Editing 1354: Heartbleed Explanation
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.
The edit can be undone.
Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
| Latest revision | Your text | ||
| Line 8: | Line 8: | ||
==Explanation== | ==Explanation== | ||
| − | The {{w|Heartbleed bug}} has received a lot of news coverage recently and was also the topic of the previous comic [[1353: Heartbleed]]. This comic explains how the bug may have been discovered and can be exploited to reveal a server's memory contents. | + | {{incomplete|PLEASE don not remove this TAG that fast!!! Many issues still have to be solved here.}} |
| + | The {{w|Heartbleed bug}} has received a lot of news coverage recently and was also the topic of the previous comic [[1353: Heartbleed]]. This comic explains how the bug may have been discovered and can be exploited to reveal a server's memory contents. A hypothetical cracker [[Megan|Meg]] sends heartbeat requests to the server, the server responds to the heartbeat request by returning the contents of the body of the request up to the number of letters requested. The first two requests are well formed, requesting exactly the number of characters in the request body. The server's memory is showing Meg's request with many other requests going on at the same time. | ||
| − | + | The last request asks for "HAT" but requests that it be 500 letters long; the server — not checking if or simply unaware that 500 letters is larger than the request body — returns "HAT" plus 497 letters that happened to be next to the word "HAT" in its memory. Included are many sensitive bits of information, including a master key and user passwords. One of the passwords shown is "CoHoBaSt", a reference to [[936: Password Strength]], which suggests using "<u>co</u>rrect <u>ho</u>rse <u>ba</u>ttery <u>st</u>aple" as a password. | |
| − | + | Often popular explanations of security bugs require the issue to be simplified a lot and to leave out a lot of details. In this case Randall didn't have to do much simplifying; the bug is actually that simple. Also, it should be noted that any client which can connect to the server typically can exploit this bug in the underlying OpenSSL software — the use of the term "User Meg" does not imply that Meg had to authenticate first. | |
| − | + | The title text is a reference to ''{{w|Are You There God? It's Me, Margaret.|Are you there God? It's me, Margaret.}}'' a novel by Judy Blume, and plays off of the "server, are you still there?" line in every panel where she did start a request. ''Meg'' can be a nickname for ''Margaret'' as well as ''Megan'', which perhaps explains why the character's usual name, Megan, is abbreviated here. | |
| − | |||
| − | |||
| − | |||
| − | The title text is a reference to ''{{w|Are You There God? It's Me, Margaret.}}'' | ||
==Transcript== | ==Transcript== | ||
| − | |||
| − | |||
| − | : | + | :How the Heartbleed bug works: |
| − | : | + | :Megan: Server, are you still there? If so, reply "POTATO" (6 letters). |
| − | + | :The server's memory is shown: ...<tt>wants pages about boats. User Erica requests secure connection using key "4538538374224". '''User Meg wants these 6 letters: POTATO.''' User Ada wants pages about "irl games". Unlocking secure records with key 5130985733435. Maggie (chrome user) sends this message: "Hi</tt>... | |
| − | : | ||
| − | : | + | :Server shows the same memory content but POTATO is highlighted. |
| − | |||
:Server: <tt>POTATO</tt> | :Server: <tt>POTATO</tt> | ||
| − | : | + | :Megan: Server, are you still there? If so, reply "BIRD" (4 letters). |
| − | + | :The server's memory is shown: ...<tt>User Olivia from London wants pages about "mad bees in car why". Note: Files for IP 375.381.283.17 are in /tmp/files-3843. '''User Meg wants these 4 letters: BIRD.''' There are currently 346 connections open. User Brendan uploaded the file selfie.jpg (contents: 834ba962e2ceb9ff89bd3bff8c</tt>... | |
| − | : | ||
| − | |||
| − | |||
| − | :Server | + | :Server shows the same memory content but now with BIRD highlighted. |
:Server: <tt>BIRD</tt> | :Server: <tt>BIRD</tt> | ||
| − | : | + | :Megan: ''Hmm...'' |
| − | |||
| − | |||
| − | : | + | :Megan: Server, are you still there? If so, reply "HAT" (500 letters). |
| − | :Server memory: <tt>a connection. Jake requested pictures of deer. '''User Meg wants these 500 letters: HAT.''' Lucas requests the "missed connections" page. Eve (administrator) wants to set server's | + | :Server memory: ...<tt>a connection. Jake requested pictures of deer. '''User Meg wants these 500 letters: HAT.''' Lucas requests the "missed connections" page. Eve (administrator) wants to set server's key to "14835038534". Isabel wants pages about "snakes but not too long". User Karen wants to change account password to "CoHoBaSt". User</tt>... |
| − | : | + | :Server shows the same memory content, highlighting the first 500 letters of the memory beginning at HAT. |
| − | + | :Server: <tt>HAT. Lucas requests the "missed connections" page. Eve (administrator) wants to set server's key to "14835038534". Isabel wants pages about "snakes but not too long". User Karen wants to change account password to "CoHoBaSt". User Amber requests pages</tt>... | |
| − | + | :Megan writes this all down. | |
| − | :Server: <tt>HAT. Lucas requests the "missed connections" page. Eve (administrator) wants to set server's key to "14835038534". Isabel wants pages about "snakes but not too long". User Karen wants to change account password to "CoHoBaSt". User Amber requests pages</tt> | ||
{{comic discussion}} | {{comic discussion}} | ||
| − | + | [[Category:Comics featuring Megan]] | |
| − | [[Category:Comics | + | [[Category:Computers]] |
| − | [[Category: | ||
