dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
8867

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC

siljaline to Zoder

Premium Member

to Zoder

Re: Heartbleed - zero day critical bug in OpenSSL

SANS handler Heartbleed notes -
»isc.sans.edu/diary/Heart ··· ns/17929
Fickey
Terrorists target your backbone
join:2004-05-31

Fickey to Mele20

Member

to Mele20
said by Mele20:

...Anyone know what version of Firefox first supported TLS 1.2? I was surprised to see that my Fx 24.4 ESR does NOT even support TLS 1.1 much less 1.2!...

said by therube:

(SeaMonkey 2.24) Enabled support for TLS 1.2 (RFC 5246) by default (bug 861266)

So that would be FF27.

Apparently FF24 does support TLS 1.2, but you've got to configure it yourself. I've got FF24 ESR passing the test here:
»www.howsmyssl.com/
I accomplished this using the link & directions below. The author seems to say even FF26 doesn't support TLS1.2, then that FF26 is the min required for TLS1.2, but I think it's just poorly written & he's referring to the defaults & that he's using FF26:
»blog.dbrgn.ch/2014/1/8/i ··· ecurity/
Also, read the caveats below, there is (was?) a bug where FF wouldn't fall back to an earlier protocol, which could cause the connection to fail:
»kb.mozillazine.org/Secur ··· ersion.*

Link Logger
MVM
join:2001-03-29
Calgary, AB

2 recommendations

Link Logger to Zoder

MVM

to Zoder
The next person who uses the phrase "many eyes make for shallow bugs" gets to buy drinks for everyone affected by the #OpenSSL bug.

The vulnerability has existed since December 31, 2011, how long its been exploited, well is anyone's guess given the nature of how this exploit works, but the cat is out of the bag now. Bruce Schneier said "Catastrophic" is the right word. On the scale of 1 to 10, this is an 11 »www.schneier.com/blog/ar ··· eed.html

I'm thinking no one is going to get out of this unscathed as most notable software using OpenSSL are the open source web servers like Apache and nginx. The combined market share of just those two out of the active sites on the Internet was over 66% according to Netcraft's April 2014 Web Server Survey, so if you use the internet its likely you have some information out there that you thought was secure, but really wasn't, so heads up kids the fallout from this could last awhile.

Blake
ke4pym
Premium Member
join:2004-07-24
Charlotte, NC

ke4pym to psloss

Premium Member

to psloss
said by psloss:

Agree with the recommendation, disagree on the time-frame. This is already an all-nighter, triage situation -- for the good guys and the bad guys. Hopefully this won't require the same wholesale action by users, but I'm expecting to hear from vendors and providers this week.

Which again, still puts you in the 15 day window. This week is done. I doubt very many vendors will work over the weekend. I'd like to be surprised.

Depending on the company they may relax their change control rules a little. But I doubt that'll happen everywhere. Again, I'd like to be surprised.
OZO
Premium Member
join:2003-01-17

OZO to Zoder

Premium Member

to Zoder
Yet another test: Heartbleed OpenSSL extension testing tool, CVE-2014-0160

kickass69
join:2002-06-03
Lake Hopatcong, NJ

kickass69 to Zoder

Member

to Zoder
OpenVPN 2.3.3 -- released on 2014.04.09 - Change Log: »community.openvpn.net/op ··· penvpn23

This release contains a number of bug fixes, small enhancements and changes aimed at improving long-term compatibility with newer OpenVPN versions. In addition, the Windows installer is bundled with an updated OpenVPN-GUI and more importantly includes OpenSSL 1.0.0g that fixes the very serious heartbleed vulnerability (OpenVPN-specifics here).

All Windows users of OpenVPN 2.3-rc2-I001 through OpenVPN 2.3.2-I003 should upgrade their installations immediately.

»openvpn.net/index.php/op ··· ads.html
ke4pym
Premium Member
join:2004-07-24
Charlotte, NC

ke4pym to Zoder

Premium Member

to Zoder
Also, on the change password thing -

Unless you're replacing your SSL certificates, you should still be considered vulnerable and your keys compromised.

So, how does the average non-technical person know if the site they are going to was vulnerable in the first place or not?

And how would that person know that not only has the site been patched, but the SSL certificate been updated?

This only impacts OpenSSL v1.0.2-beta and less than 1.0.1g. It would be nearly impossible for anyone to know that not only was the site once vulnerable, but that the keys had been replaced.
TheWiseGuy
Dog And Butterfly
MVM
join:2002-07-04
East Stroudsburg, PA

TheWiseGuy

MVM

Wouldn't the site have its old certificate added to a CRL?

The site should also prompt the user to change its password.
MaynardKrebs
We did it. We heaved Steve. Yipee.
Premium Member
join:2009-06-17

MaynardKrebs to Link Logger

Premium Member

to Link Logger
said by Link Logger:

The next person who uses the phrase "many eyes make for shallow bugs" gets to buy drinks for everyone affected by the #OpenSSL bug.

The vulnerability has existed since December 31, 2011, how long its been exploited, well is anyone's guess given the nature of how this exploit works, but the cat is out of the bag now. Bruce Schneier said "Catastrophic" is the right word. On the scale of 1 to 10, this is an 11 »www.schneier.com/blog/ar ··· eed.html

I'm thinking no one is going to get out of this unscathed as most notable software using OpenSSL are the open source web servers like Apache and nginx. The combined market share of just those two out of the active sites on the Internet was over 66% according to Netcraft's April 2014 Web Server Survey, so if you use the internet its likely you have some information out there that you thought was secure, but really wasn't, so heads up kids the fallout from this could last awhile.

Blake

The 5 Eyes intelligence community is probably laughing their collective asses off right now - about how long it took the vaunted open source "the more eyes the better" to find this bug, and how SLOPPY the coding/testing is in open source security products.

At the same time they are probably mourning the passing of this bug.

But then again, the intelligence community will still keep the code that exploits this bug around - because it's bound to resurface in another iteration of the open source code ..... around the time the current crop of greybeards who knew how to code all retire, and all the new kids take over.

{beer for everyone}
ke4pym
Premium Member
join:2004-07-24
Charlotte, NC

ke4pym to TheWiseGuy

Premium Member

to TheWiseGuy
said by TheWiseGuy:

Wouldn't the site have its old certificate added to a CRL?

The site should also prompt the user to change its password.

Only if they revoked it. DSLReports, while patched hasn't (as of this writing) replaced their cert. So, if someone did grab the key, they can still decrypt the traffic.
RonSMeyer
join:2000-05-12
Saint Louis, MO

RonSMeyer to Zoder

Member

to Zoder
Other than change passwords which I am doing, is there anything you can do on your computer to protect yourself against this problem? Would "HTTPS Everywhere" (Firefox extension) have any benefit or is it itself impacted? Does any anti-virus offer any protection?

dib22
join:2002-01-27
Kansas City, MO

dib22

Member

said by RonSMeyer:

Other than change passwords which I am doing, is there anything you can do on your computer to protect yourself against this problem?

As a user that is all you can do, perhaps apply pressure to get sites you frequent to re-generate their SSL certs.
said by RonSMeyer:

Would "HTTPS Everywhere" (Firefox extension) have any benefit or is it itself impacted? Does any anti-virus offer any protection?

Not really, no.
ke4pym
Premium Member
join:2004-07-24
Charlotte, NC

1 recommendation

ke4pym to RonSMeyer

Premium Member

to RonSMeyer
said by RonSMeyer:

Other than change passwords which I am doing, is there anything you can do on your computer to protect yourself against this problem?

Change your password again in 30, 60, 90 and 120 days. Changing your password on a site that hasn't fixed the problem is about as worthless as the hair on my big toe.

justin
..needs sleep
Mod
join:1999-05-28
2031
Billion BiPAC 7800N
Apple AirPort Extreme (2011)

3 edits

2 recommendations

justin to ke4pym

Mod

to ke4pym
I am skeptical on so many levels that it is an issue for 99% of sites.

First, it was discovered by a researcher, not in the cleanup to a break-in.

Second, nobody has demonstrated or hinted that (by combing through log files), it was used. Although a normal log doesn't log the innards of SSL, a lot of big sites use snort or other traffic analysis tools that log traffic and it would be a simple matter to identify huge (64k) chunks being issued repeatedly to an external IP from an SSL protected service as it probed for memory that once contained something.

My opinion: if someone quietly acquired certificates it would be a program the NSA ran or runs, not Joe random hacker.

if a random hacker did know this bug before anyone else he would have kept it under wraps for fear it would immediately be rolled into a tool and thus become visible. He would be using it against bitcoin exchanges or banks, not ssl websites.

I am not going to bother to change my personal passwords that's a measure of how I think this bug impacts the majority of normal people (not people guarding large amounts of other peoples money, state secrets, or those looking to commit terrorism).

I'll be interested to see if anyone caught the fingerprints of it being used in the past.

updated: since it was free, I used the godaddy re-key option to re-key the certificate used by nginx for https service here, it expires at the same time so you'd have to compare the old and new one to see it changed. Also, PFS has been enabled for a long time now.

planet
join:2001-11-05
Oz

planet

Member

Trying to understand this vulnerability. So a hacker steals SSL keys that allow them to log into a secure server and steal some (ram??) memory. The memory that is stolen would need to have secure data stored in real time the hacker is accessing? So, hypothetically, how many passwords, credit card data, etc could be stored in that amount of memory?

dib22
join:2002-01-27
Kansas City, MO

1 edit

dib22

Member

said by planet:

Trying to understand this vulnerability. So a hacker steals SSL keys that allow them to log into a secure server and steal some (ram??) memory. The memory that is stolen would need to have secure data stored in real time the hacker is accessing? So, hypothetically, how many passwords, credit card data, etc could be stored in that amount of memory?

The 'hacker' launches the exploit and gets random chunks of data from the RAM on the server... those random chunks of data could contain usernames, passwords, ssl cert chunks, instant messages, emails, literally anything that landed in that memory space on the server. The memory space is small so they would have to keep exploiting it to get little pieces of the ssl cert over time, until they could eventually gather the entire target.

The people codenomicon (fromt »heartbleed.com/) did tests and found:
quote:
We have tested some of our own services from attacker's perspective. We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication.

Once they have the SSL certs they can then crack any SSL communications using the same certificate.... and if they recorded SSL encrypted communications they can use the SSL certs to decode all that information as well (most sites don't use perfect forward secrecy).

»www.eff.org/deeplinks/20 ··· -secrecy

justin
..needs sleep
Mod
join:1999-05-28
2031
Billion BiPAC 7800N
Apple AirPort Extreme (2011)

justin

Mod

Note that "cracking SSL communication" requires that they tap or own a hop between "user" and "server". Unless you are the NSA, with that fiber splitter in the AT&T data center or at the bottom of an ocean, that means you gotta already be in control of a chunk of ISP infrastructure. Pardon me for being skeptical that this is common for black hat hackers. They worm their way into companies via malware etc, but I think very rarely have the kind of opportunity to sniff traffic that the security industry would have you believe.

Link Logger
MVM
join:2001-03-29
Calgary, AB

Link Logger to Zoder

MVM

to Zoder
I wonder if folks will quit using the open wifi that I kept out there for them to use, got to pay for my summer holidays this year touring around Europe somehow. Dam if this vul wasn't disclosed for another week, I'd been able to afford a luxury apartment in old Paris for a couple of weeks .

Blake

dib22
join:2002-01-27
Kansas City, MO

1 edit

dib22 to justin

Member

to justin
said by justin:

that means you gotta already be in control of a chunk of ISP infrastructure

Or run a wifi hotspot... but I do see your point in that you can do a MitM attack even without the heartbleed if you are in the middle.

justin
..needs sleep
Mod
join:1999-05-28
2031
Billion BiPAC 7800N
Apple AirPort Extreme (2011)

justin

Mod

You can't specifically target someone (user or site) by running a wifi hotspot. All you're doing is going on a random fishing expedition complicated by the need to steal server certificates that belong to the site the random person has decided to visit.

You'd get more, or at least get data more easily, just by setting up a open proxy server on the internet, or combing the unencrypted communication.

dib22
join:2002-01-27
Kansas City, MO

2 edits

dib22

Member

said by justin:

You can't specifically target someone (user or site) by running a wifi hotspot.

I guess we disagree... with a wifi hotspot it would be trivial to target a user (an entire household for example) and a site (only MitM people heading to a specific bank for example).

As for the heartbleed... I fear you over estimate the security on the backbone... ignoring the 3 letter agency guys, I suspect there are a multitude of mirrors and taps along the way that have been there for years.

Now am I freaking out and worried about my data?... not really, but I sure am patching up the systems and regenerating certs. I wont bother changing my passwords until I see the certs update.

Edit: for example I've updated all my yahoo passwords and my dslr one too:


Chubbzie
join:2014-02-11
Greenville, NC
Hitron CDA3
(Software) OpenBSD + pf

Chubbzie to justin

Member

to justin
In the common scenario of a SSL MitM attack that might be true. However also remember there are remote methods of getting the same result. Lets say the attack is launched via your broadcast domain or any of the broadcast domains that interact with your route.

Then on the flipside is impersonation of trusted hosts. Some script kiddie runs a DNS hijack and redirects all traffic to the impersonating site.
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20 to Fickey

Premium Member

to Fickey
Click for full size
Click for full size
said by Fickey:

said by Mele20:

...Anyone know what version of Firefox first supported TLS 1.2? I was surprised to see that my Fx 24.4 ESR does NOT even support TLS 1.1 much less 1.2!...

said by therube:

(SeaMonkey 2.24) Enabled support for TLS 1.2 (RFC 5246) by default (bug 861266)

So that would be FF27.

Apparently FF24 does support TLS 1.2, but you've got to configure it yourself. I've got FF24 ESR passing the test here:
»www.howsmyssl.com/
I accomplished this using the link & directions below. The author seems to say even FF26 doesn't support TLS1.2, then that FF26 is the min required for TLS1.2, but I think it's just poorly written & he's referring to the defaults & that he's using FF26:
»blog.dbrgn.ch/2014/1/8/i ··· ecurity/
Also, read the caveats below, there is (was?) a bug where FF wouldn't fall back to an earlier protocol, which could cause the connection to fail:
»kb.mozillazine.org/Secur ··· ersion.*

Did you also disable the bad cipher suite that the test site you reference says Fx 24 ESR uses? I could not pass the test until I also disabled that one SSL cipher suite.

I tried disabling TLS1.0 (as well as SSL3) and found that I can't connect to ebanking ( cibng.ibanking-services.com) for my local bank. (The screenshot is from SeaMonkey but the same thing happens on Fx if I disable TLS1.0). I get a cannot connect error because the server only uses TLS1.0 and SSL3 and SSL2! Geez...time to complain to my bank I think. I used to get an "A" at Qualys for that server...now it gets a "B" because it only supports older protocols. At least it is not vulnerable to the Heartbleed Attack.
Zoder
join:2002-04-16
Miami, FL

Zoder

Member

Since a Google researcher was one of the discoverers and Google's certificate was issued on March 12 are we to assume it's taken almost a month to develop the patch or was Google not using openssl 1.01 so they had no need to replace their cert?

dib22
join:2002-01-27
Kansas City, MO

dib22

Member

said by Zoder:

Since a Google researcher was one of the discoverers and Google's certificate was issued on March 12 are we to assume it's taken almost a month to develop the patch or was Google not using openssl 1.01 so they had no need to replace their cert?

They say they have patched " Search, Gmail, YouTube, Wallet, Play, Apps, and App Engine ", I suspect they will push out a new cert soon.

»googleonlinesecurity.blo ··· ess.html

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC

1 recommendation

siljaline to Zoder

Premium Member

to Zoder
~ Which sites have patched the Heartbleed bug ~

*Accurate at time of post*

»www.cnet.com/how-to/whic ··· eed-bug/

SixOfNine
Brake In A Ladylike Manner.
Premium Member
join:2001-08-30
Sterling, VA

SixOfNine to ke4pym

Premium Member

to ke4pym
Click for full size
said by ke4pym:

And how would that person know that not only has the site been patched, but the SSL certificate been updated?

With the caveat that Chubbzie See Profile pointed out, that LastPass is only checking for OpenSSL and not verifying use of the heartbeat extension, they have added a cert check to their "security challenge" tool for users.
EdmundGerber
join:2010-01-04

EdmundGerber to Fickey

Member

to Fickey
said by Fickey:

said by Mele20:

...Anyone know what version of Firefox first supported TLS 1.2? I was surprised to see that my Fx 24.4 ESR does NOT even support TLS 1.1 much less 1.2!...

said by therube:

(SeaMonkey 2.24) Enabled support for TLS 1.2 (RFC 5246) by default (bug 861266)

So that would be FF27.

Apparently FF24 does support TLS 1.2, but you've got to configure it yourself. I've got FF24 ESR passing the test here:
»www.howsmyssl.com/
I accomplished this using the link & directions below. The author seems to say even FF26 doesn't support TLS1.2, then that FF26 is the min required for TLS1.2, but I think it's just poorly written & he's referring to the defaults & that he's using FF26:
»blog.dbrgn.ch/2014/1/8/i ··· ecurity/
Also, read the caveats below, there is (was?) a bug where FF wouldn't fall back to an earlier protocol, which could cause the connection to fail:
»kb.mozillazine.org/Secur ··· ersion.*

Thanks for that - my ESR version of Firefox was affected until I implemented those changes. FYI - the latest version of PaleMoon was not affected and was using TLS 1.2 by default.

Steve
I know your IP address

join:2001-03-10
Tustin, CA

Steve to Zoder

to Zoder
The danger is not just getting the SSL keys; it's getting other stuff, such as passwords.

But I don't worry about this, because since I run my webservers in stealth (don't reply to ping), I'm confident the bad guys won't find me

Chubbzie
join:2014-02-11
Greenville, NC
Hitron CDA3
(Software) OpenBSD + pf

Chubbzie

Member

said by Steve:

But I don't worry about this, because since I run my webservers in stealth (don't reply to ping), I'm confident the bad guys won't find me

Lol, if only it was that easy...