing in 2024

Apple MacBook Pro 16 front angled view showing display and keyboard.

Video editing is one of the most demanding things you can ask of your laptop. Not only do you need a powerful processor to keep things running smoothly, but you'll also need loads of RAM and a solid GPU to best carry out the task. If any of these components are lacking, you could run into trouble with your software – resulting in sluggish performance and a frustrating overall experience.

Hunting for a laptop that's robust enough to handle video editing isn't easy, but you can make things more manageable by sticking to Apple's MacBook catalog.

Computing

The 7 best laptop stands in 2024

Time for a desk upgrade! These great stands will elevate and protect your laptop

The Grovemade Wood Laptop Stand with other Grovemade desk supplies.

One of the first things to do after you get one of the best new laptops is to hunt for great accessories. That can mean getting the best wireless mouse to carry around with you, upgrading to more consistent Wi-Fi with a PC Wi-Fi adapter, or even getting a carrying case for when you take it out to the coffee shop for work. One laptop accessory that is often overlooked, much to our despair, is the laptop stand.

A laptop stand can be a great source of comfort due to the increased ergonomics, reduced heat on your lap, and give your laptop better overall functionality on top of a desk, too. Some are even designed to help keep the laptop cool, something every owner of one of the best gaming laptops will know is important. So, look at the following list of the best laptop stands with a mind for quality and comfort, you're sure to find something that meets your needs.
The best laptop stands in 2024

Computing

This Lenovo gaming laptop with an RTX 4090 is $740 off today

Lenovo Legion Pro 7i on a desktop surface outside.

Lenovo often has some of the best laptop deals and today is no different with a sweet discount for anyone seeking a new gaming laptop. A new arrival from Lenovo, the Lenovo Legion Pro 7i is already $740 off bringing it down to $2,900 from $3,640. Packed with the latest hardware, you’re going to love it and we’re here to tell you exactly why. Remember -- this deal is unlikely to stick around for long.

Why you should buy the Lenovo Legion Pro 7i
As one of the best gaming laptop brands, it’s always worth strongly considering Lenovo and its Legion range when seeking a new gaming rig. This particular model is packed with the latest hardware. It has a 14th-generation Intel Core i9-14900HX processor paired up with a massive 32GB of memory so it’s all set for gaming for a long time at high detail levels. Of course, to do so, it needs a great graphics card and you can’t get much better than the Nvidia GeForce RTX 4090 with 16GB of dedicated VRAM that’s included here. It all comes together to futureproof your gaming sessions for a long time to come.