How a simple malloc and overflowing buffer can make the world go round

Posted: April 9, 2014 in Technology
Tags: , , , , ,

Suddenly the entire web world is full of the openssl vulnerability news “The heartbleed Bug”. This bug has introduced a severe vulnerability to all the https users who use openssl for the secure network transmission. The bug exists because of an overflowing buffer using which anyone can request a lot of secure information from the server including the private key using which someone can even impersonate one for the man in the middle attack. This bug was introduced in the openssl version 1.0.1. Openssl has introduced a patched version 1.0.1g. What this means is that almost all of the internet, from big giants to smaller vendors, needs to update their certificates before some bad guy comes and steals the important information from them.
For the interested programmers and also the newbies who reads in their ABC of programming that malloc and free are dangerous but never understood it how, one can go through the code fix changes and can look for themselves how its necessary to understand the semantics of a programming language before doing something serious.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s