Programmer Who Introduced ‘Heartbleed’ Bug Speaks

“Quite trivial”
Image via Shutterstock

The Sydney Morning Herald has a piece on the man who made a lot of Internet system administrators’ lives miserable this week, the German programmer who introduced the Heartbleed bug into the OpenSSL code.

There’s been way too much embarrassing noobish speculation from some quarters of the journalistic arena that the NSA might have planted this bug deliberately, years ago, and has been spying on their emails and cat pictures ever since, but no — developer Robin Seggelmann says it was “a simple programming error,” as I had assumed.

The type of programming mistake he describes is known as a “bounds checking error.” They’re depressingly common and are often the cause of serious security problems.

Mr Seggelmann, of Münster in Germany, said the bug which introduced the flaw was “unfortunately” missed by him and a reviewer when it was introduced into the open source OpenSSL encryption protocol over two years ago.

“I was working on improving OpenSSL and submitted numerous bug fixes and added new features,” he said.

“In one of the new features, unfortunately, I missed validating a variable containing a length.”

And about that noobish speculation:

A number of conspiracy theorists have speculated the bug was inserted maliciously.

Mr Seggelmann said it was “tempting” to assume this, especially after the disclosure by Edward Snowden of the spying activities conducted by the US National Security Agency and others.

“But in this case, it was a simple programming error in a new feature, which unfortunately occurred in a security relevant area,” he said. “It was not intended at all, especially since I have previously fixed OpenSSL bugs myself, and was trying to contribute to the project.”

Despite denying he put the bug into the code intentionally, he said it was entirely possible intelligence agencies had been making use of it over the past two years.

“It is a possibility, and it’s always better to assume the worst than best case in security matters, but since I didn’t know the bug until it was released and [I am] not affiliated with any agency,” Mr Seggelmann said.

Seggelmann is correct on that last point; the really awful part of Heartbleed is that it leaves almost no trace it grabbed everything in your web server’s memory. (And I only say “almost no trace” because at this point I don’t believe anyone has a system for detecting it, but it might be possible by analyzing server logs.)

Since the bug has been deployed in the OpenSSL service on countless web servers for more than two years, it’s not wild speculation to think it’s probably already been exploited, and national security services are usually among the first to find these things; but I’m less worried about the NSA than I am about criminal hacking gangs who operate with tacit approval from the Russian and Chinese governments.

And this is a great time to remind everyone that it would be an excellent idea to change your LGF password now (and don’t reuse a password you’ve used somewhere else!), because we have completed all the necessary steps to make sure our servers are no longer vulnerable to this exploit.

Jump to top

Create a PageThis is the LGF Pages posting bookmarklet. To use it, drag this button to your browser's bookmark bar, and title it 'LGF Pages' (or whatever you like). Then browse to a site you want to post, select some text on the page to use for a quote, click the bookmarklet, and the Pages posting window will appear with the title, text, and any embedded video or audio files already filled in, ready to go.
Or... you can just click this button to open the Pages posting window right away.
Last updated: 2016-01-01 10:29 am PST
LGF User's Guide RSS Feeds Tweet

Help support Little Green Footballs!

Subscribe now for ad-free access!Register and sign in to a free LGF account before subscribing, and your ad-free access will be automatically enabled.

Donate with
PayPal
Square Cash Shop at amazon
as an LGF Associate!
Recent PagesClick to refresh
Live From Daryl’s House - ‘I’m Alright’On this episode of Live From Daryl's House, Kenny Loggins drops by to get "Footloose" with Daryl and his band.
Thanos
2 days, 1 hour ago
Views: 184 • Comments: 0 • Rating: 1
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
Author Retraces Her Journey From Survivalist Childhood to Cambridge Ph.D. As a girl, Westover says, "There wasn't ever any question about what my future would look like: I would get married when I was 17 or 18, and I would be given some corner of the farm and my ...
Thanos
2 days, 16 hours ago
Views: 279 • Comments: 2 • Rating: 5
Tweets: 1 • Share to Facebook
Shares: 0
Comments: 0
: 0
Florida Republicans Choose Unregulated Murder Weapons Over Children’s LivesI keep drilling this to everyone who discusses this shooting. Republicans value ownership of unregulated murder weapons over children's lives. So much so that they voted along party lines with Stoneman Douglas students watching they voted to decline debate on ...
TDG2112
3 days ago
Views: 297 • Comments: 0 • Rating: 0
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
Weekend Box Office: ‘Black Panther’ Bounds to Record-Shattering $218M-Plus Bow In a defining moment for Hollywood, Disney and Marvel Studios' Black Panther exploded at the Presidents Day box office, bounding to a record-shattering estimate of $192 million for the three-day weekend and a projected $218 million-plus for the four-day ...
Thanos
5 days, 6 hours ago
Views: 572 • Comments: 0 • Rating: 1
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
Brandi Carlile - the Joke (Official Video) From the album "By The Way, I Forgive You" available now. elektrar.ec Directed by Danny Clinch Produced by Lindha Narvaez for MILKT Choreography by Peter Leung Ballet sequence filmed by Middle Table Productions Connect with Brandi: brandicarlile.com facebook.com @brandicarlile ...
Thanos
6 days, 1 hour ago
Views: 622 • Comments: 0 • Rating: 1
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
School Shooter Nikolas Cruz Belonged to White Supremacist GroupThis my surprised face.... BREAKING: Nikolas Cruz, alleged perpetrator in the deadly school shooting in Parkland, Florida, was associated with white supremacist group Republic of Florida & participated in the group’s training exercises, according to the group’s leader. More info: ...
Scottish Dragon
1 week, 1 day ago
Views: 746 • Comments: 2 • Rating: 1
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
Your Medicine Cabinet Knows What AIls Youblog.timesunion.com HOFFMAN FILESYour medicine cabinet knows what ails you.By Rob Hoffman on February 15, 2018 at 5:27 AM1We all fancy ourselves experts when it comes to the human condition. We see our fellow human beings as open books, and we ...
rhoffman
1 week, 1 day ago
Views: 727 • Comments: 0 • Rating: 0
Tweets: 0 • Share to Facebook
Shares: 1
Comments: 0
: 1
A.G. Schneiderman Files Civil Rights Lawsuit Against the Weinstein Companies, Harvey Weinstein, and Robert Weinstein NEW YORK – New York Attorney General Eric T. Schneiderman today filed suit against The Weinstein Company (“TWC”), Harvey Weinstein, and Robert Weinstein for egregious violations of New York’s civil rights, human rights, and business laws. The suit, filed ...
Thanos
1 week, 5 days ago
Views: 1,497 • Comments: 0 • Rating: 1
Tweets: 5 • Share to Facebook
Shares: 2
Comments: 0
: 2
Portugal. The Man - Keep on (Official Video) Portugal. The Man - Keep On Video conceptualized, created and directed by Paulin RoguesFollow Paulin at instagram.com Catch Portugal. The Man on tour:portugaltheman.com WOODSTOCK available now!atlantic.lnk.to Follow Portugal. The ManWebsite: portugaltheman.comFB: facebook.com IG: instagram.comTW: @portugalthemanSC: SoundCloudYT: youtube.comTumblr: portugaltheman.tumblr.com ...
Thanos
1 week, 6 days ago
Views: 1,586 • Comments: 0 • Rating: 0
Tweets: 1 • Share to Facebook
Shares: 0
Comments: 0
: 0
Marvel’s Jessica Jones - Season 2 Jessica Jones is back as New York City’s tough-as-nails private investigator. Although this time, the case is even more personal than ever before. Fueled by a myriad of questions and lies, she will do whatever it takes to uncover ...
Thanos
1 week, 6 days ago
Views: 1,375 • Comments: 1 • Rating: 2
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0