Posts Tagged security
Let’s synchronise our beating hearts and I’ll
lay open just for you my very soul,
secure that you would never take control.
So, [End Of File]
Well thank you for your frankness; I’ll compile
some poems of my own uncensored whole,
that you may take a key companion role,
and take this key to tour my domicile.
My dear, do you not see that you’ve been played?
My heart’s not big; I sent but lies to you,
and used you for your private information;
I felt inside your sockets and got laid.
I understood what hearts are meant to do
is bleed with force to drive the circulation.
For those who have been out in the real world for the last few days instead of living in an internet-enabled cave like the rest of us, there’s a serious bug in OpenSSL which allows private information to be leaked to malicious users in much the same way as illustrated in this poem. It means that you should probably change your passwords on any site that had the buggy version of OpenSSL installed, provided it has been fixed; if the site hasn’t been fixed yet, there’s no point changing your password since the new one could still be hacked. Here is one list of servers and their status with regards to this bug; there are probably others. The bug is called Heartbleed, because it happens when a client sends a ‘heartbeat’ (to keep the connection alive) and pretends that it is sending more data than it actually is, and the server doesn’t check this, so when it tries to respond with the same data, it sends a random assortment of its own data the size of what the client said it had sent.
The ‘SSL’ in OpenSSL stands for ‘Secure Sockets Layer‘, which is supposed to be what keeps secret information safe on the internet, but this bug made it more open than secure. I made sure to include the words (or derivatives thereof) ‘Open’, ‘secure’, ‘sockets’ and ‘layer’ in order (with an additional ‘lay’ for luck) in the poem, so that the lying no-good user is in fact an open, secure, sockets layer.
If you have been living in the right kind of cave, you might be interested in seeing the code change which caused the bug.
I’ve never understood what ‘bleeding heart’ was supposed to mean. Bleeding, forcefully and rhythmically, is the heart’s primary function. Maybe its only function, but you never can tell with biology. If there isn’t blood coming out of your heart, you’re in very bad shape. You should get that looked at even before changing your passwords.
Addendum: I should perhaps point out that the heartbeat has nothing to do with synchronising anything; that’s just a sappy thing lovers sometimes talk about which seemed like a good way to get heartbeats into the poem. Don’t expect anything in the first quatrain to be accurate; it’s a malicious SSL client talking. Also, here‘s an article someone I know from JoCo Cruise Crazy wrote about Heartbleed, which seems like it has some useful links and information; I haven’t read it thoroughly yet, though, so for all I know it has a nice introduction and then an end of file marker.