Heartbleed: Coder responsible for 'catastrophic' bug says it can be 'explained pretty easily'

Robin Seggelmann says that Heartbleed was an honest mistake and had nothing to do with surveillance by government security agencies

The programmer responsible for creating the Heartbleed bug that affected millions of websites across the web has come forward to say that the flaw was a mistake and can “be explained pretty easily”.

Robin Seggelmann was working on the OpenSSL software that is used as encryption by major websites as part of his PhD when he amended a section of the code known as the “heartbeat”.

The "heartbeat" lets servers exchange brief messages with the user to check they’re still there. The user’s computer sends the server a randomly-chosen message (for example ‘coffee’) and its length (‘six characters long’).The server then returns this message to confirm that communications between the two are still working fine.

Read more: Heartbleed bug: Do I have to change my password?

Seggelmann’s piece of code unfortunately created a loophole that let malicious users trick the server by claiming that their random message was as long as 64,000 characters. So, in the example above, the server sends back the word ‘coffee’ as well as tens of thousands of characters of potentially damaging information.

As far as hacking attacks go, exploiting Heartbleed would have been an imprecise and slow process, but if users requested enough slices of random information, sooner or later they’d find something sensitive.

“Catastrophic" is the right word," said security expert Bruce Schneier on the potential impact of the bug. "On the scale of 1 to 10, this is an 11."

Heartbleed was introduced to OpenSSl by Seggelmann on New Year’s Eve in 2011, but was only discovered this year by researchers from Google and a Finnish security group known as Codenomicon.

SSL stands for Secure Sockets Layer and is a type of encryption technology used in varying forms by websites to keep their users’ data secure. OpenSSL, the software that contained the bug, is an open source implementation of SSL, meaning that developers around the world contribute to and check its contents for free.

"I was working on improving OpenSSL and submitted numerous bug fixes and added new features," Seggelmann has told the Sydney Morning Herald. "In one of the new features, unfortunately, I missed validating a variable containing a length."

Seggelmann has admitted that the error was “quite trivial” but that its impact was “severe".

"It was not intended at all, especially since I have previously fixed OpenSSL bugs myself, and was trying to contribute to the project."

This admission may assuage those who have suggested that the flaw was introduced by intelligence agencies in order to snoop on the traffic, but as Seggelmann himself has said, just because the bug was a mistake doesn’t mean that it hasn’t been exploited by the likes of the NSA and GCHQ.

"It is a possibility, and it's always better to assume the worst than best case in security matters," said Seggelmann.

Click here to read more about Heartbleed and find out if you need to change your passwords

PROMOTED VIDEO
Life and Style
ebookNow available in paperback
ebooks
ebookPart of The Independent’s new eBook series The Great Composers
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Recruitment Genius: Web Design Apprentice

    £6240 per annum: Recruitment Genius: This company is a well established websit...

    Recruitment Genius: Senior .Net Application Developer

    £40000 - £60000 per annum: Recruitment Genius: This is a fantastic opportunity...

    Recruitment Genius: .Net / SQL Developer

    £25000 - £35000 per annum: Recruitment Genius: A skilled .NET developer with e...

    Recruitment Genius: IT Technical Support Engineer - PC/Mac

    £25000 - £30000 per annum: Recruitment Genius: This IT support company are cur...

    Day In a Page

    Isis hostage crisis: The prisoner swap has only one purpose for the militants - recognition its Islamic State exists and that foreign nations acknowledge its power

    Isis hostage crisis

    The prisoner swap has only one purpose for the militants - recognition its Islamic State exists and that foreign nations acknowledge its power, says Robert Fisk
    Missing salvage expert who found $50m of sunken treasure before disappearing, tracked down at last

    The runaway buccaneers and the ship full of gold

    Salvage expert Tommy Thompson found sunken treasure worth millions. Then he vanished... until now
    Homeless Veterans appeal: ‘If you’re hard on the world you are hard on yourself’

    Homeless Veterans appeal: ‘If you’re hard on the world you are hard on yourself’

    Maverick artist Grayson Perry backs our campaign
    Assisted Dying Bill: I want to be able to decide about my own death - I want to have control of my life

    Assisted Dying Bill: 'I want control of my life'

    This week the Assisted Dying Bill is debated in the Lords. Virginia Ironside, who has already made plans for her own self-deliverance, argues that it's time we allowed people a humane, compassionate death
    Move over, kale - cabbage is the new rising star

    Cabbage is king again

    Sophie Morris banishes thoughts of soggy school dinners and turns over a new leaf
    11 best winter skin treats

    Give your moisturiser a helping hand: 11 best winter skin treats

    Get an extra boost of nourishment from one of these hard-working products
    Paul Scholes column: The more Jose Mourinho attempts to influence match officials, the more they are likely to ignore him

    Paul Scholes column

    The more Jose Mourinho attempts to influence match officials, the more they are likely to ignore him
    Frank Warren column: No cigar, but pots of money: here come the Cubans

    Frank Warren's Ringside

    No cigar, but pots of money: here come the Cubans
    Isis hostage crisis: Militant group stands strong as its numerous enemies fail to find a common plan to defeat it

    Isis stands strong as its numerous enemies fail to find a common plan to defeat it

    The jihadis are being squeezed militarily and economically, but there is no sign of an implosion, says Patrick Cockburn
    Virtual reality thrusts viewers into the frontline of global events - and puts film-goers at the heart of the action

    Virtual reality: Seeing is believing

    Virtual reality thrusts viewers into the frontline of global events - and puts film-goers at the heart of the action
    Homeless Veterans appeal: MP says Coalition ‘not doing enough’

    Homeless Veterans appeal

    MP says Coalition ‘not doing enough’ to help
    Larry David, Steve Coogan and other comedians share stories of depression in new documentary

    Comedians share stories of depression

    The director of the new documentary, Kevin Pollak, tells Jessica Barrett how he got them to talk
    Has The Archers lost the plot with it's spicy storylines?

    Has The Archers lost the plot?

    A growing number of listeners are voicing their discontent over the rural soap's spicy storylines; so loudly that even the BBC's director-general seems worried, says Simon Kelner
    English Heritage adds 14 post-war office buildings to its protected lists

    14 office buildings added to protected lists

    Christopher Beanland explores the underrated appeal of these palaces of pen-pushing
    Human skull discovery in Israel proves humans lived side-by-side with Neanderthals

    Human skull discovery in Israel proves humans lived side-by-side with Neanderthals

    Scientists unearthed the cranial fragments from Manot Cave in West Galilee