Buffer Exploits and Heartbleed

This is an old post that I had written on my personal blog back in May 2014!


Hey guys today lets talk about this years one of the biggest security vulnerabilities so far the"Heartbleed" bug.
Before we proceed to heartbleed lets first understand what a buffer is..

Basically when we are writing a program in basic languages like C or FORTRAN while taking an input of a string or an array we need to pre define how big the string or the array might be. So after say defining the size the compiler takes note of it and keeps certain amount of memory reserved for the particular string in the memory block. That is know as a buffer. Now that much block can keep only the set amount of data there. A buffer overflow happens when say the predefined value for the buffer is 30 chars and that what is received is 60 chars. The buffer overflows and the additional data received is stored in another unallocated memory blocks. Problems pop up either when the data is read or when the data size is too big to handle.Basically the buffer overflows. A smart programmer while putting in the data can put in his own code instead of the data and can cause system instability and other similar things. Now basically what heartbleed is a the reverse of it or underflowing of the buffer. OpenSSL is the kinda the protocol that is used to secure our data on almost all major sites. We will first understand the concept of heartbeats. Lets say you have a laptop and its connected to a server. In order to check if both are working the computer sends a heartbeat to the server and if the connection is proper the server acknowledges the incoming heartbeat and sends it back. While sending the heartbeat it has a pre defined size say 5 bits or 6 bits. Now here comes heartbleed. What this bug does is that when we are sending the heartbeat say 64 bit long but what we send is just 5 bit long. The server sees that the length is 64 bit long but doesnt chk how much long the data received is instead in order to compromise for the bits that are not received it sends out the bits of data that it has already cached up or buffered up. This data can be any data that it has stored literally any data it doesnt matter if it is private key or password or just random garbage it can be any data. Thus a smart hacker can continuously keep sending heartbeats and cache up the data received. After getting the private keys of the server one can impersonate the person. The person can get total access to the server as well. Above all this entire process doesnt leave a trace.

Not to scare you guys but this vulnerability has been existing from say past 2 years unnoticed. Could anyone have got all our data. And the bigger question lies here who planted this bug. Or how is it that such a thing was overseen.  

Comments

Popular posts from this blog

My Experiments with Pi (Part 2 of N)

Certified

Program of the Week 01 - Common Day Finder