Don’t panic: Heartbleed surgery for dummies

We demystify the dastardly bug and give the simplest advice on how to protect against it

Tags: ITP Publishing GroupUnited Arab Emirates
  • E-Mail
Don’t panic: Heartbleed surgery for dummies Providers: patch your SSL version; users: change your passwords.
By  Stephen McBride Published  April 16, 2014

Security is a hard-fought prize in the mobile era. And occasionally those who deal in it and rely upon it are dealt a sucker punch. An honest mistake and two years of oversight led to the name "Heartbleed" being bounced around the Web like the digital End of Days had arrived.

As is common in cyber security media, many reports of the flaw in the OpenSSL protocol were characterised by exaggeration and misunderstanding. It was affecting banks, they said; mobile platforms and governments were at risk. Nobody was safe.

At ITP.net, our message is: Don't panic. Here we explain what it is, where it came from, how it works, who it affects, and how to protect yourself.

When accessing a site where privacy and security are essential and implied the provider needs to ensure that each user session is shielded from eavesdropping. Over the years a number of network techniques have been adopted to try and achieve this, but the ones we are most interested in here are the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols.

SSL was first developed by Netscape and, simply put, was designed to keep data transmissions private. Imagine a cleverly designed briefcase that is to be hand-delivered. Anyone can lock the briefcase, but only the genuine recipient can open it because the one key that can do so has been delivered to them separately. This is a little like receiving your banking PIN in a separate envelope to your ATM card.

Continues on next page>>

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code