Heartbleed explained with pictures

 

https://xkcd.com/1354/

 

lol nice.

Awesome, i like it :D

as someone who learned of this things existence yesterday and knows almost nothing about networking and all that jazz, i suppose i understand a bit

while reiterating that i know nothing, doesn't this seem like something that would've been tried day 1

doesn't this seem like something that would've been tried day 1

Well yes, and usually the server would check whether the requested word & the provided character number would match. If not the server would reply with "error" , "say again" or just ignore you.

The omission of that check is the programming error that caused the Heartbleed bug

Hey guys attack my IP address with your lulz

175.101.12.90

I love how everyone was all "CHANGE YOUR PASSWORDS! CHANGE EVERYTHING!"

Which is useless. Changing your password wont work until the website has actually updated their SSL. Which most wont. 

A lot of mainstream sites are safe now, though.

huh ? you want me to trash-talk a number ?

Well here it commes:  your ip-adresse is weak it's got too many Ones and Zeros in it & barely any primes, how pathetic.

Well you could(1) continuously change your password on a few seconds interval, that way an attacker will always have an outdated password by the time the stolen memory-chunk is analysed.

(1)assuming a web-service isn't going to interpret it as a DOS-attack

Looks like the reports of the Heartbleed attack not leaving a trace were wrong.

http://blogs.computerworld.com/security/23801/rcmp-heartbleed-arrest-canada-itbwcw-ua

does the tek use OpenSSL?

what sort of server do you have going on there, just used putty..

Yay, I can be lazy