Heartbleed and OpenSSL

Post #388,309 by folkert 4/8/14 10:09:41 AM Reply	Heartbleed and OpenSSL Hey yall... It is a serious thing. Make sure you are NOT using vulnerable versions. Basically it is an extension (Heartbeat) for reducing traffic on busy sites, by allowing SSL Session keep-alive... Lo and Behold, PCI compliance recommended way back when we setup the WAFs... to disabled Heartbeat, as they wanted renegotiation to happen every time if a session expired or was close to expiring. One of the few times I'm happy about PCI compliance. -- greg@gregfolkert.net "No snowflake in an avalanche ever feels responsible." --Stanislaw Jerzy Lec
Post #388,321 by pwhysall 4/8/14 5:52:36 PM Reply	Re: Heartbleed and OpenSSL https://github.com/m...aster/top1000.txt Check that list. Change your password if you have an account on a vulnerable host.
Post #388,344 by Another Scott 4/9/14 8:24:36 AM Reply	#1353 http://xkcd.com/1353/ Cheers, Scott.
Post #388,347 by mmoffitt 4/9/14 8:43:36 AM Reply	:0)
Post #388,354 by drook 4/9/14 11:12:36 AM Reply	Well dammit -- Drew
Post #388,389 by scoenye 4/9/14 6:42:50 PM Reply	It is even more fun than that This works both ways. A malicious server can extract the memory of any client using vulnerable OpenSSL versions. How long before all those will be patched, especially the statically linked stuff?... https://tools.ietf.o...ml/rfc6520#page-5 Each endpoint sends HeartbeatRequest messages at a rate and with the padding required for the particular use case. The endpoint should not expect its peer to send HeartbeatRequests. The directions are independent.
Post #388,395 by folkert 4/10/14 1:53:52 AM Reply	Look for "pacemaker" as related to heartbleed... Oh yeah, this is going to be fun. -- greg@gregfolkert.net "No snowflake in an avalanche ever feels responsible." --Stanislaw Jerzy Lec
Post #388,393 by folkert 4/10/14 1:47:49 AM Reply	Amazing... I don't have any accounts on any of the Vulnerable websites. I guess being apathetic to most of them is a good thing. -- greg@gregfolkert.net "No snowflake in an avalanche ever feels responsible." --Stanislaw Jerzy Lec
Post #388,381 by Ashton 4/9/14 4:50:04 PM Reply	It now has its own website.. http://heartbleed.com/ Salon has a take: http://www.salon.com...about_heartbleed/ There are many reasons to be concerned about ÂHeartbleed,Â the catastrophic vulnerability in the InternetÂs most popular security technology that was disclosed on Tuesday. For one thing, itÂs not even clear what we, as individuals, should be doing about it. At the Atlantic, James Fallows is strongly urging that we change our passwords to our most crucial online services right now. But other experts are advising that we should wait a day or two, until potentially compromised sites have upgraded their software. Otherwise, weÂll just be handing a new password over to an already-busted security system. ThatÂs nerve-wracking, but not quite as anxiety inducing as the speculation floated by Bruce Schneier, a longtime security analyst with impeccable credentials. At this point, the odds are close to one that every target has had its private keys extracted by multiple intelligence agencies. The real question is whether or not someone deliberately inserted this bug into OpenSSL, and has had two years of unfettered access to everything. My guess is accident, but I have no proof. By Âodds are close to oneÂ Schneier means that the likelihood that the Heartbleed bug has already been exploited by everyone from the NSA to to the PeopleÂs Liberation Army is close to 100 percent. But even more distressing is the notion that this might not have been an accident. [. . .] As does Guardian: http://www.theguardi...usands-of-servers Etc. ie WHAT "MISSING AIRPLANE" ??? when... We gots a NEW mystery (of similar signal/noise) wrapped in a cynical matrix of OBVIOUS 'interested Parties', Comrade.. KGB/China/NSANSA/and others too-numerous. Worst Case??? Hell Youse Guys are s'posed to do gedanken What-Ifs -??- in fucking Boolean Space, Aint'cha?
Post #388,386 by drook 4/9/14 5:01:17 PM Reply	Most damning point IMO If the PCI guys were against it just for the high-level design, an implementation bug is the least of our worries. But it makes our site faster ... -- Drew
Post #388,394 by folkert 4/10/14 1:52:43 AM Reply	Yes... this. ^^^ -- greg@gregfolkert.net "No snowflake in an avalanche ever feels responsible." --Stanislaw Jerzy Lec
Post #388,475 by drook 4/11/14 1:32:12 PM 4/11/14 1:34:52 PM Reply	XKCD is cool today http://xkcd.com/1354/ I'm sure this is more obvious in retrospect than it was when writing the code, but that seems like a really rookie mistake. -- Drew Edited by drook April 11, 2014, 01:34:52 PM EDT Expand All History
Post #388,476 by crazy 4/11/14 1:50:42 PM Reply	wow Best explanation of a security hole I ever saw.
Post #388,488 by Another Scott 4/11/14 9:31:33 PM Reply	SJMN: White House and NSA deny they knew about it. http://www.mercuryne...ation-report-says Bloomberg cited two unnamed "people familiar with the matter" as sources for its report, which said the NSA discovered the Heartbleed flaw shortly after it was accidentally created in 2012 by a programmer who was making adjustments in OpenSSL. After that, Bloomberg said, the bug "became a basic part of the agency's tool kit for stealing account passwords" and other information, while most Internet users and security experts remained unaware of the flaw. Bloomberg said the NSA declined comment before the story came out. That quickly changed. "NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private-sector cybersecurity report. Reports that say otherwise are wrong," said agency spokeswoman Vanee Vines in a statement after Bloomberg released its story. In a separate statement, the office of White House intelligence director James Clapper said: "If the federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community" of private and academic security researchers who are responsible for the OpenSSL encryption program. FWIW. Cheers, Scott.
Post #388,540 by pwhysall 4/14/14 7:29:44 AM Reply	Re: SJMN: White House and NSA deny they knew about it. As I wrote elsewhere: I find it inconceivable, given the potential for exploitation in the event of a vulnerability, that, in the secret underground lair of the evil hackers, an excruciatingly comprehensive pen test isn't conducted on every published version of OpenSSL. And by "comprehensive" I mean "every possible client/server message is tested for buffer overflows, for starters". The NSA didn't know anything about it? Yeah, right. In fact, I reckon they probably found the flaw in the at-the-time-new Heartbeat feature within days if not hours of it being committed to version control. And Clapper spoke, so we know he was lying. Y'know. He's got a "tell". His lips move.
Post #388,545 by Another Scott 4/14/14 8:04:31 AM Reply	I find this comment at Wonkette plausible. http://wonkette.com/...DComment816885653 szielins 1 day ago Heartbleed was too weak an exploit for NSA to BOTHER to keep to itself. It's impossible to target against an individual, difficult to get anything out of in the first place, and at ~100K - 2.6M requests per private SSL key retrieved (against NGINX on Linux), the attempt to exploit it would stand out like a sore thumb. More importantly, as of 2008, NSA had a laundry list of exploits that don't have these flaws-- and there's no reason to believe they haven't added to the list since. For NSA, going public with Heartbleed would have been a fine propaganda move to make them look more like white hats, while reducing the effectiveness of their surveillance efforts not at all. Cites to Bruce Schneier, who combines knowing what he's talking about with being a good explainer: Heartbleed's low exploitability demonstrated: More on Heartbleed. NSA had lots of good exploits, and is likely to have better now: Postmortem: NSA Exploits of the Day. Someone at the NSA may have known about it, but they may not have been in a position to do anything about it. Or they may have known about it and decided to let sleeping dogs lie. Who knows. We all know there are likely similar coding errors out there... The NSA isn't all powerful. They have limited time and resources, too. I've been wondering why the IETF or similar group hasn't been more involved in this - e.g. http://www.ietf.org/...asive-monitoring/ FWIW. Cheers, Scott.
Post #388,546 by Another Scott 4/14/14 8:56:04 AM Reply	Note the followup if you use Chrome. http://wonkette.com/...DComment817171897 (Tangentially related: I just found out Chrome, by default, doesn't handle certificate revocations correctly. Anyone using Chrome: if you haven't already, go into the advanced preferences and tick "Check for server certificate revocation". See Certificate Revocation and Heartbleed for more information.) <sigh> Cheers, Scott.
Post #388,549 by a6l6e6x 4/14/14 12:18:46 PM Reply	So Google doesn't understand the implications of... its own discovery? Sigh, indeed. Alex ÂThere is a cult of ignorance in the United States, and there has always been. The strain of anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that "my ignorance is just as good as your knowledge.Â -- Isaac Asimov
Post #388,592 by scoenye 4/15/14 6:44:12 PM Reply	Deliberately turned off as of 2012 https://www.imperial...2/05/crlsets.html AFAIK, Firefox does not check anymore either. The basic problem is that current infrastructure can't handle the volume to respond in a timely fashion, but there are other problems as well. Some alternatives are being batted around, but so far, they're also full of holes.
Post #388,595 by Another Scott 4/15/14 7:19:35 PM Reply	I wonder if "Lifelock" is getting a spike in business... :-(
Post #388,559 by Ashton 4/14/14 8:18:39 PM Reply	Hola Peter.. Query: [First, OT] Some recent fodder on that old bugaboo, about which we civilly-agreed to disagree: Cell-fones (for just one EMI example) and looong-term discernible(?) Effects: http://catalog.seven...u-can-do-about-it (Haven't vetted this screed for n second-opinions, yet.) On THIS topic: Appreciating (as I do) your apparent knack for sanely distilling these various Ooops-grade Gotchas, as they occur: My 'comprehension' of this one can only be shallow, as the code deals with instantaneous hand-shakes which Need to be machine-language coded for that speed (I presume) --and doubtless truth-tables were Supposed-to cover All eventualities at-all possible. Ever. And here: they didn't. But from snippets everywhere, what I naturally wonder is: for those of you who've been immersed, in a variety of gigs, with many bizness-levels of IT competence, from ugly --> Clever Lads: Is the whole worldwide IT infrastructure actually riddled with comparable-scale oversights? (???) (ie Many such: merely not-yet Noticed (also Reported.) I mean: is everyone just crossing-fingers daily?) Thus, are we ripe--when full-cyberwarfare Does Happen: for something like full-Chaos, ensuing within hours or a few days after ... the first massive International root-kits are lobbed? Maybe it's too early to make such a guesstimate? But it sure looks scary to us neophytes at the peripheries. Instant-blackout could do.. [Nobody could possibly predict-What, with any credibility.] (Even I could list 100 crucial/Critical matters rendered inoperable. Deaths would ensue. 'Hardened'/Military agencies would be in unprecedented Control. Cats/Dogs! would be harmed.) Just askin.. we're all becoming inured to regularly-impending Apocalypse, anyway; Right?
Post #388,569 by pwhysall 4/15/14 3:42:33 AM Reply	Re: Hola Peter.. Query: First: EMI hazards - no change, when there's any credible research that draws any significant conclusions regarding the risk of phones to health (and the experimental cohort is now literally billions of people for literally decades; if there were a signal in that noise, someone would have noticed by now - it's not as if they haven't been looking). Bloke with drum to beat and axe to grind writes book. Not a new story. Anyhoo. I don't think that the worldwide IT infrastructure is riddled with problems like Heartbleed, although I'd bet a pint that it's not the last dreadful bug of its kind, due to the lack of actual "engineering" that goes into most software "engineering" (seriously, writing this stuff in C is like a builder making your house out of bricks and girders he made himself in his back yard). I think it's naïve to think that these bugs are unknown to the big intelligence agencies or the black hat community, despite the protestations of the former. If I were a black hat and I had a sploit that could extract server private keys without leaving a trace, I'd be using it in a way that wouldn't attract attention (i.e. I wouldn't just hook up the biggerest and fasterest computer I had and all-but-DDOS the server, I'd make one 64KB request every other second or something, and let it run for a week, possibly coming from random IP addresses) like a BOSS. I would then use the spoils of my efforts to extort moolah from the kinds of people who absolutely positively cannot afford any publicity (+ve or -ve) on the subject of security. The spooks, of course, would use the spoils of their efforts to read ASCott's email, and lie about doing so.
Post #388,570 by Another Scott 4/15/14 8:27:48 AM Reply	hehe.
Post #388,571 by drook 4/15/14 8:37:53 AM Reply	No they wouldn't ... they've got Policies -- Drew
Post #388,542 by pwhysall 4/14/14 7:36:53 AM Reply	And it's exactly as bad as stated. CloudFlare have challenged people to extract their private keys. Mission accomplished, by two people: http://www.engadget....dflare-challenge/ OK, so this was a stupid buffer overflow. But wait! There's more! The OpenSSL software actually and intentionally circumvents the system malloc, that, in the case of OpenBSD at least, would have prevented this flaw from being the giant clusterfuck it actually is: Reddit: http://www.reddit.co...ploit_mitigation/ The inimitable Theo on the openbsd.misc list on Gmane: http://article.gmane...enbsd.misc/211963 Analysis of what's wrong (answer: everything) with OpenSSL's memory allocator: http://www.tedunangs...sl-freelist-reuse Article describing the general utter shittiness of OpenSSL's code: https://www.peereboo...html/openssl.html
Post #388,550 by a6l6e6x 4/14/14 12:33:20 PM Reply	Damn! So, it wasn't the A Team assigned to develop and maintain critical infrastructure that is SSL. Alex ÂThere is a cult of ignorance in the United States, and there has always been. The strain of anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that "my ignorance is just as good as your knowledge.Â -- Isaac Asimov
Post #388,599 by static 4/15/14 10:32:00 PM Reply	Irony. That last site has a self-signed certificate. Wade. Just Add Story http://justaddstory.wordpress.com/
Post #388,593 by scoenye 4/15/14 7:05:35 PM Reply	Possible nasty side effect on Debian if OpenSWAN is used Installing the Heartbleed fix (openssl 1.0.1e-2+deb7u6) on a box that uses openswan 1:2.6.37-3+deb7u1 breaks all tunnels. Openswan +deb7u1 version is a security update released in 2013. Falling back to the vanilla Wheezy version allows the tunnels to be reestablished (if you can live with the vulnerability +deb7u1 patched.) I have not been able to get to the very bottom yet. It is possible something in the IPSec config no longer pass muster, or that another update is playing into this. The only visible symptom is that both ends suddenly reject each others certificates with an INVALID_ID_INFORMATION error.

Welcome to IWETHEY!