Advertisement
Canada

Meet the man who broke the Internet

Heartbleed bug: How to create a more secure password
The Heartbleed bug was discovered independently by researchers at Google Inc. and the Finnish security firm Codenomicon. Screenshot/Heartbleed.com

The biggest internet security breach in history can be credited to one man: Robin Seggelmann.

The 31-year-old Germany-based computer programmer is responsible for “Heartbleed,” the Internet bug that has compromised personal and Internet security worldwide.

“I was working on improving OpenSSL and submitted numerous bug fixes and added new features,” Seggelmann told the Sydney Morning Herald. “In one of the new features, unfortunately, I missed validating a variable containing a length.”

Put simply, it was an innocent coding error he overlooked.

READ MORE: Heartbleed bug affecting networking hardware, mobile apps and more

The code that released the bug was written New Year’s Eve 2011 by Seggelmann at 10:59 p.m.

The site Linuxtag.org features an entry of Robin Seggelmann. A section titled ‘Data Sheet’ reads:

Story continues below advertisement

A day is perfect for me, if …
… a problem has been solved.

It really annoys me, when …
… a bug was fixed after hours and hours of trouble shooting, only to stumble upon the next bug.

Even UK OpenSSL consultant Dr. Stephen Henson managed to overlook the error upon review.

Seggelmann claims that the error was unintentional, telling Fairfax Media, “It’s tempting to assume that, after the disclosure of the spying activities of the NSA and other agencies, but in this case it was a simple programming error in a new feature, which unfortunately occurred in a security-relevant area.”

“It was not intended at all, especially since I have previously fixed Open SSL bugs myself, and was trying to contribute to the project,” he added.

READ MORE: Federal public websites disabled due to bug

Seggelmann is a contributor to Internet Engineering Task Force (IETF), a not-for-profit organization dedicated to making the Internet work better. A year after creating the bug, he submitted his PhD thesis, “Strategies to Secure End-to-End Communication,” to the University of Duisburg-Essen.

OpenSSL is an open Internet set of libraries used for encryption. This means that OpenSSL projects are open to others to contribute. It is a small company run by 13 volunteers and is considered to be one of the Internet’s most important sources. And because no one owns the code, no one is liable, says the Sydney Morning Herald.

Story continues below advertisement

Dr. Michael Tuexen supervised Seggelmann’s thesis, and came to his defence. He told Fairfax Media: “Please note that he initially also fixed several bugs in the OpenSSL. Most of the submitted patches were finally accepted by the project. So adding the feature was not his first patch. Unfortunately, this patch contained the bug.”

Seggelmann has worked for Deutsche Telekon IT services subsidiary T-Systems, one of Germany’s largest consultant agencies as a solution architect.

A photo of Seggelmann from Linuxtag.org.
A photo of Seggelmann from Linuxtag.org. Linuxtag.org.