Heartbleed: Coder responsible for 'catastrophic' bug says it can be 'explained pretty easily'

Robin Seggelmann says that Heartbleed was an honest mistake and had nothing to do with surveillance by government security agencies

The programmer responsible for creating the Heartbleed bug that affected millions of websites across the web has come forward to say that the flaw was a mistake and can “be explained pretty easily”.

Robin Seggelmann was working on the OpenSSL software that is used as encryption by major websites as part of his PhD when he amended a section of the code known as the “heartbeat”.

The "heartbeat" lets servers exchange brief messages with the user to check they’re still there. The user’s computer sends the server a randomly-chosen message (for example ‘coffee’) and its length (‘six characters long’).The server then returns this message to confirm that communications between the two are still working fine.

Read more: Heartbleed bug: Do I have to change my password?

Seggelmann’s piece of code unfortunately created a loophole that let malicious users trick the server by claiming that their random message was as long as 64,000 characters. So, in the example above, the server sends back the word ‘coffee’ as well as tens of thousands of characters of potentially damaging information.

As far as hacking attacks go, exploiting Heartbleed would have been an imprecise and slow process, but if users requested enough slices of random information, sooner or later they’d find something sensitive.

“Catastrophic" is the right word," said security expert Bruce Schneier on the potential impact of the bug. "On the scale of 1 to 10, this is an 11."

Heartbleed was introduced to OpenSSl by Seggelmann on New Year’s Eve in 2011, but was only discovered this year by researchers from Google and a Finnish security group known as Codenomicon.

SSL stands for Secure Sockets Layer and is a type of encryption technology used in varying forms by websites to keep their users’ data secure. OpenSSL, the software that contained the bug, is an open source implementation of SSL, meaning that developers around the world contribute to and check its contents for free.

"I was working on improving OpenSSL and submitted numerous bug fixes and added new features," Seggelmann has told the Sydney Morning Herald. "In one of the new features, unfortunately, I missed validating a variable containing a length."

Seggelmann has admitted that the error was “quite trivial” but that its impact was “severe".

"It was not intended at all, especially since I have previously fixed OpenSSL bugs myself, and was trying to contribute to the project."

This admission may assuage those who have suggested that the flaw was introduced by intelligence agencies in order to snoop on the traffic, but as Seggelmann himself has said, just because the bug was a mistake doesn’t mean that it hasn’t been exploited by the likes of the NSA and GCHQ.

"It is a possibility, and it's always better to assume the worst than best case in security matters," said Seggelmann.

Click here to read more about Heartbleed and find out if you need to change your passwords

Life and Style
ebookNow available in paperback
ebooks
ebookA delicious collection of 50 meaty main courses
Life and Style
healthMeet the volunteer users helping to see if the banned drug can help cure depression and addiction
Arts and Entertainment
tvDick Clement and Ian La Frenais are back for the first time in a decade
Life and Style
tech
News
i100
News
Foo Fighters lead man Dave Grohl talks about the band's forthcoming HBO documentary series
people
News
i100
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Recruitment Genius: Software Developer

    £27500 - £35000 per annum: Recruitment Genius: This is an exciting opportunity...

    Recruitment Genius: IT Support Analyst

    £35000 - £45000 per annum: Recruitment Genius: They are the go-to company for ...

    Guru Careers: Graduate Software Developer / Junior Developer

    £20 - 28k + Benefits: Guru Careers: We are seeking a Graduate Software Develop...

    Recruitment Genius: Digital Web Designer

    Negotiable: Recruitment Genius: A Digital Web Designer is required to join a f...

    Day In a Page

    Thousands of teenage girls enduring debilitating illnesses after routine school cancer vaccination

    Health fears over school cancer jab

    Shock new Freedom of Information figures show how thousands of girls have suffered serious symptoms after routine HPV injection
    Fifa President Sepp Blatter warns his opponents: 'I forgive everyone, but I don't forget'

    'I forgive everyone, but I don't forget'

    Fifa president Sepp Blatter issues defiant warning to opponents
    Extreme summer temperatures will soon cause deaths of up to 1,700 more Britons a year, says government report

    Weather warning

    Extreme summer temperatures will soon cause deaths of up to 1,700 more Britons a year, says government report
    LSD: Speaking to volunteer users of the drug as trials get underway to see if it cures depression and addiction

    High hopes for LSD

    Meet the volunteer users helping to see if it cures depression and addiction
    Why the cost of parenting has become so expensive

    Why the cost of parenting has become so expensive

    Today's pre-school child costs £35,000, according to Aviva. And that's but the tip of an iceberg, says DJ Taylor
    Fifa corruption: The officials are caught in the web of US legal imperialism - where double standards don't get in the way

    Caught in the web of legal imperialism

    The Fifa officials ensnared by America's extraterritorial authority are only the latest examples of this fearsome power, says Rupert Cornwell
    Bruce Robinson: Creator of Withnail and I on his new book about Jack the Ripper

    'Jack the Ripper has accrued a heroic aura. But I'm going after the bastard'

    The deaths of London prostitutes are commonly pinned on a toff in a top hat. But Bruce Robinson, creator of Withnail and I, has a new theory about the killer's identity
    Fifa presidential election: What is the best way to see off Sepp Blatter and end this farce?

    Michael Calvin's Last Word

    What is the best way to see off Sepp Blatter and end this farce?
    Mediterranean migrant crisis: 'If Europe thinks bombing boats will stop smuggling, it will not. We will defend ourselves,' says Tripoli PM

    Exclusive interview with Tripoli PM Khalifa al-Ghweil

    'If Europe thinks bombing boats will stop smuggling, it will not. We will defend ourselves'
    Raymond Chandler's Los Angeles: How the author foretold the Californian water crisis

    Raymond Chandler's Los Angeles

    How the author foretold the Californian water crisis
    Chinese artist who posted funny image of President Xi Jinping facing five years in prison as authorities crackdown on dissent in the arts

    Art attack

    Chinese artist who posted funny image of President Xi Jinping facing five years in prison
    Marc Jacobs is putting Cher in the limelight as the face of his latest campaign

    Cher is the new face of Marc Jacobs

    Alexander Fury explains why designers are turning to august stars to front their lines
    Parents of six-year-old who beat leukaemia plan to climb Ben Nevis for cancer charity

    'I'm climbing Ben Nevis for my daughter'

    Karen Attwood's young daughter Yasmin beat cancer. Now her family is about to take on a new challenge - scaling Ben Nevis to help other children
    10 best wedding gift ideas

    It's that time of year again... 10 best wedding gift ideas

    Forget that fancy toaster, we've gone off-list to find memorable gifts that will last a lifetime
    Paul Scholes column: With the Premier League over for another year, here are my end of season awards

    Paul Scholes column

    With the Premier League over for another year, here are my end of season awards