HeartbleedBug in OpenSSL
Heartbleed
is an exploitable bug in the OpenSSL encryption package.
It was discovered independently and nearly simultaneously
by teams at Google Security and at
Codenomicon. It was reported and was
assigned an identifier of CVE-2014-0160. It affects the version of OpenSSL
normally deployed by UNIX distros, and has been present but unrecognized for
over two years. A fix has been prepared and sent out by
all the major distros, and UCLA-Mathnet has installed this fix.
When two computers connect using SSL/TLS encryption, as in the HTTPS web protocol, either partner can send an "are you alive" query (heartbeat) containing identifying information, which the other partner is supposed to return. However, an evil partner can lie about the length of the identifier. OpenSSL failed to notice a length greater than the packet size, and would send material from its own memory following the end of the packet. This would be trash, i.e. recently but no longer used data.
Like any trash, the returned information is sometimes valuable and recognizable, although requiring significant hand labor to turn into a fraudulent business transaction. The Codenomicon team attacked their own servers and recognized their users' login names and passwords, the non-public pages protected by the SSL/TLS connections, and the host key of their own server. Using the host key the attacker could create a webserver that could identify itself as the victim and be believed in. (But additional difficult exploits are needed to get fleeceable sheep to make connections to the fake server.)
Earlier, there were no reports that Heartbleed has been used as part of an actual fraud scheme, either evil clients harvesting secrets from a server, or evil servers snooping on clients. However, the more likely possibility involves a national security context. Update: Ram Sripracha has passed on reports that Black Hats are actively using the Heartbleed exploit.
So what should our users do to respond to Heartbleed?
You should regularly change your password at Mathnet and at banking sites. An early change would not be overreaction. See Mathnet's password page for guidelines for an adequately strong password, and a random password generator. It would be better to change your password after your financial site has applied the patch. Filippo Valsorda has put together a Heartbleed testing tool that you can use to check. Thanks to Yasser Taima for this URL.
Do not respond to the inevitable phishing messages asking you
to mail in your password or to give it at a fraud hosting site.
Some of these messages are cunningly crafted to appear to come from
Mathnet or from your bank's security team, but no legitimate I.T.
professional will ask you for your password. If there's a problem
Mathnet will reset your password, then require you to change it
(to a different, stronger value not known to the hackers) by the
newuser
procedure.
You should keep your software up to date with security patches. The computers maintained by Mathnet have been patched, but Linux and BSD machines at home or in rogue status need to be patched by their owners. Follow your normal security update procedure.
Jelly Beanand earlier are vulnerable. Later Jelly Bean variants and 4.4
KitKathave heartbeats disabled, so are not vulnerable.
Doomsayers are echoing reports that internet security is totally compromised. The Heartbleed bug is an example where a layered response is appropriate. In theory, every secret could be extracted from a victim machine. In practice, the information will be in fragments and not necessarily complete, and a lot of patience and hand labor will be needed to identify and reassemble the secrets, and then to turn them into a successful fraud. Black Hats are using the Heartbleed exploit, but it's not clear how much or on which servers, so a prudent but not panic-stricken response is appropriate, such as changing passwords.
National security targets need to be particularly conscientious when responding to Heartbleed.
Web resources: