"Heartbleeder"

Back in March I made a song about the goto fail bug that resulted in Apple devices allowing “secure” connections to servers without properly checking their credentials—i.e. a huge security hole. At the time I included a line—“the security flaw of the century”—that at the time seemed like harmless hyperbole.

Enter Heartbleed.

If you’re on a slow internet connection, you might want to download the audio instead.

Heartbleed was much worse than goto fail, or the bug in GNU TLS that followed shortly thereafter, or pretty much anything else that’s happened this year. Although it’s been several months since Heartbleed (you have changed all your passwords, haven’t you?), this parody of “Heartbreaker” (Pat Benatar) was too good to pass up. Maybe this will become a thing—major security vulnerability, new guitar parody? We’ll see.

xkcd had a good explanation of how Heartbleed works.


I’m setting up secure connections, using TLS
You’re listening for a heartbeat, better make a request
Send the length with the message,
But the payload data ain’t that long
The response comes in seconds,
And I already know something’s wrong

You’re a heartbleeder, mem reader, spy feeder
Don’t got no security
You’re a heartbleeder, mem reader, spy feeder
So protect yourself, yeah, yeah, yeah

You’re handing out private keys, to anyone who asks
If they want to impersonate ya, you’ve given them a free pass
Send the length with the message,
Then watch as you read off into space
The response comes in seconds,
And they’ve got what they need without leaving a trace

You’re a heartbleeder, mem reader, spy feeder
Leaking my identity
You’re a heartbleeder, mem reader, spy feeder
So upgrade yourself, yeah, yeah, yeah

 
Send the length with the message,
And whatever follows is now exposed
The response comes in seconds,
And certificates, passwords, it’s all hosed

You’re a heartbleeder, mem reader, spy feeder
Ain’t got no security
You’re a heartbleeder, mem reader, spy feeder
Better change your private key

You’re a heartbleeder, mem reader, spy feeder
Leaking your identity
You’re a heartbleeder, mem reader, spy feeder
Don’t expect no trust from me.

blog comments powered by Disqus