You've probably heard about the Heartbleed hack by now.

[thewayne]

Here's an excellent XKCD comic showing how it works. The basic concept is known as an unchecked parameter where the requester (hacker) asks the server a question and tells it to return 64,000 characters of information. Said information is a random memory location but can contain quite valuable data, including crypto keys, and that's the reason why all of the certificate authorities are slammed and scrambling like mad to re-issue new encryption certificates.

I'll write more about this later after I've had time to research it better. The one thing is that this seems to be a server problem, I don't know how this affects personal computers. I do know that the observatory that my wife works at had at least three vulnerable servers. People are saying "Change all your passwords NOW!", but I'm not sure if that's the way to go. If you change your passwords now, and the server has not yet been updated, it's still vulnerable. I think it would be better to wait until a given web site says 'change your password' as that should be a solid sign that they've taken steps to remediate their servers.

Comments

[droewyn.livejournal.com]

I'm telling my parents to change their passwords now, because I know for a fact they use a single login everywhere and need to correct that ASAP.

[neefsck.livejournal.com]

The basic concept is known as an unchecked parameter where the requester (hacker) asks the server a question and tells it to return 64,000 characters of information


Thank for your explaining this - Up until now, I *seriously* could not understand how the fuck it worked, or really the point of that godamned comic.
I am perhaps a little too slow to understand XKCD.

[silveradept]

Go figure. It takes advantage of the idea that Internet requests are actually properly formed at all time.