Skip to main content

How the Heartbleed bug works, as explained by a Web comic

the heartbleed bug explained by a web comic xkcd bleeding heart
Image used with permission by copyright holder

Sometimes, the easiest way to explain a concept to someone is with the use of illustrations, or cartoons. Xkcd.com attempts to do just that with this simple comic, where it tells a short story of a hacker talking to a server, who uses the Heartbleed exploit to trick the server into leaking more information it’s supposed to, until it begins to divulges sensitive data.

First, check the comic out below.

heartbleed_explanation
Image used with permission by copyright holder

First the girl asks the server to indicate whether it’s still online by telling it to say “Potato,” and indicates the length of the word. The server responds with “Potato,” while withholding all of the information surrounding “Potato,” written out in a lighter hue in the server’s speech bubbles. The hacker then asks the server to repeat the same task, but instead replaces “Potato” with “Bird,” and indicates the length of the word. The server complies.

Then, the hacker asks the server to say “Hat,” but instead of noting that it’s a three-character word, she states that it’s 500 letters long. The server responds not only by saying “Hat,” but also by leaking out the information around the word. By doing so, it reveals sensitive server information, including a “master key,” which the hacker begins to jot down.

This is a basic explanation of how the Heartbleed bug works. The Heartbleed bug is a flaw in the OpenSSL method of data encryption used by many of the world’s websites, which was actually put into the code accidentally by a programmer roughly two years ago.

OpenSSL contains a function known as a heartbeat option. With it, while a person is visiting a website that encrypts data using OpenSSL, his computer periodically sends and receives messages to check whether both his PC and the server on the other end are both still connected. The Heartbleed bug allows hackers to send trick heartbeat messages, like the one pictured in the comic above, which can fool a site’s server into relaying data that’s stored in its RAM — including sensitive information such as usernames, passwords, credit card numbers, emails, and more. This is the part of the flaw that the Xkcd comic illustrates.

What do you think? Sound off in the comments below.

Editors' Recommendations

Konrad Krawczyk
Former Digital Trends Contributor
Konrad covers desktops, laptops, tablets, sports tech and subjects in between for Digital Trends. Prior to joining DT, he…
How to cancel a Twitch subscription on desktop or mobile
The Twitch desktop app.

There comes a time in every online gamer’s life when one must move on from platforms once cherished. Beyond PlayStation Plus and Xbox Game Pass, one of the premiere gaming content meccas is Twitch. Built from the ground up to give players the world over a community forum to live-stream through, it’s the kind of content hub that’s great when you want it, but maybe one of the first things you want to walk away from when you’re taking a break from your PC and consoles.

Read more
How I unlocked the hidden modes of DLSS
dlss hidden modes dt respec

Nvidia's Deep Learning Super Sampling (DLSS) has become a mainstay in modern PC games. We all know about the basic presets to choose from in games that set the quality level and tip the scales toward performance or image quality.

But under the surface, there are a range of hidden presets that make DLSS behave in different ways. These are how developers tweak how DLSS reacts to a given input resolution and specific game content. They aren't meant to be user-facing, but a clever mod allowed me to open up the hood of DLSS and get my hands dirty. Not only do these hidden presets provide far more customization,  but they also reveal how DLSS really works.
Meet DLSSTweaks

Read more
The 6 best tablets for college in 2024
Using the Apple iPad Air 5.

If you pick the right tablet, there's a good chance it'll last you all four years of college –possibly even into grad school or your first job. However, narrowing down all the options can be a challenge. Not only do you need something reliable and portable, but you'll want it to support all the programs you'll be using on a daily basis. And unless you want to be staring at a muddled screen, it should also come with a vibrant screen and high-quality resolution.

Before starting your search for a tablet for college, you'll want to figure out how you want to use the device. Will you be taking notes on it? Attending classes remotely? And what sort of software do you need it to run? Once you've answered those questions, you'll then have to set a budget, as tablets run the gamut from affordable to ultra-expensive.

Read more