You’ve probably heard a lot about Heartbleed this week. Maybe you’ve read about it too trying to find out what it is, what it does and how to cope with it. There are thousands of news articles and blog posts about this suddenly world-famous software bug in the OpenSSL protocol used to encrypt Internet communication. I won’t produce another blog post packed with text trying to give my view on this stuff. Nevertheless, I would like to explain what it is from a different angle since quite a few people still don’t know what it is after this week’s information overload. And I’ll do it based on the saying “A picture is worth a thousand words”.
So I’ll give you five visuals explaining this bug. I’ve picked these after doing research on the Internet five days after the news broke last Monday. I could have picked something else, but this is what I found interesting. There’s some technical content here, but it shouldn’t be too difficult to understand. At least it gives you an overall picture of this bug.
If you haven’t heard about Heartbleed this week, you must have been on another planet. So welcome back, and this blog post should give you a quick update by looking through the visuals below.
Usually, when someone reports an important bug, it’s posted on message boards read only by the coding and hacking community. Not this time, so what happened? Well, the bug was discovered by the security company Codenomicon a week ago. They came up with the name “Heartbleed” based on the OpenSSL feature “Heartbeat” having the bug, and a designer at the company made the logo. Quite unusual. And quite clever in respect to PR since it gave the bug (and the company) global attention with a cool name and a catchy logo. I guess that major future bugs will use the same tactic.
The logo describes the name Heartbleed in a very good way. Well done.
The next visual I was looking for was an image representing this bug. And there are thousands of images to choose from, but I picked the one below. The reason is that it represents the one thing that most people associate with the bug, even though it’s a complex bug with a lot of consequences: Change of passwords. That’s what media has been telling you the whole week.
Here is the winner of the “Best Heartbleed Image Award” found at this website: :-)
3. Comic strip
No visuals without a comic strip, but it took some time to find one good enough for this blog post. Those who search will find, and I finally came over this one giving a simple bug description.
Here is the winner of the “Best Heartbleed Cartoon Strip Award” found at this website:
I love infographics, and have written several blog posts containing different infographics. So I desperately needed one for this blog post explaining the bug. There are some out there already, but most of them weren’t good enough. But finally I found one made by BEA Systems. It may seem very complicated at first sight, but grab a cup of coffee and go through it. It’s really good.
Here is the winner of the “Best Heartbleed Infographic Award” found at this website:
We also need a video to explain this famous bug. I found one that is very good with a lot of references and views on the Internet. It’s made by highly skilled Zulfikar Ramzan, a MIT Ph.D. and CTO of Elastica. This is serious and technical stuff explaining the bug at a pretty high level by combining speech and hand drawing. You may not understand all of it, but it should give you an idea on what the bug is all about.
Here is the winner of the “Best Heartbleed Video Award” found at this website:
Congrats, you’ve made it all the way here. Let me reward you with some bonus stuff:
- Heartbleed website: The official website for the bug.
- Heartbleed test: You can test your server here for the bug.
- OpenSSL: Information at Wikipedia on the OpenSSL protocol.
- Behind the scenes: The crazy 72 hours leading up to the Heartbleed discovery.
- Robin Seggelmann: Interview with the German developer who introduced the bug into OpenSSL.
Let me finish off by saying that my company is developing the product Ensafer for cloud encryption, and by now we have a product for Dropbox encryption (more to come). We’ve written a blog post on how Ensafer mitigates the Heartbleed effect by using end-to-end encryption. It may be worth reading.
Hope you enjoyed these five Heartbleed visuals. :-)