Monthly Archives: April 2014

An excellent dissection of the Heartbleed bug affecting OpenSSL

Heartbleed Dissection The short version is that the heartbeat for OpenSSL sends data to the server and the server sends the data back. The issue is that the length specified in the header isn’t checked to verify it matches the length of the actual data, so the server simply responds with the number of bytes […]