Heartbleed: When Asking Nicely Leaked the Server's Secrets
A missing length check in OpenSSL let anyone read chunks of a server's memory, including private keys and passwords. Here is how Heartbleed (CVE-2014-0160) worked and why it was so serious.
5 posts
A missing length check in OpenSSL let anyone read chunks of a server's memory, including private keys and passwords. Here is how Heartbleed (CVE-2014-0160) worked and why it was so serious.
A plain English walk through of what happens when you load an https site: the TLS handshake, how certificates prove identity, and why the padlock does not mean a site is safe.
Why storing passwords is harder than it looks, what a salt actually does, and why a fast hash like SHA-256 is the wrong tool for the job. A plain English primer for people learning security.
Encryption in everyday language: what it means to scramble data, the difference between symmetric and asymmetric keys, how real systems combine both, and where you already rely on it every single day.
Cryptography is more than encryption. A beginner friendly guide to what it actually covers, and the difference between encrypting, hashing, signing, and encoding that trips almost everyone up.