Critical crypto bug in OpenSSL opens two-thirds of the Web to eavesdropping


Userlevel 7
Badge +52
Researchers have discovered an extremely critical defect in the cryptographic software library an estimated two-thirds of Web servers use to identify themselves to end users and prevent the eavesdropping of passwords, banking credentials, and other sensitive data.

The warning about the bug in OpenSSL coincided with the release of version 1.0.1g of the open-source program, which is the default cryptographic library used in the Apache and nginx Web server applications, as well as a wide variety of operating systems and e-mail and instant-messaging clients. The bug, which has resided in production versions of OpenSSL for more than two years, could make it possible for people to recover the private encryption key at the heart of the digital certificates used to authenticate Internet servers and to encrypt data traveling between them and end users. Attacks leave no traces in server logs, so there's no way of knowing if the bug has been actively exploited. Still, the risk is extraordinary, given the ability to disclose keys, passwords, and other credentials that could be used in future compromises.

"Bugs in single software or library come and go and are fixed by new versions," the researchers who discovered the vulnerability wrote in a blog post published Monday. "However this bug has left a large amount of private keys and other secrets exposed to the Internet. Considering the long exposure, ease of exploitations and attacks leaving no trace this exposure should be taken seriously."
 
Full Article

18 replies

Userlevel 7
Badge +54
By exposing the contents of memory of a Web site's server, the OpenSSL Heartbleed bug lets attackers steal the most sensitive information and impersonate those servers.

A major new vulnerability in OpenSSL, the open-source software package widely used to encrypt Web communications, means that computer attackers could get access not just to people's private data but to a server's digital keys used to encrypt past and future communications.
 
Full Article
Userlevel 7
Badge +54
Administrators are advised to patch and revoke old private keys

Computer security experts are advising administrators to patch a severe flaw in a software library used by millions of websites to encrypt sensitive communications.

The flaw, nicknamed "Heartbleed," is contained in several versions of OpenSSL, a cryptographic library that enables SSL (Secure Sockets Layer) or TLS (Transport Security Layer) encryption. Most websites use either SSL or TLS, which is indicated in browsers with a padlock symbol.
 
The vulnerable versions of OpenSSL are 1.0.1 through 1.0.1f with two exceptions: OpenSSL 1.0.0 branch and 0.9.8, according to a special website set up by researchers who found the problem.

The flaw, which was introduced in December 2011, has been fixed in OpenSSL 1.0.1g, which was released on Monday.
 
Full Article
Userlevel 7
Badge +3
      Researchers have uncovered an extremely critical vulnerability in recent versions of OpenSSL, a technology that allows millions of Web sites to encrypt communications with visitors. Complicating matters further is the release of a simple exploit that can be used to steal usernames and passwords from vulnerable sites, as well as private keys that sites use to encrypt and decrypt sensitive data.
 ‘Heartbleed’ Bug Exposes Passwords, Web Site Encryption Keys — Krebs on Security
Userlevel 7

Heartbleed security patches coming fast and furious

 
Summary: Fixes for the highly dangerous OpenSSL Heartbleed security hole are arriving now. Update your servers ASAP.
 
By Steven J. Vaughan-Nichols for Networking | April 8, 2014 -- 19:02 GMT (20:02 BST)
 
Make no mistake about it. The OpenSSL Heartbleed security hole is as serious for Internet security as a stage four cancer diagnosis would be for you. Worse still, OpenSSL 1.01 —  the one production version affected — had been shipping since March 12, 2012. That meant tens of millions of Web sites had been potentially vulnerable to attacks via this hole. Fortunately, OpenSSL repaired this with the release of OpenSSL 1.01g on April 7.
 
How bad is this bug? Popular sites such as Yahoo, Imgur, and OKCupid have all been hit by it. Since OpenSSL is the default secure-socket layer/Transport Layer Security (SSL/TLS) for the Apache and NGINX Web servers, some estimates claim that as many as two-thirds of all "secured" Web sites are vulnerable to Heartbleed.
 
Worse still, proof-of-concept scripts are now available for script-kiddies to try to attack secure Web sites. Is your Website vulnerable to such assault? You can check your site with the Heartbleed test.
 
 
Full Article
 
At least the forces of good are starting to marshall to the cause...Hurrah!
Userlevel 7
Badge +3
         
Heartbleed Detection Update | Qualys Technology | Qualys Community
 
 
Admins: why not review config standards as you fix Heartbleed? - F-Secure Weblog : News from the Lab
As you have to update your SSL anyway, why not make sure your configuration is up to modern standards?

There has been plenty of noise about Heartbleed, so if you're an admin, you already know what to do.

1. Find everything you have using vulnerable versions of OpenSSL
2. Update to the latest OpenSSL version
3. Create new private keys and SSL certificates as the old ones may have leaked
4. Revoke old certificates

But since you have to touch your server configuration and create new SSL certificates, we would recommend that you also go through certificate generation settings and server configuration. Heartbleed is not the only problem in SSL/TLS implementations, a poorly chosen protocol or weak cipher can be just as dangerous as the Heartbleed bug.
 
 
 
 
Userlevel 7
Badge +3
 
The bad news is that about 600,000 servers are still vulnerable to attacks exploiting the bug. The worse news is that malicious “bot” software may have been attacking servers with the vulnerability for some time—in at least one case, traces of the attack have been found in audit logs dating back to last November. Attacks based on the exploit could date back even further.
Security expert Bruce Schneier calls Heartbleed a catastrophic vulnerability. "On the scale of 1 to 10, this is an 11," he said in a blog post today. The bug affects how OpenSSL, the most widely used cryptographic library for Apache and nginx Web servers, handles a service of Transport Layer Security called Heartbeat—an extension added to TLS in 2012.
 Heartbleed vulnerability may have been exploited months before patch [Updated] | Ars Technica
Userlevel 7
It seems as if  are Heartbleed bug updates by the hour. Here are two other interesting recent stories about the most talked about security topic of the week.
 
1. According to a CNNMoney report, Cisco and Juniper are saying that Heartbleed doesn't only affect websites, but has also affected about 24  networking devices including routers, servers, phones, and others. You can read that article here. Here is a snippet from the story:
"But fixing the bug on those devices won't be easy. Cisco and Juniper can't just press a button and immediately replace the vulnerable software running on the machines. The onus is on each person or company using those devices. And that's were the problem lies."



(Source: CNNMoney)
 
2. On the other hand, The Verge is reporting that, according to content distribution network Cloudfare, the previous thought that Heartbleed exploiters would have access to the private SSL keys may not actually be the case. Apparently, researchers at Cloudfare have been trying to to do so for two weeks, but have not been succesful.
"If it is possible, it is at a minimum very hard," researcher Nick Sullivan writes. "And we have reason to believe...that it may in fact be impossible." If true, it makes Heartbleed much less dangerous than many had feared, offering a saving grace for compromised sites."



(Source: The Verge)
Userlevel 7
Thanks, Yegor
 
That is really interesting information...worrying...but really good to know/understand.
 
Cheers
 
 
 
Baldrick
Userlevel 7
Badge +54
Thank you Yegor. That was a great article ending with a glimmer of hope.
Userlevel 7
Badge +3
   
Because of the global password reset pandemic, lots of Naked Security readers have asked, "Wouldn't 2FA have helped?"
2FA is short for Two Factor Authentication; we write about it and promote it a lot.
 
 “Heartbleed” – would 2FA have helped? | Naked Security
Userlevel 7
Most probably would have helped but 2FA is not that easy to implement and not that many users would be prepared to use it for everything given that it makes the process of signing in more arduous.
 
Hence why in my opinion 2FA would have helped but not  been the solution.
 
Baldrick
Userlevel 7
Badge +3
 By Zack Whittaker for Zero Day
 
Summary: In admitting it didn't know about a massive security flaw in one of the Web's most used encryption libraries, the NSA inadvertently revealed a massive institutional failure.
 
 How the NSA shot itself in the foot by denying prior knowledge of Heartbleed vulnerability | ZDNet
 
Userlevel 7
Badge +56
They just found another OpenSSL vulnerability:
http://www.reddit.com/r/sysadmin/comments/22ztxx/another_openssl_vulnerability/
Userlevel 7
Badge +56
And the Canadian Revenue Agency says that 900 social insurance numbers were stolen via Heartbleed:
http://www.theregister.co.uk/2014/04/14/heartbleed_draws_blood_at_canadian_revenue/
Userlevel 7
Badge +3
By Yan Zhu
It's worth emphasizing that some important services that users access everyday were affected by Heartbleed, including Yahoo Mail and LastPass. We weren't immune either, since most EFF servers were running vulnerable versions of OpenSSL. Even the private identity keys used by Tor Hidden Services may have been compromised, potentially putting some journalist organizations' communication with anonymous sources at risk.
Luckily, there's one important mitigation that could actually protect some users from the worst-case scenario: perfect forward secrecy. If a server was configured to support forward secrecy, then a compromise of its private key can't be used to decrypt past communications. In other words, if someone leaks or steals a copy of EFF's private SSL key today, any traffic sent to EFF's website in the past since EFF started supporting forward secrecy is still safe.
 
 Why the Web Needs Perfect Forward Secrecy More Than Ever | Electronic Frontier Foundation
Can you provide some guidance on how to do the following you posted in your message:
 
1. Find everything you have using vulnerable versions of OpenSSL
2. Update to the latest OpenSSL version
3. Create new private keys and SSL certificates as the old ones may have leaked
4. Revoke old certificates
 
Thanks for your help
 
CMC
Userlevel 7
The following is a update on OpenSSL risk
 

"Quote" Popular HTTPS sites still vulnerable to OpenSSL connection hijacking attack
By Lucian Constantin | IDG News Service / June 16, 2014
 


Some of the Internet's most visited websites that encrypt data with the SSL protocol are still susceptible to a recently announced vulnerability that could allow attackers to intercept and decrypt connections.
On June 5, developers of the widely used OpenSSL crypto library released emergency security patches to address several vulnerabilities, including one tracked as CVE-2014-0224 that could allow attackers to spy on encrypted connections if certain conditions are met.
 
InforWorld/ full read here/ http://www.infoworld.com/d/security/popular-https-sites-still-vulnerable-openssl-connection-hijacking-attack-244388
Userlevel 7
The following article is a update on OpenSSLbug
 
{'I don't want to go on the cart' ... OpenSSL revived with survival roadmap}
 
By/By Neil McAllister, 1 Jul 2014
 
The OpenSSL project, having suffered sharp criticism following the revelation of a string of serious security vulnerabilities, has published a roadmap explaining how it plans to address users' concerns.
"The OpenSSL project is increasingly perceived as slow-moving and insular," the intro to the document states. "This roadmap will attempt to address this by setting out some objectives for improvement, along with defined timescales."
 The document begins by identifying a number of known issues with the project, including problems both with processes and with the code itself.
 
The Register/ Full Read Here/ http://www.theregister.co.uk/2014/07/01/openssl_roadmap/

Reply