Today's E-Edition | Home | Contact Us | Subscribe
Athol Daily News | Athol, MA
Click for Athol, Massachusetts Forecast
VOL: CCCXIX NO: 20 Serving the North Quabbin Region Since 1934
Athol - Orange - Royalston - Phillipston - Petersham - New Salem - Erving - Wendell - Warwick
Saturday, January 24, 2015

home : opinion : columns January 24, 2015

4/16/2014 12:13:00 PM
TECHnically Speaking
Bleeding out
FIRST BUG -- This log sheet shows the first ever
FIRST BUG -- This log sheet shows the first ever "bug" found in a computer by engineers working on the Mark II computer at Harvard. A moth flying around the inside of the computer was causing problems.
The Heartbleed logo
The Heartbleed logo

ADN Staff Reporter

There has been a lot of talk about the recently surfaced Heartbleed bug but I feel there hasn't been nearly enough information forthcoming about what exactly it is. No, it's not a virus, so updating your antivirus software of choice isn't going to fix it. Yes, you should probably change your password to all of the affected sites that you frequent, especially if you haven't changed it in a long time, and yes, you should mix up those passwords and not use the same one for all of them.

The Heartbleed bug is exactly that, a bug, a screw-up in the software that hackers have figured out to exploit. A quick tangent if you will: the term "bug" has been used since long before computers were around to describe a flaw in an engineering design, dating as far back as Thomas Edison. However it was computer pioneer Grace Hopper who helped coin the term after a moth was found to be trapped inside the Mark II computer being developed at Harvard. Hopper and the other engineers were attempting to trace an error the Mark II was reporting. Upon looking inside the actual computer the moth discovered flitting about, causing early memory modules to short out. Hopper acknowledges that she did not actually coin the term bug, but it was she who taped the carcass of the moth to the log book for Sept. 9, 1947. The operators who found the moth, and who were familiar with the engineering term, wrote "First actual case of a bug being found." The log with the moth still attached is now in the possession of the Smithsonian Institute.

The Heartbleed bug affects a bit of programming called OpenSSL, a popular program used by many websites as a way to encrypt information sent to and from your computer and the website's server. At first it was believed that as much as 60 percent of all websites were affected, but that has since been cut down to 17 percent. That's still a lot though, especially considering there are over 350 million registered domains out there, more than half of which end in .com or .net. That's still over 42.5 million websites, give or take a few.

As the name implies OpenSSL is considered "open-source" software, meaning it was created and developed by a number of talented programmers in their free time for very little compensation that is usually funded by donations, and anyone can make use of it the code without paying a dime.

In April 2012, a bug was unwittingly included with the newly released version 1.01 of OpenSSL that allows for a person to retrieve information from a server without leaving a trace.

Heartbleed makes use of a built in feature called "heartbeat." When your computer requests access to an encrypted server the server responds with a notice that it is listening to your computer, this is called a heartbeat.

Under normal circumstances, when your computer sends a packet of information to a website using OpenSSL the website responds with the same amount of data back. The Heartbleed bug allows a hacker to also retrieve additional data from the server, as much as 64 kilobytes of data, which isn't much but that 64 kilobytes could contain almost anything, your including your password or username. The data retrieved is completely random as it is simply data that is passing through the server's memory at the moment, but there is no limit to the number of requests that can be sent to the server. As more computers access the server the memory at the top gets recycled more frequently, so making sense of the random data a hacker does obtain is a herculean effort in and of itself.

Once the bug was made public it was quickly squashed by the developers, but everyone is being reminded to change their passwords just to be on the safe side. Website has a handy chart for which sites were affected, including most social network sites, save for LinkedIn, which didn't make use of that version of OpenSSL. Both Google and Yahoo were affected, so that includes other Google owned sites like Gmail and YouTube and even phones running version 4.1.1 of the Android operating system.

To make matters worse, just when you thought the smoke had cleared it was found the NSA had known about the Heartbleed bug since the beginning and was making use of it for spying purposes.

It may be months or years before we finally know what the full damage is as a result of the Heartbleed bug, in the meantime make sure to change your passwords and keep an eye on your credit score. Isn't the internet wonderful?

Article Comment Submission Form
Please feel free to submit your comments.

Article comments are not posted immediately to the Web site. Each submission must be approved by the Web site editor, who may edit content for appropriateness. There may be a delay of 24-48 hours for any submission while the web site editor reviews and approves it.

Note: All information on this form is required. Your telephone number is for our use only, and will not be attached to your comment.
Submit an Article Comment
First Name:
Last Name:
Anti-SPAM Passcode Click here to see a new mix of characters.
This is an anti-SPAM device. It is not case sensitive.

weather sponsored by

Advanced Search


Rate Card

Wiyaka Stories

WiyakaNorth Quabbin ChamberAthol Historical SocietyNorth Quabbin WoodsLife
Home | Subscribe
Athol Daily News, PO BOX 1000, 225 Exchange Street Athol, MA 01331
Contact Us (978) 249-3535

Software © 1998-2015 1up! Software, All Rights Reserved