Heartbleed: Coder responsible for 'catastrophic' bug says it can be 'explained pretty easily'

Robin Seggelmann says that Heartbleed was an honest mistake and had nothing to do with surveillance by government security agencies

The programmer responsible for creating the Heartbleed bug that affected millions of websites across the web has come forward to say that the flaw was a mistake and can “be explained pretty easily”.

Robin Seggelmann was working on the OpenSSL software that is used as encryption by major websites as part of his PhD when he amended a section of the code known as the “heartbeat”.

The "heartbeat" lets servers exchange brief messages with the user to check they’re still there. The user’s computer sends the server a randomly-chosen message (for example ‘coffee’) and its length (‘six characters long’).The server then returns this message to confirm that communications between the two are still working fine.

Read more: Heartbleed bug: Do I have to change my password?

Seggelmann’s piece of code unfortunately created a loophole that let malicious users trick the server by claiming that their random message was as long as 64,000 characters. So, in the example above, the server sends back the word ‘coffee’ as well as tens of thousands of characters of potentially damaging information.

As far as hacking attacks go, exploiting Heartbleed would have been an imprecise and slow process, but if users requested enough slices of random information, sooner or later they’d find something sensitive.

“Catastrophic" is the right word," said security expert Bruce Schneier on the potential impact of the bug. "On the scale of 1 to 10, this is an 11."

Heartbleed was introduced to OpenSSl by Seggelmann on New Year’s Eve in 2011, but was only discovered this year by researchers from Google and a Finnish security group known as Codenomicon.

SSL stands for Secure Sockets Layer and is a type of encryption technology used in varying forms by websites to keep their users’ data secure. OpenSSL, the software that contained the bug, is an open source implementation of SSL, meaning that developers around the world contribute to and check its contents for free.

"I was working on improving OpenSSL and submitted numerous bug fixes and added new features," Seggelmann has told the Sydney Morning Herald. "In one of the new features, unfortunately, I missed validating a variable containing a length."

Seggelmann has admitted that the error was “quite trivial” but that its impact was “severe".

"It was not intended at all, especially since I have previously fixed OpenSSL bugs myself, and was trying to contribute to the project."

This admission may assuage those who have suggested that the flaw was introduced by intelligence agencies in order to snoop on the traffic, but as Seggelmann himself has said, just because the bug was a mistake doesn’t mean that it hasn’t been exploited by the likes of the NSA and GCHQ.

"It is a possibility, and it's always better to assume the worst than best case in security matters," said Seggelmann.

Click here to read more about Heartbleed and find out if you need to change your passwords

Sport
The sun rises over St Andrews golf course, but will it be a new dawn for the Royal and Ancient Golf Club?
sportAnd it's Yes to women (at the R&A)
Arts and Entertainment
Friends is celebrating its 20th anniversary this year
tvSeries celebrates 20th anniversary
Sport
Yaya Touré (left) and Bayern Munich’s Spanish defender Juan Bernat
footballToure's lack of defensive work is big problem for City
Voices
voicesApple continually kill off smaller app developers, and that's no good for anyone
PROMOTED VIDEO
Life and Style
ebooksA superb mix of recipes serving up the freshest of local produce in a delicious range of styles
Life and Style
ebooksFrom the lifespan of a slug to the distance to the Sun: answers to 500 questions from readers
Arts and Entertainment
Liam Neeson said he wouldn't
tv

Liam Neeson's Downton dreams

Sport
Wembley Stadium
footballNews follows deal with Germany
Arts and Entertainment
A spell in the sun: Emma Stone and Colin Firth star in ‘Magic in the Moonlight’
filmReview: Magic In The Moonlight
Sport
A 'Sir Alex Feguson' tattoo
football

Arts and Entertainment
Ben Whishaw is replacing Colin Firth as the voice of Paddington Bear
tv

Thriller is set in the secret world of British espionage

Life and Style
life

News
ScienceGallery: Otherwise known as 'the best damn photos of space you'll see till 2015'
Life and Style
fashion

Bomber jacket worn by Mary Berry sells out within an hour

Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Technical Product Marketing Specialist - London - £70,000

    £50000 - £70000 per annum: Ashdown Group: Cloud Product and Solutions Marketin...

    Trainee Helpdesk Analyst / 1st Line Application Support Analyst

    £18000 per annum: Ashdown Group: An established and growing IT Consultancy fir...

    Data Analyst / Marketing Database Analyst

    £24000 per annum: Ashdown Group: An established and growing IT Consultancy fir...

    Business Analyst – 2 year fixed term contract – Kent – Circa £55k

    £45000 - £55000 Per Annum 31 days holiday, pension, healthcare, annual bonus: ...

    Day In a Page

    Mystery of the Ground Zero wedding photo

    A shot in the dark

    Mystery of the wedding photo from Ground Zero
    His life, the universe and everything

    His life, the universe and everything

    New biography sheds light on comic genius of Douglas Adams
    Save us from small screen superheroes

    Save us from small screen superheroes

    Shows like Agents of S.H.I.E.L.D are little more than marketing tools
    Reach for the skies

    Reach for the skies

    From pools to football pitches, rooftop living is looking up
    These are the 12 best hotel spas in the UK

    12 best hotel spas in the UK

    Some hotels go all out on facilities; others stand out for the sheer quality of treatments
    These Iranian-controlled Shia militias used to specialise in killing American soldiers. Now they are fighting Isis, backed up by US airstrikes

    Widespread fear of Isis is producing strange bedfellows

    Iranian-controlled Shia militias that used to kill American soldiers are now fighting Isis, helped by US airstrikes
    Topshop goes part Athena poster, part last spring Prada

    Topshop goes part Athena poster, part last spring Prada

    Shoppers don't come to Topshop for the unique
    How to make a Lego masterpiece

    How to make a Lego masterpiece

    Toy breaks out of the nursery and heads for the gallery
    Meet the ‘Endies’ – city dwellers who are too poor to have fun

    Meet the ‘Endies’ – city dwellers who are too poor to have fun

    Urbanites are cursed with an acronym pointing to Employed but No Disposable Income or Savings
    Paisley’s decision to make peace with IRA enemies might remind the Arabs of Sadat

    Ian Paisley’s decision to make peace with his IRA enemies

    His Save Ulster from Sodomy campaign would surely have been supported by many a Sunni imam
    'She was a singer, a superstar, an addict, but to me, her mother, she is simply Amy'

    'She was a singer, a superstar, an addict, but to me, her mother, she is simply Amy'

    Exclusive extract from Janis Winehouse's poignant new memoir
    Is this the role to win Cumberbatch an Oscar?

    Is this the role to win Cumberbatch an Oscar?

    The Imitation Game, film review
    England and Roy Hodgson take a joint step towards redemption in Basel

    England and Hodgson take a joint step towards redemption

    Welbeck double puts England on the road to Euro 2016
    Relatives fight over Vivian Maier’s rare photos

    Relatives fight over Vivian Maier’s rare photos

    Pictures removed from public view as courts decide ownership
    ‘Fashion has to be fun. It’s a big business, not a cure for cancer’

    ‘Fashion has to be fun. It’s a big business, not a cure for cancer’

    Donatella Versace at New York Fashion Week