Tuesday, April 8, 2014

Heartbleed openSSL Bug recap


last updated: 04/11/2014 23:30 UTC


1) What is it?: http://heartbleed.com

"The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users."

2) Vulnerability: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

3) Security Advisory: https://www.openssl.org/news/secadv_20140407.txt

4) Patch: https://github.com/openssl/openssl/commit/96db9023b881d7cd9f379b0c154650d6c108e9a3

5) PoC exploits:

5.1)
http://www.exploit-db.com/exploits/32745/
http://s3.jspenguin.org/ssltest.py
https://gist.github.com/takeshixx/10107280

5.2) https://raw.githubusercontent.com/HackerFantastic/Public/master/exploits/heartbleed.c

5.3) https://github.com/robertdavidgraham/heartleech

6) Online Tests: (have you wondered what are they doing with the logs? ;)

6.1) http://filippo.io/Heartbleed/
6.2) http://possible.lv/tools/hb/
6.3) https://www.ssllabs.com/ssltest/
6.4) http://heartbleed.criticalwatch.com/
6.5) https://lastpass.com/heartbleed/

7) How bad is this? What the bad guys are doing?

7.1) Bruce Schneier - the crypto and security expert responsible for coining the term Security Theater:  "practice of investing in countermeasures intended to provide the feeling of improved security while doing little or nothing to actually achieve it." - is saying that "Heartbleed is a catastrophic bug in OpenSSL" and that "Catastrophic" is the right word. On the scale of 1 to 10, this is an 11."

7.2) Well, right now many online services offered via HTTPS are not patched yet. So, if you login to Yahoo for example (check yahoo.com:443 in any test above), you can have you information (including user/password) read in plain text by an attacker:


7.3) One can also hijack user sessions exploiting the vulnerability.


7.4) In theory, you can dump the private key from the server, but was not fully demonstrated yet. There is a video showing the beginning of a private key being leaked by the heartbleed attack - but not all of it: https://www.youtube.com/watch?v=4fX-unvgMVU

8) Who / What is vulnerable? 

8.1) 3 days after the official Heartbleed announcement, 78% of the initially vulnerable services are still exploitable: http://istheinternetfixedyet.com/

8.2) More than 600,000 sites are vulnerable: http://blog.erratasec.com/2014/04/600000-servers-vulnerable-to-heartbleed.htm

8.2) Companies are patching the vulnerability, but at least half million sites are vulnerable. (and other services like SSL VPNs, Webmails, etc.)

8.3) List of vendor notifications by The Sans Institute: https://isc.sans.edu/forums/diary/Heartbleed+vendor+notifications/17929

8.4) List of vulnerable Top Alexa 1000 sites (yahoo, imgur, flickr, redtube, archive.org, okcupid,...)https://github.com/musalbas/heartbleed-masstest/blob/master/top1000.txt

8.5)  As expected, there are many mass tests running right nowhttps://zmap.io/heartbleed/ (including a link to the Alexa Top 1 million sites that are vulnerable)

8.6) There is an interesting list of big sites that have patched the Heartbleed bug maintained by @MrCippyhttp://www.cnet.com/how-to/which-sites-have-patched-the-heartbleed-bug/

8.7) The most simple and common attack vector is from a client to a server, but the reverse is also possible. Enter "ReverseHeartBleed":https://reverseheartbleed.com/ Blog post: http://blog.meldium.com/home/2014/4/10/testing-for-reverse-heartbleed

8.8) Routers are also vulnerable, check the list of products affected from Cisco: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed and Juniper: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10623

9) IDS rules to detect the abuse of this vulnerability:

9.1) Snort: http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/
9.2) Suricata: http://blog.inliniac.net/2014/04/08/detecting-openssl-heartbleed-with-suricata/
9.3) As you (should) know, IDS are easily bypassed (check item 5.3 above).
9.4) Bro-IDS is not bypassed by this: https://gist.github.com/sethhall/10436578 - detector: https://github.com/bro/bro/blob/topic/bernhard/heartbeat/scripts/policy/protocols/ssl/heartbleed.bro

10) How to detect successful Heartbleed attacks with tshark (thanks to @netresec): 

tshark -i eth0 -R "ssl.record.content_type eq 24 and not ssl.heartbeat_message.type"

11) Nmap NSE plugin to check for the heartbleed vulnerability: https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse

Usage: $ nmap -p 21,990,1194,443,8443,993,995,465,4430 -sC –script heartbleed.nse 192.168.0.1-255

12) Important: if your servers are vulnerable, you have to patch them now and generate a new private key + certificate AND revoke the old certificate (and replace any other important info that might have been leaked before you patch - even reset user passwords if you are not sure). This was confirmed on 04/11/2014: https://www.cloudflarechallenge.com/heartbleed - credits: @indutny from Russia: https://gist.github.com/indutny/a11c2568533abcf8b9a1 and Ilkka Mattila from Finland CERT).

Happy patching! Detailed steps:

7 steps to stop the Heartbleed SSL/TLS bug (thanks to @datarisk article)
  • Inventory all systems and servers running OpenSSL 1.0.1 and newer
  • Upgrade to OpenSSL 1.0.1g or recompile with -DOPENSSL_NO_HEARTBEATS
  • Revoke compromised keys and reissue new keys from the Certificate Authority
  • Change user passwords and encryption keys
  • All session keys and session cookies must be expired/invalidated
  • All users of systems where SSL is in use must be informed of the potential for compromise
  • Consider implementing perfect forward secrecy to protect against current and future attack
Beyond these technical steps, companies should consider the following best practices:
  • Ensure that remediation efforts are carried out by qualified IT professionals
  • Consider it a project – enforce accountability along with proper planning & documentation
  • Aim for completeness – vulnerable OpenSSL distributions run on at least eight operating systems
  • Take appropriate precautions to avoid business interruptions during the process
  • Have the remediation efforts independently validated and get a written report
13) As I predicted / requested, there's now a Chrome and a Firefox Plugin to detect vulnerable sites:

13.1) Chrome:
https://chrome.google.com/webstore/detail/chromebleed/eeoekjnjgppnaegdjbcafdggilajhpic

13.2) Firefox:
https://addons.mozilla.org/en-US/firefox/addon/foxbleed/

14) Want more information? Here are some good writeups on the Heartbleed bug:

14.1) Technical Writeups:
http://blog.cryptographyengineering.com/2014/04/attack-of-week-openssl-heartbleed.html
http://blog.existentialize.com/diagnosis-of-the-openssl-heartbleed-bug.html

14.2) Technical Video on the High-Level Mechanics of HeartBleed by @elastica:
http://vimeo.com/91425662

14.3) Non-Technical Writeups:
http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/
http://krebsonsecurity.com/2014/04/heartbleed-bug-exposes-passwords-web-site-encryption-keys/

14.4) Easy to understand videos:
by Mashable: https://www.youtube.com/watch?v=8oI_laHhGjE
by @jesperjurcenokshttps://www.youtube.com/watch?v=oZqXt0iddDQ

15) The HeartBleed bug was "discovered" now, but it is more than 2 years old, so.. 



15.1) Were Intelligence Agencies Using Heartbleed in November 2013?
https://www.eff.org/deeplinks/2014/04/wild-heart-were-intelligence-agencies-using-heartbleed-november-2013

15.2) NSA Said to Exploit Heartbleed Bug for Intelligence for Years
http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html

16) Anyway, a lot of people are now testing / scanning / mass scanning the whole internet for the Honeybleed bug. There's now a non-official / funny patch made by @moyix to use if you plan to run a vulnerable openssl honeypot:
http://remember.gtisc.gatech.edu/~brendan/honeybleed.patch



17) Well, if you read all this and are not impressed or worried, see this:



18) Credits: Codenomicon and Google

19) Thanks to @briankrebs, @steveD3, @CSOonline, @NetworkWorld and @ComputerWorld  for linking to this re-cap on their blog posts / articles:


4 comments:

  1. Excellent post. Most updated and complete post currently available on the web. Thanks Sandro!

    ReplyDelete
  2. I add one other information - infographic about Heartbleed from 4 famous password managers - http://blogen.stickypassword.com/all-the-dirt-on-heartbleed-and-how-to-stay-safe/

    ReplyDelete

Labels

forense (50) resposta a incidentes (40) segurança em profundidade (27) vulnerabilidade (26) treinamento (22) cyberwar (18) conferência (16) forense de memória (15) hackers (15) malware (15) blogs (14) vazamento de informações (13) windows (13) china (11) criptografia (11) ddos (11) dns (11) exploit (11) google (11) microsoft (11) ferramenta (10) memoria (10) botnet (9) csirt (9) forense de disco (9) forense de rede (9) ftk (9) legislação (9) phishing (9) 0-day (8) NIST (8) accessdata (8) encase (8) evento (8) linux (8) negação de serviço (8) netwitness (8) sans (8) volatility (8) cert.br (7) correlacionamento (7) desafios (7) ferramentas (7) forense corporativa (7) kaspersky (7) livros (7) pageviews (7) pci (7) twitter (7) usa (7) APURA (6) Guidance Software (6) espionagem industrial (6) governo (6) iccyber (6) internet explorer (6) metasploit (6) monitoração (6) privacidade (6) techbiz (6) 0day (5) CDCiber (5) blackhat (5) brasil (5) dlp (5) falha (5) fbi (5) ids (5) inteligencia (5) memoryze (5) modelagem de ameaças (5) métricas (5) patch (5) pdf (5) policia federal (5) python (5) registry (5) richard bejtlich (5) rsa (5) segurança de rede (5) siem (5) skype (5) CyberCrime (4) Enscript (4) algoritmo (4) android (4) anti-forense (4) anti-virus (4) arcsight (4) auditoria (4) backtrack (4) campus party (4) ccc (4) certificação digital (4) ciberespionagem (4) defacement (4) estatísticas (4) firefox (4) fud (4) mandiant (4) md5 (4) nsa (4) online (4) pentest (4) programação (4) safe browsing (4) sandbox (4) slowloris (4) ssl (4) storm worm (4) stuxnet (4) trojan (4) wikileaks (4) windows7 (4) .gov (3) adobe reader (3) ameaça (3) backdoor (3) blackberry (3) ceic (3) chrome (3) ciberguerra (3) cloud (3) conscientização (3) crackers (3) cymru (3) dan geer (3) defesa (3) drive-by (3) engenharia social (3) enisa (3) evidence (3) exploit kit (3) fast flux (3) forense digital (3) gsi (3) hardware (3) htcia (3) https (3) imperva (3) intel (3) ips (3) java (3) live cd (3) logs (3) man in the middle (3) networkminer (3) perícia digital (3) processo (3) ransomware (3) registro (3) reportagem (3) revista (3) risco (3) secunia (3) segurança (3) shell (3) shodan (3) sox (3) sql injection (3) truecrypt (3) verizon (3) virus (3) vista (3) voip (3) .mil (2) BSIMM (2) Encase Enterprise (2) JDFSL (2) TPM (2) Virustotal (2) XSS (2) aduc (2) amazon (2) apache (2) apple (2) autenticação (2) bloqueador de escrita (2) breno silva (2) bruce schneier (2) bundestrojaner (2) cache poisoning (2) caine (2) carders (2) carnegie mellon (2) carolina dieckmann (2) carving (2) censura (2) cipav (2) cofee (2) coldboot (2) comodogate (2) conficker (2) consciência situacional (2) cooperação (2) core (2) cucko´s egg (2) cuda (2) cyberwarfare (2) database security (2) digital intelligence (2) direito digital (2) dnschanger (2) dpf (2) dsic (2) engenharia elétrica (2) engenharia reversa (2) etir (2) expressões regulares (2) f-response (2) finfisher (2) fingerprinting (2) flash (2) fraude (2) ftkimager (2) full disclosure (2) fuzzy (2) gsm (2) hacktivismo (2) hbgary (2) heap spray (2) iOS (2) immunity (2) impacto (2) insecure magazine (2) insiders (2) interceptação (2) iphone (2) irc (2) irã (2) jaquith (2) loic (2) mac (2) mastercard (2) mestrado (2) mobile (2) ms08-067 (2) openioc (2) openssl (2) otan (2) palantir (2) paypal (2) pcap (2) pdgmail (2) portugal (2) presidência (2) prisão (2) proxies (2) ptfinder (2) rbn (2) recompensa (2) recuperação (2) regripper (2) relatório (2) resumo (2) rio de janeiro (2) ross anderson (2) russia (2) securid (2) segurança por obscuridade (2) sift (2) snort (2) snowden (2) sorteio (2) spam (2) spoofing (2) spyeye (2) sql (2) ssd (2) stealth (2) suricata (2) sysinternals (2) tecnologia (2) tools (2) trend micro (2) unb (2) usb (2) virtualização (2) visa (2) vulnerability (2) waf (2) winen (2) wireless (2) worm (2) wpa (2) wpa2 (2) xry (2) zeus (2) .edu (1) .pac (1) 3g (1) ABNT (1) AR-Drone (1) AppleGate (1) Asterisk (1) Audit Viewer (1) BIOS (1) CCDCOE (1) CEF (1) CERT (1) CSI Cyber (1) CarbonBlack (1) Craig Wright (1) DC3 (1) Diginotar (1) Dilma (1) DoD (1) FACE (1) FRED (1) Facebook (1) Fred Cohen (1) GPU (1) Gene Spafford (1) HP (1) ICOFCS (1) ICS (1) IDMEF (1) IJDCF (1) IJDE (1) IJOFCS (1) INFOSEG (1) IODEF (1) IPv6 (1) ISO (1) MAEC (1) MCT (1) MMEF (1) Michael Cloppert (1) Ministério da Defesa (1) Netwtiness (1) OVAL (1) PL84/99 (1) RH2.5 (1) RNP (1) SDDFJ (1) SbSeg (1) Seccubus (1) Stratfor (1) TED (1) TJX (1) Tallinn (1) USCyberPatriot (1) USSTRATCOM (1) VERIS (1) VRT (1) WPS (1) WiPhire (1) Wifi Protected Setup (1) XMLHttpRequest (1) YARA (1) a5/1 (1) a5/3 (1) active defense (1) adeona (1) adhd (1) adobe flash (1) aes (1) afflib (1) akamai (1) alemanha (1) ambev (1) anti-theft (1) antisec (1) anubisnetworks (1) apt (1) apwg (1) aquisição (1) arbor (1) armoring (1) artefatos (1) artillery (1) asprox (1) assinaturas (1) atenção seletiva (1) attack (1) aurora (1) australia (1) autonomous systems (1) avg (1) avi rubin (1) avware (1) awards (1) baixaki (1) bash (1) bbc (1) bear trap (1) belkasoft (1) bgp (1) birthday attack (1) bitlocker (1) black tulip (1) blackhat seo (1) blacklist (1) blind sql injection (1) bluepex (1) bluepill (1) breaking point (1) bug (1) bulk_extractor (1) byod (1) c2c (1) capacidade (1) carbon black (1) careto (1) carnivore (1) cartão de crédito (1) cbs (1) cellebrite (1) celular (1) centera (1) cerberus (1) certificações (1) cheat sheet (1) chip (1) chris paget (1) chromium (1) citrix (1) clean pipe (1) cliff stoll (1) cloudfare (1) cloudflare (1) cloudshield (1) cnasi (1) cnet (1) cnn (1) codenomicon (1) coleta (1) comodo (1) comodobr (1) compliance (1) comsic (1) convenção de budapeste (1) convergence (1) copa do mundo (1) corey johnson (1) cpbr (1) crime na rede (1) crise (1) cristine hoepers (1) cuckoo (1) cyberattack (1) cyberbunker (1) daemonlogger (1) dam (1) dancho danchev (1) darkmarket (1) dcom (1) decaf (1) decaf v2 (1) decloack (1) deepweb (1) defcon (1) deutche telekom (1) dfrws (1) digitask (1) dimmit (1) diário oficial (1) dnsbl (1) dnssec (1) dou (1) downadup (1) drdos (1) drwxr (1) dsd (1) dumpcap (1) dumpit (1) duqu (1) e-evidence (1) ediscovery (1) eff (1) elcomsoft (1) emc (1) emprego (1) energia (1) enigma (1) entrevista (1) escola nacional de defesa cibernetica (1) eset (1) esteganografia (1) estonia (1) etld (1) europa (1) eventos (1) evil maid (1) evilgrade (1) exercito (1) exploit-db (1) exportação (1) extorsão (1) f-secure (1) falso positivo (1) fantastico (1) fatal error (1) fecomercio (1) fernando carbone (1) ff4 (1) finlândia (1) firmware (1) flame (1) flexispy (1) foremost (1) forense de vídeo (1) forensic focus (1) forensic magazine (1) forensics.wiki.br (1) forensicswiki (1) força bruta (1) full disk encryption (1) g1 (1) gauss (1) gcih (1) ghostnet (1) globo (1) gmail (1) gpcode (1) gpl (1) gps (1) grampo (1) guardium (1) guerra (1) guilherme venere (1) hackerazzi (1) hackingteam (1) hakin9 (1) hardening (1) harlan carvey (1) hash (1) helix (1) hitler (1) holanda (1) honeynet (1) honeypot (1) hope (1) hosts (1) hotmail (1) httpry (1) iPhoneTracker (1) idefense (1) ig (1) impressoras (1) india (1) info exame (1) insecure maganize (1) intenção (1) interpol (1) into the boxes (1) investimento (1) ioerror (1) iphone forensics (1) ironport (1) isc2 (1) israel (1) j2ee (1) jacomo dimmit (1) jailbreak (1) javascript (1) jesse kornblum (1) jotti (1) junho 2008 (1) kaminsky (1) kasumi (1) kgb (1) kits (1) klaus steding-jessen (1) kntools (1) kraken (1) langner (1) lime (1) limites (1) lista (1) lm (1) locaweb (1) lockheed martin (1) lynis (1) lógica (1) mac memory reader (1) mac memoryze (1) macosx (1) magic lantern (1) map (1) marcapasso (1) marcelo caiado (1) marcos ferrari (1) mawlare (1) mbr (1) mcafee (1) mcgraw (1) memscript (1) metasploitable (1) mindmap (1) mit (1) mitigação (1) mitm (1) moonsols (1) moxie (1) mrtg (1) ms08-033 (1) nac (1) nessus (1) netcontinuum (1) netflow (1) networking (1) ngrep (1) nit (1) nmap (1) norma (1) norse (1) notebook (1) ntlm (1) ntop (1) ntp (1) nuclear (1) obama (1) oi (1) oisf (1) oiss (1) olimpiadas (1) openbts (1) openvas (1) oportunidade (1) oracle (1) orkut (1) otp (1) owasp (1) packers (1) panda (1) pattern matching (1) payback (1) pcre (1) pedofilia (1) pentesting (1) perforce (1) pericia (1) perl (1) perícia (1) pfsense (1) pgp disk (1) phonecrypt (1) pki (1) ploks (1) poisoning attack (1) policia civil (1) polypack (1) port knocking (1) português (1) post-mortem (1) postgres (1) prefeitura (1) premiação (1) preparação (1) princeton (1) provedores (1) ps3 (1) psn (1) psyb0t (1) pushpin (1) pwn2own (1) pymail (1) quebra de sigilo (1) r2d2 (1) rainbow tables (1) rar (1) realengo (1) reação (1) record (1) referência (1) regex (1) registry viewer (1) regulamentação (1) remnux (1) renato maia (1) renault (1) replay (1) reversing labs (1) roi (1) rootkit (1) router (1) rpc (1) ruby (1) sanitização (1) santoku (1) sc magazine (1) scada (1) scanner (1) scm (1) secerno (1) second life (1) security (1) securityonion (1) senasic (1) sentrigo (1) sep (1) sequestro de dados (1) sha1 (1) shadowserver (1) shmoocon (1) siemens (1) sites (1) skorobogatov (1) slideshare (1) smartcard (1) snapcell (1) software (1) sony (1) sotirov (1) sp (1) spamhaus (1) spidertrap (1) squid (1) sri (1) ssdeep (1) sseguranca (1) sslstrip (1) sting (1) stj (1) street view (1) sucuri (1) superinteressante (1) são paulo (1) t-mobile (1) takedown (1) teamcymru (1) technosecurity (1) telefônica (1) terra (1) terrorismo (1) timeline (1) tizor (1) tls (1) token (1) topcell gsm (1) tresor (1) trustwave (1) tse (1) turquia (1) txtBBSpy (1) umass (1) unix (1) urna eletrônica (1) us-cert (1) usenix (1) userassist (1) vazamentos (1) venda de senhas (1) venere (1) verdasys (1) verisign (1) videntifier (1) visualização (1) visualize (1) vivo (1) vm (1) votação (1) wargaming (1) wasc (1) web 2.0 (1) weblabyrinth (1) websense (1) whitelisting (1) whois (1) wigle (1) win32dd (1) winacq (1) windbg (1) windd (1) winifixer (1) wipe (1) wired (1) wireshark (1) wlan (1) wordpress (1) wrf (1) xerxes (1) xp (1) zdi (1) zlob (1)