A few days ago, OpenSSL’s “The Heart” vulnerability caused by the vulnerability, almost swept the world, domestic and foreign white hat black hat crazy brush data brush points, the security departments of major websites also met the crisis that never had. Although everyone discussed very enthusiastic, for users, they only care about one thing: Is our payment money safe?
In addition, the curious people may know what errors in OpenSSL’s programmers have made it. It is good to have the geek website like XKCD, showing the principle and cute of this vulnerability in the most popular way. Place.
I still don’t understand the classmates: the so-called Heartbleated statement is derived from “Heartbeat”, that is, the user has passed the TSL encrypted link, initiates the client hello inquiry, whether the server is normal online (the metaphor of the image is a heart pulse), the server Send back Server Hello indicating that SSL communication is established normally. Every time I ask, I will add a query, and BUG is coming, if this PAD LENGTH is greater than the actual length, the server still returns the same size character information, which causes offshore access to the memory information.