How the Heartbleed bug works, as explained by a Web comic

the heartbleed bug explained by a web comic xkcd bleeding heart

Sometimes, the easiest way to explain a concept to someone is with the use of illustrations, or cartoons. Xkcd.com attempts to do just that with this simple comic, where it tells a short story of a hacker talking to a server, who uses the Heartbleed exploit to trick the server into leaking more information it’s supposed to, until it begins to divulges sensitive data.

First, check the comic out below.

heartbleed_explanation

First the girl asks the server to indicate whether it’s still online by telling it to say “Potato,” and indicates the length of the word. The server responds with “Potato,” while withholding all of the information surrounding “Potato,” written out in a lighter hue in the server’s speech bubbles. The hacker then asks the server to repeat the same task, but instead replaces “Potato” with “Bird,” and indicates the length of the word. The server complies.

Then, the hacker asks the server to say “Hat,” but instead of noting that it’s a three-character word, she states that it’s 500 letters long. The server responds not only by saying “Hat,” but also by leaking out the information around the word. By doing so, it reveals sensitive server information, including a “master key,” which the hacker begins to jot down.

This is a basic explanation of how the Heartbleed bug works. The Heartbleed bug is a flaw in the OpenSSL method of data encryption used by many of the world’s websites, which was actually put into the code accidentally by a programmer roughly two years ago.

OpenSSL contains a function known as a heartbeat option. With it, while a person is visiting a website that encrypts data using OpenSSL, his computer periodically sends and receives messages to check whether both his PC and the server on the other end are both still connected. The Heartbleed bug allows hackers to send trick heartbeat messages, like the one pictured in the comic above, which can fool a site’s server into relaying data that’s stored in its RAM — including sensitive information such as usernames, passwords, credit card numbers, emails, and more. This is the part of the flaw that the Xkcd comic illustrates.

What do you think? Sound off in the comments below.

Emerging Tech

Microsoft’s friendly new A.I wants to figure out what you want — before you ask

Move over Siri and Alexa! Microsoft wants to build a new type of virtual assistant that wants to be your friend. Already making waves in Asia, could this be the future of A.I. BFFs?
Mobile

Common Kindle Fire problems, and how to fix them

Is your Amazon tablet giving you grief? Is it refusing to behave the way you expect? Take a deep breath -- everything will be fine. Here are some widely reported Kindle Fire problems and a few possible solutions to go with them.
Mobile

Instagram tool accidentally exposes user passwords. Were you affected?

Instagram's Download Your Data tool accidentally exposed the passwords of a small number of users. Here is the explanation on what happened, and how to find out which Instagram accounts were compromised.
Computing

Windows Update not working after October 2018 patch? Here’s how to fix it

Windows update not working? It's a more common problem than you might think. Fortunately, there are a few steps you can take to troubleshoot it and in this guide we'll break them down for you, step by step.
Deals

The best Walmart Black Friday deals in 2018

Walmart has historically been the undisputed king of Black Friday deals. The mega-store is known for offering deals on products in almost every category, from smart TVs to children’s toys. We're combing through every deal as it is…
Computing

Want to game on your Chromebook? Here's where to start

Chromebooks aren't great for gaming, but there are a few titles that most machines can run. There's a surprisingly diverse crowd that includes role-playing games, action side-scrollers, and puzzlers.
Gaming

Playing ‘Battlefield V’ on an $800 Nvidia card is stunning. And disappointing

‘Battlefield V’ is the first game to use Nvidia’s ray tracing support, now available with the RTX 2080 and 2080 Ti graphics cards. The feature can, in an ideal scenario, make the game look better, but the performance hit may not be…
Computing

All the best Apple MacBook deals for Black Friday 2018

Shoppers looking for a new Apple laptop could find huge savings on a new MacBook come Black Friday. Retailers are offering discounts as much as $650 on select MacBook, MacBook Air, and MacBook Pro models this holiday season.
Smart Home

All the best Amazon Black Friday deals for 2018

Amazon may be an online-only retailer, but that doesn’t mean its Black Friday sales are anything to sniff at. In fact, due to its online status, Amazon has huge flexibility with the range of products and deals it can offer. Here's our…
Computing

Save a heap with these Black Friday 2018 graphics card deals

The Black Friday 2018 sales period is finally here and it's brought with it a tonne of great component deals. We've been scouring websites and catalogs for days to find you the best graphics cards deals for Black Friday 2018.
Computing

HP takes $100 off of leather-clad Spectre Folio 13 bundle for Black Friday

HP is offering a discount to Black Friday shoppers for a bundle that includes its leather-wrapped answer to Apple's MacBook Air. HP is offering a $100 discount on the Spectre Folio 13 when bundled with a mouse and leather sleeve.
Deals

The best Target Black Friday deals for 2018

The mega-retailer opens its doors to the most competitive shoppers at 6 p.m. on Thursday, November 22, and signs indicate that the retailer means business this year. We've sifted through all of the deals, from consumer electronics to small…
Computing

Still miss Windows 7? Here's how to make Windows 10 look more like it

There's no simple way of switching on a Windows 7 mode in Windows 10. Instead, you can install third-party software, manually tweak settings, and edit the registry. We provide instructions for using these tweaks and tools.
Deals

Cyber Monday 2018: When it takes place and where to find the best deals

Cyber Monday is still a ways off, but it's never too early to start planning ahead. With so many different deals to choose from during one of the biggest shopping holidays of the year, going in with a little know-how makes all the…