Tech

Programmer responsible for Heartbleed bug: It was an accident

Giuseppe Macri Tech Editor
Font Size:

The programmer behind the widespread security flaw that left usernames, passwords, communications, account and event credit card information exposed across the Internet said in a recent interview the bug was a mistake.

German software developer Robin Seggelmann wrote the code portion of OpenSSL responsible for the security hole researchers have deemed catastrophic due to the widespread use of the security software, which encrypts Internet communications on HTTPS-secured sites and services. The security-type, along with the bugged code specifically, has been used by some of the most popular sites and services online for the last two years.

Seggelmann responded to allegations the flaw was implemented purposefully to let hackers intercept users’ private, sensitive information in plain text from the servers behind their Internet destinations. But he claims the mistake was so ‘trivial’ it went unnoticed by reviewers and made it into the final version of OpenSSL that launched on Dec. 31, 2011.

“I was working on improving OpenSSL and submitted numerous bug fixes and added new features,” Seggelmann said in a Friday Sydney Morning Herald report. “In one of the new features, unfortunately, I missed validating a variable containing a length.”

The bug, which Seggelmann said could “be explained pretty easily,” turned out to be quite “severe” according to the programmer — theoretically exposing up to two-thirds of all internet traffic for more than two years.

Seggelmann came forward to dissuade mounting conspiracy theories that the bug had been planted on purpose, and said that given the nature of the damage he understood how that could be easy to believe.

“But in this case, it was a simple programming error in a new feature, which unfortunately occurred in a security relevant area,” Seggelmann said. “It was not intended at all, especially since I have previously fixed OpenSSL bugs myself, and was trying to contribute to the project.”

OpenSSL is attractive precisely for its open-source customizability, which anyone can contribute to, and is an easily implemented security feature. Though the programmer himself denies planting the bug, he doesn’t consider it a stretch of the imagination to assume government surveillance agencies have been exploiting it to intercept and spy on web traffic.

“It is a possibility, and it’s always better to assume the worst than best case in security matters, but since I didn’t know [about] the bug until it was released and [I am] not affiliated with any agency, I can only speculate.”

The programmer described the Heartbleed bug as a perfect example of why more people need to get involved in contributing to widely used open-source security software, as opposed to just adopting it.

“It’s unfortunate that it’s used by millions of people, but only very few actually contribute to it,” Seggelmann said. “The benefit of open source software is that anyone can review the code in the first place.

“The more people look at it, the better, especially with a software like OpenSSL.”

Sites and services are continuing to patch the bug, and some are warning users to stay off the Internet entirely for a few days until the destinations and programs they use have confirmed a fix.

Changing passwords before an update exposes them to the same flaw, and could potentially put them at even greater risk since the flaw was revealed to the public, and possible parties that would seek to take advantage of it.

Follow Giuseppe on Twitter

PREMIUM ARTICLE: Subscribe To Keep Reading

Sign up

By subscribing you agree to our Terms of Use

You're signed up!

Sign up

By subscribing you agree to our Terms of Use

You're signed up!
Sign up

By subscribing you agree to our Terms of Use

You're signed up!

Sign up

By subscribing you agree to our Terms of Use

You're signed up!
Sign up

By subscribing you agree to our Terms of Use

You're signed up!

Sign Up

By subscribing you agree to our Terms of Use

You're signed up!
Sign up

By subscribing you agree to our Terms of Use

You're signed up!
Sign up

By subscribing you agree to our Terms of Use

You're signed up!
BENEFITS READERS PASS PATRIOTS FOUNDERS
Daily and Breaking Newsletters
Daily Caller Shows
Ad Free Experience
Exclusive Articles
Custom Newsletters
Editor Daily Rundown
Behind The Scenes Coverage
Award Winning Documentaries
Patriot War Room
Patriot Live Chat
Exclusive Events
Gold Membership Card
Tucker Mug

What does Founders Club include?

Tucker Mug and Membership Card
Founders

Readers,

Instead of sucking up to the political and corporate powers that dominate America, The Daily Caller is fighting for you — our readers. We humbly ask you to consider joining us in this fight.

Now that millions of readers are rejecting the increasingly biased and even corrupt corporate media and joining us daily, there are powerful forces lined up to stop us: the old guard of the news media hopes to marginalize us; the big corporate ad agencies want to deprive us of revenue and put us out of business; senators threaten to have our reporters arrested for asking simple questions; the big tech platforms want to limit our ability to communicate with you; and the political party establishments feel threatened by our independence.

We don't complain -- we can't stand complainers -- but we do call it how we see it. We have a fight on our hands, and it's intense. We need your help to smash through the big tech, big media and big government blockade.

We're the insurgent outsiders for a reason: our deep-dive investigations hold the powerful to account. Our original videos undermine their narratives on a daily basis. Even our insistence on having fun infuriates them -- because we won’t bend the knee to political correctness.

One reason we stand apart is because we are not afraid to say we love America. We love her with every fiber of our being, and we think she's worth saving from today’s craziness.

Help us save her.

A second reason we stand out is the sheer number of honest responsible reporters we have helped train. We have trained so many solid reporters that they now hold prominent positions at publications across the political spectrum. Hear a rare reasonable voice at a place like CNN? There’s a good chance they were trained at Daily Caller. Same goes for the numerous Daily Caller alumni dominating the news coverage at outlets such as Fox News, Newsmax, Daily Wire and many others.

Simply put, America needs solid reporters fighting to tell the truth or we will never have honest elections or a fair system. We are working tirelessly to make that happen and we are making a difference.

Since 2010, The Daily Caller has grown immensely. We're in the halls of Congress. We're in the Oval Office. And we're in up to 20 million homes every single month. That's 20 million Americans like you who are impossible to ignore.

We can overcome the forces lined up against all of us. This is an important mission but we can’t do it unless you — the everyday Americans forgotten by the establishment — have our back.

Please consider becoming a Daily Caller Patriot today, and help us keep doing work that holds politicians, corporations and other leaders accountable. Help us thumb our noses at political correctness. Help us train a new generation of news reporters who will actually tell the truth. And help us remind Americans everywhere that there are millions of us who remain clear-eyed about our country's greatness.

In return for membership, Daily Caller Patriots will be able to read The Daily Caller without any of the ads that we have long used to support our mission. We know the ads drive you crazy. They drive us crazy too. But we need revenue to keep the fight going. If you join us, we will cut out the ads for you and put every Lincoln-headed cent we earn into amplifying our voice, training even more solid reporters, and giving you the ad-free experience and lightning fast website you deserve.

Patriots will also be eligible for Patriots Only content, newsletters, chats and live events with our reporters and editors. It's simple: welcome us into your lives, and we'll welcome you into ours.

We can save America together.

Become a Daily Caller Patriot today.

Signature

Neil Patel