Programmer Who Introduced ‘Heartbleed’ Bug Speaks

“Quite trivial”
Image via Shutterstock

The Sydney Morning Herald has a piece on the man who made a lot of Internet system administrators’ lives miserable this week, the German programmer who introduced the Heartbleed bug into the OpenSSL code.

There’s been way too much embarrassing noobish speculation from some quarters of the journalistic arena that the NSA might have planted this bug deliberately, years ago, and has been spying on their emails and cat pictures ever since, but no — developer Robin Seggelmann says it was “a simple programming error,” as I had assumed.

The type of programming mistake he describes is known as a “bounds checking error.” They’re depressingly common and are often the cause of serious security problems.

Mr Seggelmann, of Münster in Germany, said the bug which introduced the flaw was “unfortunately” missed by him and a reviewer when it was introduced into the open source OpenSSL encryption protocol over two years ago.

“I was working on improving OpenSSL and submitted numerous bug fixes and added new features,” he said.

“In one of the new features, unfortunately, I missed validating a variable containing a length.”

And about that noobish speculation:

A number of conspiracy theorists have speculated the bug was inserted maliciously.

Mr Seggelmann said it was “tempting” to assume this, especially after the disclosure by Edward Snowden of the spying activities conducted by the US National Security Agency and others.

“But in this case, it was a simple programming error in a new feature, which unfortunately occurred in a security relevant area,” he said. “It was not intended at all, especially since I have previously fixed OpenSSL bugs myself, and was trying to contribute to the project.”

Despite denying he put the bug into the code intentionally, he said it was entirely possible intelligence agencies had been making use of it over the past two years.

“It is a possibility, and it’s always better to assume the worst than best case in security matters, but since I didn’t know the bug until it was released and [I am] not affiliated with any agency,” Mr Seggelmann said.

Seggelmann is correct on that last point; the really awful part of Heartbleed is that it leaves almost no trace it grabbed everything in your web server’s memory. (And I only say “almost no trace” because at this point I don’t believe anyone has a system for detecting it, but it might be possible by analyzing server logs.)

Since the bug has been deployed in the OpenSSL service on countless web servers for more than two years, it’s not wild speculation to think it’s probably already been exploited, and national security services are usually among the first to find these things; but I’m less worried about the NSA than I am about criminal hacking gangs who operate with tacit approval from the Russian and Chinese governments.

And this is a great time to remind everyone that it would be an excellent idea to change your LGF password now (and don’t reuse a password you’ve used somewhere else!), because we have completed all the necessary steps to make sure our servers are no longer vulnerable to this exploit.

Jump to top

Create a PageThis is the LGF Pages posting bookmarklet. To use it, drag this button to your browser's bookmark bar, and title it 'LGF Pages' (or whatever you like). Then browse to a site you want to post, select some text on the page to use for a quote, click the bookmarklet, and the Pages posting window will appear with the title, text, and any embedded video or audio files already filled in, ready to go.
Or... you can just click this button to open the Pages posting window right away.
Last updated: 2016-01-01 10:29 am PST
LGF User's Guide RSS Feeds Tweet

Help support Little Green Footballs!

Subscribe now for ad-free access!Register and sign in to a free LGF account before subscribing, and your ad-free access will be automatically enabled.

Donate with
PayPal
Square Cash Shop at amazon
as an LGF Associate!
Recent PagesClick to refresh
The Smiths - How Soon Is Now? (Official Music Video) Watch the official music video for "How Soon Is Now"Amazon: po.stiTunes: po.stGoogle: po.stFacebook: po.st "How Soon Is Now?" was originally a B-side of the 1984 single "William, It Was Really Nothing". "How Soon Is Now?" was featured on the ...
Thanos
23 hours, 7 minutes ago
Views: 176 • Comments: 0 • Rating: 0
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
2017 Hurricanes and Aerosols Simulation This is fascinating, I recommend full screen How can you see the atmosphere? By tracking what is carried on the wind. Tiny aerosol particles such as smoke, dust, and sea salt are transported across the globe, making visible weather ...
Thanos
1 day, 2 hours ago
Views: 169 • Comments: 0 • Rating: 0
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
Incredibles 2 Official Teaser Trailer The teaser trailer for "Incredibles 2" is here. Disney/Pixar's "Incredibles 2" opens in theatres in 3D June 15th, 2018. Everyone’s favorite family of superheroes is back in “Incredibles 2” – but this time Helen (voice of Holly Hunter) is ...
Thanos
2 days, 1 hour ago
Views: 248 • Comments: 0 • Rating: 0
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
Deadpool’s “Wet on Wet” Teaser After surviving a near fatal bovine attack, a disfigured cafeteria chef (Wade Wilson) struggles to fulfill his dream of becoming Mayberry’s hottest bartender while also learning to cope with his lost sense of taste. Searching to regain his spice ...
Thanos
4 days, 2 hours ago
Views: 518 • Comments: 0 • Rating: 0
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
Voice of America Reporter Outed as Alt-Right However, using information Fatzick himself posted on Reddit — including his age, girlfriend’s name, former employers, friends, location, educational background, and sports affiliations — this reporter was able to tie the vile posts of UncleSam4200 to the Voice of ...
Thanos
5 days, 16 hours ago
Views: 671 • Comments: 3 • Rating: 2
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
Gary Clark Jr - Come Together (Official Music Video) [From the Justice League Movie Soundtrack] Official Video for "Come Together" by Gary Clark Jr. featured in the Justice League Movie trailer. In theaters November 17th 2017.Directed by Kris Merc Get the song now at garyclarkjr.com Check out the Justice League soundtrack here: lnk.to Follow ...
Thanos
1 week ago
Views: 633 • Comments: 1 • Rating: 2
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
Kimbra - Top of the World (Official Music Video)New from Kimbra The new single Top of the World is available now on Apple Music, Spotify, Google Play, and more. Get the single here - kmbra.me The new studio album Primal Heart out wwide January 19th, 2018Preorder now - ...
Thanos
1 week, 1 day ago
Views: 664 • Comments: 0 • Rating: 0
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
The Barr Brothers - Song That I Heard (Live on KEXP) kexp.org presents The Barr Brothers performing "Song That I Heard" live at Breakglass Studios during POP Montreal 2017. Recorded September 16, 2017. Audio Engineer: James BenjaminCameras: Jim Beckmann, Ian Cameron & Scott HolpainenEditor: Jim Beckmann kexp.orgpopmontreal.combreakglass.ca With support from ...
Thanos
1 week, 3 days ago
Views: 730 • Comments: 0 • Rating: 0
Tweets: 1 • Share to Facebook
Shares: 0
Comments: 0
: 0
Left Cries Foul, but Electoral College Prevents Tyranny of the Majority I'm speechless...this is what we have to fight against: Image: constitution-1486010_960_720.jpg Author: Paul Jenkins(Paul Jenkins is editor of the anchoragedailyplanet.com, a division of Porcaro Communications) The political left and its mouthpiece, The New York Times, are still fuming over ...
Cheechako
1 week, 3 days ago
Views: 882 • Comments: 2 • Rating: 3
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
Tune-Yards - Look at Your Hands (Official Video) 'Look at Your Hands' by Tune-Yards. New album 'I can feel you creep into my private life' is released January 19th 2018: smarturl.it Video by Michael SpeedFootage by Marisa Gesualdi & Jennifer SommerAdditional photos by Nate Brenner, Ginger Fierstein ...
Thanos
1 week, 5 days ago
Views: 987 • Comments: 0 • Rating: 0
Tweets: 1 • Share to Facebook
Shares: 0
Comments: 0
: 0