The OpenSSL Heartbleed Exploit And You Options

About half a day ago, there was bit of a bombshell dropped on the open source crypto-community, when it was announced that the extremely common OpenSSL cryptographic library was vulnerable to an information disclosure exploit, dubbed [heartbleed.com] Heartbleed. Among other things, this library is frequently used to provide SSL/TLS (HTTPS) encryption for website traffic. The exploit would allow a remote unauthenticated attacker to disclose 64KB of random memory space on a server by triggering a flaw in how SSL/TLS heartbeats were implemented. Crucially, the attack could be repeated ad nauseam without producing anything suspicious in the logs until the desired information was obtained - most critically, the server's private certificate keys.

Vulnerable versions of the library have been widely deployed - about 2/3rds of the internet is powered by the technology in question, and you should assume that the majority of those use a vulnerable version, which has been available (and recommended) since March 2012. In the most common configurations, obtaining a server's private keys would allow an adversary to decrypt all traffic that has ever been transferred using the certificate in question - in other words, SSL/TLS encryption for a large number of sites has for all intents and purposes been broken for more than two years.

While we don't use encryption for most non-important stuff, our configuration for the parts that do have never been fully vulnerable to this attack. Prior to January of this year we were using an older version of OpenSSL that was not vulnerable. A new server using a vulnerable version of OpenSSL was deployed in January, but at the same time we also deployed Perfect Forward Secrecy, which generates fresh encryption keys per-session and therefore fully mitigates the decryption of historic and future traffic based on certificate keys. In other words, the only part of this we have ever been vulnerable to would have been an active Man-in-the-Middle attack, and I have no reason to believe this has taken place. Still, this should now be patched and no longer vulnerable, and I've reissued our certificates just to be safe. So while I don't think it's strictly necessary, if you subscribe to the Paranoid Approach to security, you may consider changing your password.

I still feel it is important to inform people that the majority of SSL/TLS traffic they have transferred over the internet for the last couple of years should be considered compromised, as if it was transferred in plain text. Perfect Forward Secrecy was only available at 6.3% of all HTTPS-enabled websites as per April 2014, so chances are high that any given site does not implement it. This doesn't just apply to websites, but everything that uses SSL/TLS, such as mail servers, chatting services and the Tor network. Furthermore, there is no way for a visitor to tell if a site has been or currently is vulnerable. For the foreseeable future, you should therefore assume that SSL/TLS is worthless as far as protecting your data goes, until the service in question tells you otherwise.

tl;dr: SSL/TLS (HTTPS) is broken, we're mostly not affected.

My workplace was hit by this last year, mandatory reporting of data being compromised is not required in many countries. So even if servers did get hacked and the company did find out they don't necessarily have to tell anyone.

Looks like I'm doing my banking in person for the next little while...

Whoa, that's a big one.

My workplace was hit by this last year, mandatory reporting of data being compromised is not required in many countries. So even if servers did get hacked and the company did find out they don't necessarily have to tell anyone.

Yeah, many larger companies have been hit with a massive data breach in recent history (Sony, Adobe and Target being notable ones), but this affects quite literally every "secure" website on the net. Outside of the decryption of all the encrypted traffic, it could also compromise other data on the server doing the SSL. While most larger websites wouldn't store anything sensitive on the frontend, it could still reveal data like session keys in the frontend's RAM without even requiring eavesdropping/MITM of the connection itself, which could for example let you hijack people's online banking sessions.

Oh. Shit.

I think this exploit has been know about theoretically for quite some time, I've always disliked heartbeats as they have been exploited for a decade.

The hacker claimed they got 200k user details, but it was dismissed because there were no logs... The articles are saying that the exploit leaves no logs lol.

which could for example let you hijack people's online banking sessions.

Yeah that blows. I might stop netbanking for a while.

This post has been edited by EsotericSatire: Apr 8 2014, 16:03

I love this shit.


PS : NSA has all your passwords.

This post has been edited by Pillowgirl: Apr 8 2014, 17:13

EFF was shouting about other problems with TLS for years, most notably about the unreliability of certification authorities. With this one they must gone mad.

So remember, if you wanna a secure connection use an ssh tunnel.

Cisco shall lock Mr. Eric Young in the basement 'till he fixes his library

Yeah, this is something I was desperatly to hear/read. Now, I feel secure alright. Probably, walking down a dark alley in the middle of a night without moonshine is still a bit more dangerous than being online but only by a hairbreadth.

Oh my god the internet's jacked. Can't wait for the incidents our enterprise customers are going to be logging. (IMG:[invalid] style_emoticons/default/blink.gif)
Crazy to think Tor's just another open network, or was if patched now, in this context.

This post has been edited by dnbdave: Apr 8 2014, 19:26

Thank you Tenboro for the news. Your post is the most detailed yet concise explanation of both background info and how/why we are affected.

The next time I forget any of my passwords, I will send a request to the NSA asking them to send them to me.

This post has been edited by Anime Janai: Apr 8 2014, 20:18

Tor's just another open network, or was if patched now, in this context.

A Tor endpoint will use the OpenSSL lib on the running OS, as you cannot tell which endpoints use a compromised OS and which doesn't, better consider that the network is not safe. It's not a patch that the Tor developers can do, it depends on each endpoint.

So most credit card transactions done online for the better part of the last two years were open and vulnerable from all the sites that migrated to this crypto-scheme?

Oddly, my main bank would not let me netbank without giving up paper statements entirely so that's not an issue for me... until I remember that I have been paying my credit card bills online by bank transfer for the last half dozen years.

This post has been edited by teenyman45: Apr 8 2014, 23:02

Only 8 releases are affected by the bug, namely the 1.0.1 branch and 1.0.2-beta1.
If your bank hasn't updated OpenSSL in about two years (really not unlikely), you have nothing to worry about. Assuming your bank is even using OpenSSL, that is.

A Tor endpoint will use the OpenSSL lib on the running OS, as you cannot tell which endpoints use a compromised OS and which doesn't, better consider that the network is not safe. It's not a patch that the Tor developers can do, it depends on each endpoint.

Lovely. Might as well dump Tor entirely unless endpoint interrogation is done to determine which are hosted on OS's still running broken versions. Tor II - The Revengencer - coming soon.

Terrifying stuff. O_O

Thanks for informing us.....good job D

If Tenboro was the one to re-write the Wikipedia article on the Heartbleed Bug, then it would be a lot more understandable for all those people reading it but are left wondering how it affects them.

[en.wikipedia.org] http://en.wikipedia.org/wiki/Heartbleed_bug

I heard about this on The Verge yesterday. Looks serious