Web security disasters from NSA to Heartbleed

News on the problems on Internet security have been very frequent during last 12 months, and there does not seem to be any stop on news on Internet security problems.

The news started with NSA relevations that showed ho much NSA spied on the Internet users and how it has weakened the technologies used to project the user data in Internet. Keeping Your Data Private From the NSA was proven to be quite hard. The biggest NSA details have much been revealed, and you can find them at The NSA Archive. Edward Snowden exposed the NSA’s widespread efforts to eavesdrop on the internet, encryption was the one thing that gave us comfort. Snowden also warned that crypto systems aren’t always properly implemented.

The follow-up was a massive series of hits on the SSL security. SSL stands for Secure Sockets Layer, and it’s what helps ensure secure communication between your browser and your favorite web site. TLS, or Transport Layer Security, is a more recent protocol that does essentially the same. Hypertext Transfer Protocol Secure (HTTPS) is a communications protocol for secure communication over a computer network. HTTPS is the result of simply layering the Hypertext Transfer Protocol (HTTP) on top of the SSL/TLS protocol, thus adding the security capabilities of SSL/TLS to standard HTTP communications. This is the technology that keeps the Internet communications safe and allows us to access Internet services safely (for example to read your web mail, do credit card payments on web shops and do your on-line banking).

First in this series as was Apple’s epic security flaw in it’s SSL implementation. In February 2014 a mysterious, urgent update began pouring out to iOS devices. From there, the news just got worse. It wasn’t just an iOS bug, but a problem in Apple’s Secure Transport platform, present in OS X 10.9 for desktop and reaching back to iOS 6 on mobile. The vulnerability extended to every application built on Apple’s SSL library and was had gone unnoticed for 18 months. It was a SSL encryption issue that leaves iPhone, iPad and Mac computer users open to a man-in-the-middle (MITM) attack. A man-in-the-middle attack seamlessly intercepts communication between yourself and your intended recipient or website (the one who listens to traffic can read unencrypted user passwords). The security issue was bad and scary, but it now fixed. The actual problem was a pretty small programming error in the Apple SSL/TLS library file called sslKeyExchange.c in version 55741 of the source code. The problem was named “goto fail“.

This was unfortunately only a start, and the thing started getting to much worse direction in April. Not Just Apple: GnuTLS Bug Means Security Flaw For Major Linux Distros articled told that a major security bug faces Linux users, akin to the one recently found in Apple’s iOS (and which Apple has since fixed). This GnuTLS bug is worse than the big Apple “goto fail” bug because hundreds of open source packages, including the Red Hat, Ubuntu, and Debian distributions of Linux, are susceptible to attacks. The bug in the GnuTLS library makes it trivial for attackers to bypass secure sockets layer (SSL) and Transport Layer Security (TLS) protections available on websites that depend on the open source package.


As if that was not enough, then comes the Attack of the week: OpenSSL Heartbleed. Heartbleed Is the Ultimate Web Nightmare that I would have not wanted to see. Security expert Bruce Schneier says “‘catastrophic’ is the right word. On the scale of 1 to 10, this is an 11.” That’s about right. This was a very severe two-year-old security hole right in the core of the Internet security.

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This can compromises the secret keys used to identify the service providers, which allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users. Basically, an attacker can grab 64K of memory from a server. The attack leaves normally no trace, and can be done multiple times to grab a different random 64K of memory. Exploitation of this bug leaves no traces of anything abnormal happening to the logs.

You might ask what versions of OpenSSL are affected? OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable. The newest version OpenSSL 1.0.1g is NOT vulnerable. Old OpenSSL versions at OpenSSL 1.0.0 branch and OpenSSL 0.9.8 branch are NOT vulnerable. While Heartbleed only affects OpenSSL’s 1.0.1 and the 1.0.2-beta release, 1.01 is already broadly deployed.Top ten biz software vendors reveal Heartbleed exposure, and so have also many smaller ones. Check the software you use against vulnerable software list.

The flaw was released as zero-day bug for what there was not fix at the moment the details were released. There are views that it have been known to black hats before its public discovery and disclosure. The bug was found some time ago independently by Finnish security testing company Codenomicon and Google researcher Neel Mehta. Some operating system, security companies and OpenSSL developers were already at work at delivering the patched versions.  CloudFlare, a Web security company, revealed in a blog posting details about the security hole and that they’ve fixed the bug a bit too early before fixes were ready for broad deployment.

How am I affected as an end user? You are likely to be affected either directly or indirectly. OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet. Most notable software using OpenSSL are the open source web servers like Apache and nginx,which have a combined market share of over 66% of the active sites on the Internet that use HTTPS. Half a million sites were vulnerable. Situation changes as sites get fixed. Here are some vulnerable site lists:  The Heartbleed Hit List: The Passwords You Need to Change Right Now, Heartbleed bug: Check which sites have been patched and Heartbleed Alexa top 10000.

Furthermore OpenSSL is used to protect for example email servers, chat servers, virtual private networks (SSL VPNs), network appliances and wide variety of client side software. OpenSSL is also included in Android, the number one smart phone operating system (over 79% market share). Heartbleed Bug hits at heart of many Cisco, Juniper products. While most attention surrounding OpenSSL’s Heartbleed vulnerability has been given to the server side, the SANS Institute has reminded the world that the client side is also vulnerable and writing code to exploit vulnerabilities in clients is not going to be that difficult as the details are out on the wild.

Is my mobile affected? Yes. Heartbleed Bug Impacts Mobile Devices. Vulnerable OpenSSL is included in many Android version, but in most Android versions the Heartbeats feature was disabled (so not vulnerable). Depending on the source vulnerable Android  versions are 4.1.1 and 4.2.2 or only 4.1.1. There are also many Android, iOS, and WP8 apps that are affected by Heartbleed.

The Heartbleed bug is affecting routers, too: Cisco Systems and Juniper Networks have announced that the Heartbleed bug has been found in their networking products. This news isn’t too surprising, as any device using OpenSSL is potentially vulnerable. Many routers and other forms of networking equipment use OpenSSL to secure mini web servers to run admin interface, leaving networking equipment vulnerable as a result. Networking Equipment Makers Scramble to Patch Heartbleed:  Networking vendors Cisco, Juniper Networks, F5 Networks and Fortigate have all issued security alerts, disclosing that some of their products are affected by Heartbleed. Cable boxes and home Internet routers are just two of the major classes of devices likely to be affected , and ISPs now have millions of these devices with this bug in them. The same issue likely affects many companies, because plenty of enterprise-grade network hardware and industrial and business automation system also rely on OpenSSL, and those devices are also rarely updated. There are thousands of “shoestring budget” VPN concentrators in smaller businesses that will be vulnerable and probably won’t be updated. On the VPN side also excellent OpenVPN VPN-software is vulnerable if your system has OpenSSL version or your OpenVPN is compiled with vulnerable OpenSSL.

If you administer of any embedded networked device, check your device manufacturer if they have published information on vulnerabilities. To be sure you need to check the OpenSSL version or run vulnerability scanning, but checking these devices for the flaw is a laborious process.  This is why many home automation systems and networking equipment vulnerable to a major encryption flaw are unlikely to be fixed. If you have such devices in use, there is also possibility that your devices are not affected by the bug because they can use old enough OpenSSL version that does not have this bug (OpenSSL versions 0.9.8 and 1.0.0 are very widely used even on quite recent embedded systems).

There has been discussion themed like Has the NSA Been Using the Heartbleed Bug as an Internet Peephole? It is  hard to say for sure if it has been used or not. You can bet that whatever hackers and government agencies have not done this before, they’re doing it now. Security expert  Bruce Schneier says that probability is close to one that every target has had its private keys extracted by multiple intelligence agencies. So far, though, there’s no evidence to suggest this is the case and grabbing the private keys stored on a server’s memory isn’t without problems.

What you can do as an end user? Not very much. The problem is very much on the server end, and the service provider has to fix it first before you can do anything useful as end user. First you wait that your site has been updated (Check which sites have been patched). After the site has been patched, it is a good idea to change the password in case it has leaked. For information on which sited it would be a good idea to change password, check the following lists:  The Heartbleed Hit List: The Passwords You Need to Change Right Now, Heartbleed bug: Check which sites have been patched and Heartbleed Alexa top 10000. Do not log into accounts from afflicted sites until you’re sure the company has patched the problem. Keep a close eye on financial statements for the next few days. Because many of the vulnerable sites were well known web shops and attackers could maybe have accessed a server’s memory for credit card information, so it wouldn’t hurt to be on the lookout for unfamiliar charges on your bank statements.

So not only is every password you’ve used at a vulnerable site at risk — the bigger problem is that although major vendors and websites are scurrying to fix this problem now, smaller apps and sites might take more time. Or worse, they might ignore the problem altogether. Remember that a malicious server could easily send a message to vulnerable software on phones, laptops, PCs, home routers and other devices, and retrieve a 64KB block of sensitive data from the targeted system. Security penetration testers are going to find themselves in work a long time with this.

What if you are are a server operator? Test your own site vulnerability here or using one of these tools (use at your own risk). Run the test only against your own site, because It might be ILLEGAL to run Heartbleed health checks against sites without the site owner permission. Check also the software you use against vulnerable software list. If you have this problem, then what to do? The remedy is unfortunately pretty nasty. Having identified a problem, the first step is to patch OpenSSL to  1.0.1g version. If you can’t update library, you can recompile existing version with the -DOPENSSL_NO_HEARTBEATS option. Sadly, this is only the beginning because  there’s no way to tell whether a server had been exploited because this bug leaves no traces of anything abnormal happening to the logsBruce Schneier advice: After you patch your systems, you have to get a new public/private key pair, update your SSL certificate, and then change every password that could potentially be affected. Have fun. Its a lot of work.

Fortunately IDS/IPS technologies can be used to detect if someone it trying to attack you this way. Although the content of the heartbeat request is encrypted it has its own record type in the protocol, which allows intrusion detection and prevention systems (IDS/IPS) to be trained to detect the use of the heartbeat request. There are now signatures available to detect exploits against Heartbleed, as Dutch security firm Fox-IT points out on its website.

Now the main details of the bug are told. For simple visual explanation of Hearbleed but take look at XKCD Heartbleed Explanation. For more stories on this check out Heartbleed web page and Behind the Scenes: The Crazy 72 Hours Leading Up to the Heartbleed Discovery article.

Deep technical details of the OpenSSL bug

Bug is in the OpenSSL’s implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520). When it is exploited it leads to the leak of memory contents from the server to the client and from the client to the server.  Basically, an attacker can grab 64K of memory from a server. This can happen during connection negotiation, which is why the flaw can be exploited by an unauthenticated attacker. Since this is the same memory space where OpenSSL also stores the server’s private key material, an attacker can potentially obtain (a) long-term server private keys, (b) TLS session keys, (c) confidential data like passwords, (d) session ticket keys. It is very likely that it is possible in at least some cases, but it hasn’t been demonstrated to work all the time.There likely difference on what software is run on server. There is even a Heartbleed Challenge to steal the keys from server running vulnerable OpenSSL version.

The problem in the OpenSSL library is fairly simple: there’s a tiny vulnerability — a simple missing bounds check — in the code that handles TLS ‘heartbeat’ messages. By abusing this mechanism, an attacker can request that a running TLS server hand over a relatively large slice (up to 64KB) of its private memory space. But in this case a this tiny problem cause a massive problem, because the software was very widely used and details if the flaw became available widely before most parties had any possibility to fix the issue. Though security vulnerabilities come and go, this one is deemed catastrophic because it’s at the core of SSL.

Bruce Schneier speculates that someone could have intentionally added the Heartbleed bug to OpenSSL, but it’s more likely the case that it got in there by accident. Man who introduced serious ‘Heartbleed’ security flaw denies he inserted it deliberately. And that is quite believable I think. The original bug was introduced in this Git commit. The bug was quite dull. The fix is equally simple. Just add a bounds check. This has been done in the version 1.0.1g. How did this get through? Coding mistakes happen and they are not often detected on code reviews. It happens all the time no matter if you do open source or commercial software. Very many skilled must have looked at the code (this is very widely used open source software so code so many people must have looked at it more or less) can’t find all the bugs . This was a simple C coding bug, but yet it took more than two years to find. Bug was introduced to OpenSSL in December 2011 (submitted just before midnight on New Years Eve) and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.

The small team of OpenSSL developers have had a pretty amazing record of maintaining the world’s most popular TLS library before this. Maintaining  OpenSSL is a hard job with essentially no pay, so maybe the companies using OpenSSL tool should contribute financially to its development, maintenance, and evaluation to avoid potential future fiasco!  Should there be better bug finding tools or different process? I don’t know the answer to this, but there is no silver bullet to guarantee that this kind of bugs don’t appear in the future here or in some other software. One comment to Attack of the week: OpenSSL Heartbleed article claims hat there seems to be a general problem with open source and crypto: The incentives and rewards for finding and using exploits are much higher than those for finding and publishing exploits. A security researcher revealing bug to developers gets a pat on the shoulder, well done, thanks.

I end my too long security article here…


  1. Tomi Engdahl says:

    NSA Said to Exploit Heartbleed Bug for Intelligence for Years

    The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said.

    “Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before 2014 are wrong,” according to an e-mailed statement from the Office of the Director of National Intelligence.

  2. Tomi Engdahl says:

    Two people independently obtained SSL private keys with Heartbleed exploits, solving CloudFlare’s challenge:

    The Heartbleed Challenge

    We confirmed that both of these individuals have the private key and that it was obtained through Heartbleed exploits.

  3. Tomi Engdahl says:

    Statement on Bloomberg News story that NSA knew about the “Heartbleed bug” flaw and regularly used it to gather critical intelligence

  4. Tomi Engdahl says:

    US government warns of Heartbleed bug danger

    The US government has warned that it believes hackers are trying to make use of the Heartbleed bug.

    The Department of Homeland Security advised the public to change passwords for sites affected by the flaw once they had confirmed they were secure.

    However, an official added that there had not been any reported attacks or malicious incidents.

  5. Tomi Engdahl says:

    Obama Says He May Or May Not Let the NSA Exploit the Next Heartbleed

    “The White House has joined the public debate about Heartbleed. The administration denied any prior knowledge of Heartbleed, and said the NSA should reveal such flaws once discovered”

  6. Tomi Engdahl says:

    Private crypto keys are accessible to Heartbleed hackers, new data shows
    Four people have been able to see server keys and certificates in a test.

  7. Tomi Engdahl says:

    OpenSSL Software Foundation president: we need support from companies and governments for a team of 6+ full-time workers

    Of Money, Responsibility, and Pride

    Fate has made me the “money guy” for OpenSSL so I’m going to talk about that for a bit.

    As has been well reported in the news of late, the OpenSSL Software Foundation (OSF) is a legal entity created to hustle money in support of OpenSSL. By “hustle” I mean exactly that: raising revenue by any and all means[1]. OSF typically receives about US$2000 a year in outright donations and sells commercial software support contracts[2] and does both hourly rate and fixed price “work-for-hire” consulting as shown on the OSF web site. The media have noted that in the five years since it was created OSF has never taken in over $1 million in gross revenues annually.

    Thanks to that publicity there has been an outpouring of grassroots support from the OpenSSL user community, roughly two hundred donations this past wee

    Lacking any other significant source of revenue, we get most of ours the hard way: we earn it via commercial “work-for-hire” contracts[7]. The customer wants something related to OpenSSL, realizes that the people who wrote it are highly qualified to do it, and hires one or more of us to make it happen. For the OpenSSL team members not having any other employment or day job such contract work is their only non-trivial source of income.

  8. Tomi Engdahl says:

    Heartbleed exploit, inoculation, both released
    File under ‘this is going to hurt you more than it hurts me’

    As the Heartbleed fallout continues, the good news is that code to protect against similar such attacks has been released. The bad news is that exploit code is also available.

    Let’s start with the latter, released by a chap who took up Cloudlare’s challenge to coders in the hope someone, somewhere, would be able to use Heartbleed to extract a private SSL key from an undefended server it erected.

    Cloudflare says the winner took just nine hours to crack the server and run off with the SSL certificate.

    The availability of that code means world+dog can run it against servers of their choice and see what’s on offer, which is just great.

  9. Tomi Engdahl says:

    AWS Services Updated to Address OpenSSL Vulnerability

    Elastic Load Balancing: We can confirm that all load balancers affected by the issue described in CVE-2014-0160 have now been updated in all Regions. If you are terminating your SSL connections on your Elastic Load Balancer, you are no longer vulnerable to the Heartbleed bug.

    Amazon EC2: Customers using OpenSSL on their own Linux images should update their images in order to protect themselves from the Heartbleed bug described in CVE-2014-0160.

  10. Tomi Engdahl says:

    Akamai admits its OpenSSL patch was faulty, reissues keys
    Researcher Willem Pinckaers found a hole in Akamai’s OpenSSL code tweak, used for a decade, in 15 minutes

    Akamai Technologies, whose network handles up to 30 percent of all Internet traffic, said Sunday a researcher found a fault in custom code that the company thought shielded most of its customers from the Heartbleed bug.

    As a result, Akamai is now reissuing all SSL (Secure Sockets Layer) certificates and security keys used to create encrypted connections between its customer’s websites and visitors to those sites.

    “In short, we had a bug,” wrote Andy Ellis, Akamai’s CTO, in a blog post.

    Akamai’s servers would have been vulnerable to Heartbleed between August 2012 through April 4,

    But Ellis also wrote Akamai customers would have been less vulnerable to an attack using Heartbleed to obtain a private SSL key.

    The reason is that Akamai had added customized code to its OpenSSL deployment about a decade ago that modified how the secret keys used to create an SSL connection were stored.

    Ellis wrote that Akamai’s code did not protect three of six critical values of an RSA key

  11. Tomi Engdahl says:

    How to tell if your Android device is vulnerable to Heartbleed

    Believe it or not, some Android devices are susceptible to the Heartbleed bug. Here’s what you need to know.

    The Heartbleed bug just doesn’t quit. When Google announced it had patched its key services, it also mentioned Android was largely unaffected, with one (big) exception — devices running Android 4.1.1.

    The good news is Google has already sent a patch to its Android partners. The bad news? Now we have to wait for those partners to implement it, followed by carriers testing and pushing out the update.

    n the meantime, to verify if your Android device is at risk, security company Lookout has released a free app. The app, called Heartbleed Detector

  12. Tomi Engdahl says:

    Heartbleed Detector
    Lookout Mobile Security
    - 9. huhtikuuta 2014

    The Lookout Heartbleed Detector can be used to determine whether or not your Android device is vulnerable to the Heartbleed bug in OpenSSL. This app works by determining what version of OpenSSL your device is using. If your device is using one of the affected versions of OpenSSL, we then check to see if the specific vulnerable feature called heartbeats is enabled.

    This app is not meant to fix this vulnerability, as this will need to be patched by Google or your device manufacturer

  13. Tomi Engdahl says:

    Finnish security company F-secure is using Heartbleed in the news as way to market their
    F-Secure KEY poduct:

  14. Tomi Engdahl says:

    Heartbleed bug responsible for theft of 900 Canadian tax ID numbers

    Canada’s taxpayers may be the first victims of the Heartbleed bug that put the web on high alert last week. According to the Canada Revenue Agency, 900 social insurance numbers (SINs) were stolen by hackers exploiting the security vulnerability. Even on a small scale, the breach is tantamount to identity theft, and is a situation the CRA had worked hard to avoid.

  15. Tomi Engdahl says:

    Millions of Android Devices Vulnerable to Heartbleed Bug

    Millions of smartphones and tablets running Google Inc. (GOOG)’s Android operating system have the Heartbleed software bug

    While Google said in a blog post on April 9 that all versions of Android are immune to the flaw, it added that the “limited exception” was one version dubbed 4.1.1,

    Security researchers said that version of Android is still used in millions of smartphones and tablets

    “One of the major issues with Android is the update cycle is really long,”

    Christopher Katsaros, a spokesman for Mountain View, California-based Google, confirmed there are millions of Android 4.1.1 devices

    More than 80 percent of people running Android 4.1.1 who have shared data with mobile security firm Lookout Inc. are affected

    Broad Fallout

    The reach of the vulnerability continues to widen as Cisco Systems Inc. (CSCO) and Juniper Networks Inc. (JNPR) said earlier this week that some of their networking-gear products are affected and will be patched. The Canadian government has ordered websites operated by the federal government that use the vulnerable version of OpenSSL to be taken offline until they can be fixed.

  16. Tomi Engdahl says:

    Heartbleed Hackers Steal Encryption Keys in Threat Test

    The crown jewel of secure websites is a single string of data – a very long jumble of letters and numbers and symbols that looks like gibberish. The Heartbleed bug allows hackers to crack it.

    At least six people were able to extract the private key of a website in a test of the bug’s viability organized by CloudFlare Inc., said Nick Sullivan, a security architect with the Internet security company. The results suggest hackers have stolen encryption keys using the bug and are planning attacks, he said.

    Since its discovery, there has been much discussion about how the flaw could have gone undetected for so long and whether criminal hackers or government intelligence units might have exploited it.

    “I had no expectation of obtaining the key, because it doesn’t seem feasible at that time,” Indutny wrote in an e-mail. “Successfully extracting it was a big surprise for me!”

    Attackers could go after more than just encryption keys.

    There was a silver lining: security professionals contacted Loman for advice on how to exploit the bug on websites used by criminals.

  17. Tomi Engdahl says:

    Heartbleed Causing More Heartburn for OpenSSL & Site Owners

    It took less than three hours for Moscow-based Node.js programmer Fedor Indutny to extract the private key, using an @node.js script, which he used to send 2.5 million queries in the hope one would come back with the key.

    It took the second winner, Ilkka Mattila, at NCSC-FI, nine hours and 100,000 requests. There were two more winners by the end of Saturday, April 12. By the end of the day, anyone clicking on the URL for Heartbleed Challenge, which CloudFlare put up to host the project, got a response saying the server’s X.509 certificate had been revoked and its identity could no longer be confirmed.

  18. Tomi Engdahl says:

    Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
    Natter-board tells middle-class Britain to purée its passwords

    Twee UK parenting website Mumsnet is the second high-profile organisation to claim it has fallen victim to the infamous Heartbleed OpenSSL vulnerability.

    Hackers boasted they accessed Mumsnet users’ data via the password-leaking bug – which is present in HTTPS servers and other services and software running a OpenSSL 1.0.1 to 1.0.1f

    The website’s founder Justine Roberts told the BBC that she only realised a breach had taken place on Friday after her own username and password were used to post an online message.

    The outcome is, in any case the same: 1.5 million Mumsnet user passwords are being reset.

    “As many have speculated, this is a very dangerous vulnerability in a widely deployed SSL implementation and when a hacker steals the organisation’s private key, this type of infiltration is not easily detected.”

  19. Tomi Engdahl says:

    Heartbleed disclosure timeline: who knew what and when

    Ever since the “Heartbleed” flaw in encryption protocol OpenSSL was made public on April 7 in the US there have been various questions about who knew what and when.

    Fairfax Media has spoken to various people and groups involved and has compiled the below timeline.

    Friday, March 21 or before: Neel Mehta of Google Security discovers Heartbleed vulnerability.

    Friday, March 21 10.23: Bodo Moeller and Adam Langley of Google commit a patch for the flaw

    Monday, March 31 or before: Someone tells content distribution network CloudFlare about Heartbleed and they patch against it.

    Tuesday, April 1: Google Security notifies OpenSSL about the flaw it has found in OpenSSL, which later becomes known as “Heartbleed”

    Wednesday, April 2 ~23:30 – Finnish IT security testing firm Codenomicon separately discovers the same bug

    Thursday, April 3 04.30 – Codenomicon notifies the National Cyber Security Centre Finland

    Friday, April 4 – Content distribution network Akamai patches its servers.

    Friday, April 4 – Rumours begin to swirl in open source community about a bug existing in OpenSSL

    Saturday, April 5 15:13 – Codenomicon purchases the Heartbleed.com domain name

    Sunday, Apr 6 ~22:56 – Mark Cox of OpenSSL
    notifies Linux distribution Red Hat about the Heartbleed bug and authorises them to share details

    Monday, April 7 09:53 – A fix for the OpenSSL Heartbleed bug is committed to OpenSSL’s Git repository (at this point private).

    Monday, April 7 10:49 – OpenSSL issues a Heartbleed advisory via its mailing list.

    Monday, April 7 11:00 – CloudFlare posts a blog entry about the bug.

    Monday, April 7 12:23 – CloudFlare tweets about its blog post.

    Who knew of heatbleed prior to release? Google (March 21 or prior), CloudFlare (March 31 or prior), OpenSSL (April 1), Codenomicon (April 3), National Cyber Security Centre Finland (April 4), Akamai (April 4 or earlier) and Facebook (no date given)

    Who didn’t know until public release? Many

  20. Tomi Engdahl says:

    Vicious Heartbleed bug bites millions of Android phones, other devices
    Not the exclusive province of servers, Heartbleed can hack end users too.

    The catastrophic Heartbleed security bug that has already bitten Yahoo Mail, the Canada Revenue Agency, and other public websites also poses a formidable threat to end-user applications and devices, including millions of Android handsets, security researchers warned.

    The good news, according to researchers at security firm Symantec, is that major browsers don’t rely on the OpenSSL cryptographic library to implement HTTPS cryptographic protections. That means people using a PC to browse websites should be immune to attacks that allow malicious servers to extract data from an end user’s computer memory. Users of smartphones, and possibly those using routers and “Internet of things” appliances, aren’t necessarily as safe.

    “If you have a vulnerable device and there’s no fix available for you, I would be very cautious about using that device for sensitive data,” he told Ars. “So I would be cautious about using it for banking or sending personal messages.”

    Rogers said the most likely scenario for an attacker exploiting a vulnerable Android device is to lure the user to a booby-trapped website that contains a cross-site request forgery or similar exploit that loads banking sites or other sensitive online services in a separate tab.

    “That risk is sufficiently high as to say that you should be careful if your device is vulnerable.”

  21. Tomi Engdahl says:

    OpenSSL CVE-2014-0160 Heartbleed bug and Red Hat Enterprise Linux

  22. Tomi Engdahl says:

    How Does Heartbleed Alter the ‘Open Source Is Safer’ Discussion?

    ” ‘given enough eyeballs, all bugs are shallow.’ Many users of proprietary software, tired of FOSS’s continual claims of superior security, welcome the idea that Heartbleed has punctured FOSS’s pretensions. But is that what has happened?”

  23. Tomi Engdahl says:

    Does Heartbleed Disprove ‘Open Source is Safer’?

    An open community is supposed to make software development safer – or at least open source adherents have always claimed so.

    As security expert Bruce Schneier wrote, “‘Catastrophic’ is the right word. On the scale of 1 to 10, this is an 11.”

    Or, as Eric Raymond famously said, “given enough eyeballs, all bugs are shallow.”

    Yet, somehow, Heartbleed appears to have existed for over two years before being discovered. It may even have been used by American security agencies in their surveillance of the public.

    At first glance, Raymond’s statement seems to survive any challenge from Heartbleed. Unproved or not, the statement is conditional; it is only true if enough eyes are constantly on the code. However, as the idea is examined, the flaws and unstated assumptions start to reveal themselves.

    Robin Seggelmann, the OpenSSL developer who claims responsibility for Heartbleed, says that both he and a reviewer missed the bug. He concludes that more reviewers are needed to avoid a repetition of the incident — that there were not enough eyes in this case.

    Raadt notes that malloc, a memory allocation library, was long ago patched to prevent Heartbleed-type exploitations. However, at the same time, OpenSSL added “a wrapper around malloc & free so that the library will cache memory on its own, and not free it to the protective malloc” — all in the name of improving performance on some systems.

    In other words, the potential for a bug was detected and patched, but was by-passed by an engineering decision that favored efficiency over security.

    Assuming that de Raadt is right, then one take-away for FOSS is that all the eyes in the world cannot be counted on to catch basic design problems.

    Redemption by Response

    None of these comments are meant to suggest that the entire FOSS development model requires revision. If Heartbleed challenges Raymond’s statement about enough eyes, the response to Heartbleed more than justifies it.

    Knowledge of Heartbleed was apparently concealed for several weeks, but once it was announced, FOSS-based projects and sites quickly publicized it. A few hours more, and it was being patched.

  24. Tomi Engdahl says:

    Heartbleed Bug Hacker Charged by RCMP

    Ottawa – April 16, 2014 – The RCMP’s National Division Integrated Technological Crime Unit (ITCU) has charged a 19 year old London, Ontario man in relation to the malicious breach of taxpayer data from the Canada Revenue Agency (CRA) website.

    It is believed that Solis-Reyes was able to extract private information held by the CRA by exploiting the security vulnerability known as the Heartbleed Bug.

  25. Tomi Engdahl says:

    Statement by the Commissioner of the Canada Revenue Agency on the Heartbleed bug

    After learning that the Canada Revenue Agency (CRA) systems were vulnerable to the Heartbleed bug, the CRA acted quickly to protect taxpayer information by removing public access to its online services on April 8, 2014.

    Since then, the CRA worked around the clock to implement a “patch” for the bug, vigorously test all systems to ensure they were safe and secure, and re-launch our online services late yesterday.

    Regrettably, the CRA has been notified by the Government of Canada’s lead security agencies of a malicious breach of taxpayer data that occurred over a six-hour period. Based on our analysis to date, Social Insurance Numbers (SIN) of approximately 900 taxpayers were removed from CRA systems by someone exploiting the Heartbleed vulnerability.

    The CRA is one of many organizations that was vulnerable to Heartbleed, despite our robust controls.

  26. Tomi Engdahl says:

    Heartbleed shrinks Tor by an eighth
    And that’s before they look at all the nodes and what version of OpenSSL they’re running

    Tor, the sometimes-controversial internet-traffic-anonymising service, is bleeding thanks to Heartbleed.

    “we’ll lose about 12% of the exit capacity and 12% of the guard capacity.”

    The reason for the degradation is that some Tor nodes are running compromised versions of OpenSSL.

  27. Tomi Engdahl says:

    Google Services Updated to Address OpenSSL CVE-2014-0160 (the Heartbleed bug)
    Wednesday, April 9, 2014 9:58 AM

    All versions of Android are immune to CVE-2014-0160 (with the limited exception of Android 4.1.1; patching information for Android 4.1.1 is being distributed to Android partners).

    Apr 14: In light of new research on extracting keys using the Heartbleed bug, we are recommending that Google Compute Engine (GCE) customers create new keys for any affected SSL services.

  28. Tomi Engdahl says:

    Heartbleed Bug—Mobile Apps are Affected Too

    The severity of the Heartbleed bug has led countless websites and servers scrambling to address the issue. And with good reason

    All the extended coverage of the flaw begs the question, “Are mobile devices affected by this?” The short answer: yes.

    Mobile apps, like it or not, are just as vulnerable to the Heartbleed Bug as websites are because apps often connect to servers and web services to complete various functions. As our previous blog entry has shown, a sizable number of domains are affected by this vulnerability.

    Suppose you’re just about to pay for an in-app purchase, and to do so you need to input your credit card details. You do so, and the mobile app finishes the transaction for you.

    Suppose you decide to do so, and tap ‘OK’. Chances are your app will open the website on their own, through their own in-app browser, and have you log into the social network there.

    We scanned around 390,000 apps from Google Play, and found around 1,300 apps connected to vulnerable servers. Among them are 15 bank-related apps, 39 online payment-related, and 10 are online shopping related. We also found several popular apps that many users would use on a daily basis, like instant messaging apps, health care apps, keyboard input apps–and most concerning, even mobile payment apps.

  29. Tomi Engdahl says:

    These Android, iOS, and WP8 apps are affected by the Heartbleed Bug (updated)
    Read more: http://www.digitaltrends.com/mobile/heartbleed-bug-apps-affected-list/#ixzz2z7uXcSls

  30. Tomi Engdahl says:

    Confirmed: Nasty Heartbleed bug exposes OpenVPN private keys, too
    Until you get a new key, consider your OpenSSL-powered VPN network compromised.

    Private encryption keys have been successfully extracted multiple times from a virtual private network server running the widely used OpenVPN application with a vulnerable version of OpenSSL, adding yet more urgency to the call for operators to fully protect their systems against the catastrophic Heartbleed bug.

    Developers who maintain the open source OpenVPN package previously warned that private keys underpinning VPN sessions were vulnerable to Heartbleed. But until Wednesday, there was no public confirmation such a devastating theft was feasible in real-world settings

  31. Tomi Engdahl says:


    Heartbleed: 95% of detection tools ‘flawed’, claim researchers
    Free web tools and not picking up the vulnerability, leaving consumer data exposed

    Some tools designed to detect the Heartbleed vulnerability are flawed and won’t detect the problem on affected websites, a cybersecurity consultancy has warned.

    A deluge of tools then hit the internet promising to help people determine whether the web services they were using or hosting were affected. But 95% of the most popular ones are not reliable, according to London-based security consultancy and penetration testing firm Hut3.
    ‘Absolute panic’

    “A lot of companies out there will be saying they’ve run the free web tool and they’re fine, when they’re not,” Hut3’s Edd Hardy told the Guardian. “There’s absolute panic. We’re getting calls late at night going ‘can you test everything’.”

    Most of the tools checked by Hut3 rely on code designed to highlight the flaw created by developer Jared Stafford, which itself contained problematic bugs, said Hut3 penetration tester Adrian Hayter.

    “The key to success with protection and mitigation of Heartbleed is more haste, less speed – otherwise you may well be sitting in the comfortable haze of a false sense of security. Ignorance isn’t bliss, it’s dangerous.”

  32. Tomi Engdahl says:

    Dumb luck? Coding error made a part of the Android applications immune to Heartbleed

    Some of the Android applications thought to be vulnerable to Heartbleed are actually safe due a coding error. The error relates to the way in which the application native to the openssl library is implemented: there was a linking error that caused the applications to use Android system OpenSSL library instead of the one provided with the application.

    FireEye found numerous vulnerable games and office programs. Almost without exception, the vulnerability was due to the application of its own openssl library, not the Android operating system.

    Scans the context of FireEye also examined 17 applications that claimed the device is looking for Heartbleed vulnerabilities. Of these, only six were correct scanning programs. The rest are either not detected or known vulnerabilities were just scams to the user attempted to impose their ads.

    Source: http://www.tietoviikko.fi/kaikki_uutiset/moukan+tuuria+koodausvirhe+teki+osasta+androidsovelluksia+immuuneja+heartbleedille/a983323

  33. Tomi Engdahl says:

    Password Resets, Credential Compromise, and OpenSSL: Shortening Heartbleed’s Long Tail

    Many systems and environments saw usernames and passwords leaked by the Heartbleed attack. Love ‘em or hate ‘em, we know that users re-use passwords. Unlike major site compromises, password dumps, and public compromise notifications, very few organizations out there know whether or not their systems were hit, or what information was lost.

  34. Tomi Engdahl says:

    Apple splats ‘new’ SSL snooping bug in iOS, OS X – but it’s no Heartbleed
    Triple-handshake flaw stalks Macs and iThings

    Apple has squashed a significant security bug in its SSL engine for iOS and OS X as part of a slew of patches for iThings and Macs.

    The so-called “triple handshake” flaw quietly emerged yesterday amid panic over OpenSSL’s Heartbleed vulnerability, and soon after the embarrassing “goto fail” blunder in iOS and OS X.

    In a ‘triple handshake’ attack, it was possible for an attacker to establish two connections which had the same encryption keys and handshake, insert the attacker’s data in one connection

  35. Tomi Engdahl says:

    OpenSSL Heartbleed bug sniff tools are ‘BUGGY’ – what becomes of the broken hearted?
    Hayter’s gonna hate

    Software that claims to detect the presence of OpenSSL’s Heartbleed bug in servers, PCs and other gear may falsely report a system to be safe when users are actually in danger, according to a security consultancy.

  36. Tomi Engdahl says:


    LibreSSL is a FREE version of the SSL/TLS protocol forked from OpenSSL

    Multi OS support will happen once we have

    Flensed, refactored, rewritten, and fixed enough of the code so we have stable baseline that we trust and can be maintained/improved.
    The right Portability team in place.
    A Stable Commitment of Funding to support an increased development and porting effort.

  37. Tomi Engdahl says:

    Heartbleed-bug is no longer a bad headache in Finland

    Kyberturvallisuuskeskus has studied both domestic and foreign network vulnerability Heartbleed-vulnerability. The data show that 200 Finns most use of this service is no longer among the vulnerability exposed sites.

    Source: http://www.tietokone.fi/artikkeli/uutiset/heartbleed_bugi_ei_enaa_paha_paansarky_suomessa

  38. Tomi Engdahl says:

    Dell, Cisco, Microsoft, Google and friends shower OpenSSL in $$$s to make it all better
    Web, IT goliaths to pour gold into more open-source code

    The Linux Foundation announced on Thursday that it had formed “The Core Infrastructure Initiative” to fund open projects that are critical to the functioning of the internet.

    The goal is to make sure the recent Heartbleed OpenSSL vulnerability and worse omnishambles never happen again. It comes after the chap who accidentally introduced the Heartbleed bug called for more people to work on the OpenSSL code.

    “The Core Infrastructure Initiative is a multi-million dollar project housed at The Linux Foundation to fund open-source projects that are in the critical path for core computing functions,” the Linux Foundation declared.

  39. Tomi Engdahl says:

    The Internet Is Being Protected By Two Guys Named Steve

    The Heartbleed bug put the spotlight on OpenSSL, the security toolkit used by many of the internet’s biggest sites and looked after primarily by two men who’ve never met in person. For the first time, Steve Marquess and Stephen Henson speak about how they became the overworked, underpaid stewards of our online security.

    “The OpenSSL Foundation has some very devoted people,” says Matthew Green, an assistant research professor at Johns Hopkins University and an outspoken critic of OpenSSL. “It just doesn’t have enough of them, and it can’t afford enough of them.”

    The talent pool from which the foundation can draw is shallow to begin with.

    The fact that OpenSSL pays next to nothing constrains things further. Those who do help Henson out often juggle coding with full-time paying jobs elsewhere. Others can’t code for OpenSSL: Their employment contracts prohibit it, so they simply act as advisers.

    As a result, OpenSSL’s code is a slurry of cobbled-together snippets that work — but only just. It’s strewn with developers’ comments to one another, sandwiched between slashes.

    “OpenSSL’s code isn’t clear,” says Kenny Paterson, a professor of information security at Royal Holloway, University of London, who’s been working in cryptography research since 2000. “It’s a rat’s nest, full of stuff that’s been outmoded.”

    This stems in part from how its current funding structure affects its priorities: For now, OpenSSL’s development lives and dies by the OSF’s commercial income, almost all of which comes from putting in new features, rather than maintaining the old. The current setup means, Steve Marquess readily admits, that “the fundamentals of OpenSSL are being neglected. No one is hiring us to maintain the current code base.”

    “Open-source projects are a fascinating phenomenon, and OpenSSL is almost a stereotypical example,” explains Marquess. “A handful of people get together, and they scratch their own itch. They write code because it pleases them. Because it’s open source and people find it useful, they build collaborative community forums where people can exchange ideas.”

    Another major criticism laid against the group’s door is that the code is programmed in C, a programming language that has little to no built-in error checking. Had OpenSSL been coded in a safer language, goes this line of reasoning, the Heartbleed bug would never have occurred.

  40. Tomi Engdahl says:

    On Thursday, April 24, the Linux Foundation announced it was establishing the Core Infrastructure Initiative, a multimillion-dollar project with the backing of big name companies such as Google, IBM, Facebook, and Microsoft, “to fund open source projects that are in the critical path for core computing functions.” $3.9 million will be spent over the next three years, with big companies paying in at least $100,000 into the annual funding pot. First up on the list of core infrastructure that needs improving, its organizers say, is OpenSSL.

    Source: http://www.buzzfeed.com/chrisstokelwalker/the-internet-is-being-protected-by-two-guys-named-st

  41. Tomi Engdahl says:

    It’s Crazy What Can Be Hacked Thanks to Heartbleed

    Western Digital makes a tiny box where you can store all your photos and other digital stuff. It’s called My Cloud, and you’ve probably seen the TV ads hawking the thing. It gives you a way to access your stuff from any machine, across the internet.

    In the ad, while the rest of humanity is camped out atop one big giant cloud, their digital data exposed to prying eyes and sometimes vanishing altogether, one smiling woman sits on her own personal cloud — confident all her data is completely safe. With My Cloud, Western Digital says, you too can have such confidence.

    But My Cloud has a problem that belies this ad campaign. It’s a big problem, and it involves Heartbleed

    But the My Cloud is just one example of an enormous problem that continues to lurk across the net: tens of thousands of devices — including not only My Cloud storage devices but routers, printers storage servers, firewalls, video cameras, and more — remain vulnerable to attack.

    In other words, the Internet of Things needs a patch. “It really is disturbing, the number of devices that are affected by this,” Weaver says.

    On Thursday, researchers at the University of Michigan began a massive internet scan to find how widespread the problem really is. The number of devices still at risk is harrowing: HP printers, Polycom video conferencing systems, WatchGuard firewalls, VMWare systems, and Synology storage servers. Weaver counts tens of thousands of users of the Parallels Plesk Panel web hosting control panel that are vulnerable too — those could become a prime target of hackers looking to take control of websites.

    Although many vulnerable devices such as printers are tucked safe behind corporate firewalls, Nicholas Weaver found vulnerable printers accessible over the internet, including some built by HP. But even three weeks after Heartbleed was first disclosed, HP can’t even say which of its printers have the bug.

    But things could have been much worse. Anything that needs to connect securely over the internet could have a Heartbleed problem. But Weaver and the University of Michigan team found that many devices that used OpenSSL were not vulnerable — either because they used an old version of the software library, or because the buggy OpenSSL feature that contains the flaw wasn’t enabled.

  42. Tomi Engdahl says:

    Hip to Heartbleed: 39% of users took steps to protect themselves

    A Pew Research study also found that 29 percent of Internet users believe their personal information is at risk, while 6 percent of users believe their information was swiped.

  43. Tomi Engdahl says:

    White House
    Heartbleed: Understanding When We Disclose Cyber Vulnerabilities

    When President Truman created the National Security Agency in 1952, its very existence was not publicly disclosed. Earlier this month, the NSA sent out a Tweet making clear that it did not know about the recently discovered vulnerability in OpenSSL known as Heartbleed.

    While we had no prior knowledge of the existence of Heartbleed, this case has re-ignited debate about whether the federal government should ever withhold knowledge of a computer vulnerability from the public. As with so many national security issues, the answer may seem clear to some, but the reality is much more complicated.

    This spring, we re-invigorated our efforts to implement existing policy with respect to disclosing vulnerabilities

    Building up a huge stockpile of undisclosed vulnerabilities while leaving the Internet vulnerable and the American people unprotected would not be in our national security interest. But that is not the same as arguing that we should completely forgo this tool as a way to conduct intelligence collection, and better protect our country in the long-run. Weighing these tradeoffs is not easy

    Enabling transparency about the intersection between cybersecurity and intelligence and providing the public with enough information is complicated.

  44. Tomi Engdahl says:

    OpenSSH No Longer Has To Depend On OpenSSL

    “OpenSSH now finally has a compile-time option to no longer depend on OpenSSL. `make OPENSSL=no` has now been introduced for a reduced configuration OpenSSH to be built without OpenSSL, which would leave you with no legacy SSH-1 baggage at all, and on the SSH-2 front with only AES-CTR and chacha20+poly1305 ciphers, ECDH/curve25519 key exchange and Ed25519 public keys.”

  45. Tomi Engdahl says:

    New secure OS will put Tails between NSA’s legs
    Debian-derived OS funnels everything through Tor and HTTPS

    Secure Linux distribution Tails has reached the milestone of a version 1.0 release, after its developers crushed a laundry list of bugs.

    The Debian-based operating system is a “live OS” – it boots from removable media rather than a hard disk. It also funnels all data through Tor and uses a smattering of cryptography and anonymising tools to help users circumvent censorship and lock out snoops and spooks. For example, Tails encrypts storage devices using the Linux Unified Key Setup, uses the HTTPS Everywhere tool to encrypt web traffic, and locks down emails with OpenPGP and protects instant messages with Off The Record.

    Tor is a significant irritant to law enforcement authorities: US agencies have labelled it “the King of high secure, low latency Internet Anonymity” and suggested it has no likely heir.

  46. Tomi Engdahl says:

    Serious security flaw in OAuth, OpenID discovered

    Following in the steps of the OpenSSL vulnerability Heartbleed, another major flaw has been found in popular open-source security software. This time, the holes have been found in the log-in tools OAuth and OpenID, used by many websites and tech titans including Google, Facebook, Microsoft, and LinkedIn, among others.

    Attackers can use the “Covert Redirect” vulnerability in both open-source log-in systems to steal your data and redirect you to unsafe sites.

    If a user chooses to authorize the log in, personal data (depending on what is being asked for) will be released to the attacker instead of to the legitimate website. This can range from email addresses, birth dates, contact lists, and possibly even control of the account.

    Beware of links that ask you to log in through Facebook. The OAuth 2.0 and OpenID modules are vulnerable.


Leave a Comment

Your email address will not be published. Required fields are marked *