Heart Bleed

download Heart Bleed

of 37

  • date post

    26-Sep-2015
  • Category

    Documents

  • view

    215
  • download

    1

Embed Size (px)

description

Heart Bleed

Transcript of Heart Bleed

  • Brought to you by

    SANS Live Online Training

    www.sans.org/vlive www.sans.org/simulcast

    Welcome to

    OpenSSL "Heartbleed" Vulnerability

    by Jake Williams

    Live Online Classrooms Attend a Live SANS Event from Home

  • HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

    HeartBleed what you need to know (round 2)

    Jake Williams

    @MalwareJake

  • HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

    HeartBleed TL;DR Edition

    Massive SSL bug impacts Internet

    You should change your passwords unless you KNOW the site in question was not vulnerable

    Even if you change your passwords, you should work with your business partners to ensure that vulnerable servers had certificates reissued

    Otherwise youre not much more secure

  • HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

    Heartbeats

    SSL heartbeats are defined in RFC6520

    Used for keep alive messages without the need for renegotiating the SSL session

    Also used for path MTU discovery

    Heartbeat messages can be sent without authenticating with the server

  • HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

    HeartBleed What is it?

    CVE-2014-0160 describes a flaw the heartbeat extension to the SSL protocol

    The OpenSSL code accepts a user supplied length value for memory to read without proper validation

    Never trust user supplied input

    Bug was introduced in March 2012

    OpenSSL 1.0.1

    Good news: OpenSSL 1.0.0 is NOT vulnerable!

  • HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

    HeartBleed What is it? (2)

    Attackers can dump up to 64k of memory near the SSL heartbeat on the impacted machine

    Luck of the draw as to what you get

    Attack can be repeated many times to obtain different 64k memory allocations

    64k is a lot of memory to leak!

    Patched in OpenSSL 1.0.1g

  • HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

    Whats in a memory disclosure bug?

    Private keys (cryptographic keys)

    Data otherwise encrypted by SSL

    Usernames and passwords

    Session identifiers

    Your private data

    Pointers to programming structures

    May be used to defeat other exploit protections, making some other bugs exploitable

  • HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

    HeartBleed Visual

    SSL v3 Record

    Length (4 bytes)

    Attacker Sends HeartBeat Message

    Type (1 byte)

    Heartbeat Message

    Length (2 bytes)

    Message Data

    (variable bytes)

    Oh noes! The attacker controls both of these length fields!

    SSL v3 Record

    Length = 4

    HeartBeat Message

    HB_REQUEST

    Heartbeat Message

    Length = 65535

    Message Data

    1 random byte

  • HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

    HeartBleed Visual (2)

    Victim Replies SSL v3 Record

    Length = 65535

    HeartBeat Message

    HB_RESPONSE

    Heartbeat Message

    Length = 65535

    Message Data

    1 random byte

    Almost 64k (-1 byte) of extra memory allocated to the server process

    Memory contains ????? Could include private SSL keys, usernames, passwords, or other sensitive data.

  • HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

    Memory Disclosure!

    This should be a secret!

  • HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

    Are attacks logged?

    In short, no there is no logging of a successful attack beyond normal SSL connection

    Nginx patches are available to log that an attack was attempted

    https://gist.github.com/kmosher/10313697

  • HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

    What should vendors do?

    If not vulnerable

    Communicate this (prominently) to customers

    If ever vulnerable

    Communicate this (prominently) to customers

    Revoke possibly (probably) compromised certs

    Issue new server SSL certs

    Change assumed secret data the customer cant

    Force change of passwords for customers

  • HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

    What should you do?

    Coordinate with vendors to identify vulnerable software/devices and get patches installed

    Coordinate with IT to get new certs for VPN client software

    Change passwords for anything you need to keep secret

    Monitor carefully for signs of identity theft

  • HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

    No web server, so Im safe, right?

    Not at all!

    Your data is protected by server certificates, which may have already been leaked

    Attackers who compromise a servers private key may decrypt previously recorded traffic

    An attacker with compromised server certificates can perform a MiTM attack

  • HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

    Client Side Attacks

    Full list of vulnerable clients not yet known

    If an attacker can direct traffic to an SSL server they control, they could read memory from the client process

    No public proof of concept code available yet

    Watch for to secure network clients

    Consider restricting use of public wireless unless you know for sure you are not vulnerable

  • HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

    Good news everyone!

    Firefox, Chrome, and MSIE (on Windows) all use the Windows crypto implementation and do not link against OpenSSL

    IIS server is also not vulnerable

  • HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

    Bad news everyone!

    Android is vulnerable

    Not sure what this means for Chrome Books

    Will manufacturers updated older devices?

    Not betting on any support here

    Not sure of the full list of Linux browsers that are vulnerable

  • HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

    (More) Bad news everyone!

    Third party code using Python/Perl/Ruby OpenSSL libraries may still be vulnerable

    Windows programs may have been linked against vulnerable versions of OpenSSL

    Need to work with vendors to confirm vulnerabilities have been patched (or dont exist)

  • HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

    OpenVPN

    Huge numbers of companies use OpenVPN

    Bad news it was vulnerable

    Considering that many employees use it in untrusted environments (public WiFi) DO NOT DELAY updating your client and server software

  • HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

    Finding Vulnerable Sites

    A number of scanners have been used to identify popular vulnerable sites

    Yahoo!, LastPass, OkCupid, and Flickr were all vulnerable for a time

    https://github.com/musalbas/heartbleed-masstest/blob/master/top1000.txt

  • HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

    Finding Vulnerable Sites (2)

    A server at http://filippo.io/Heartbleed/ is set up to check for vulnerable sites

  • HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

    Server Certificates

    Ensure that your browser is set to check for revoked certificates

    Chrome on Windows does not do this by default

    Firefox does

  • HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

    Checking site certificates (FireFox)

  • HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

    Checking site certificates (Safari)

  • HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

    Checking site certificates (MSIE)

  • HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

    Chrome Plugin

    The ChromeBleed plugin shows whether the site you are communicating with is vulnerable

    https://chrome.google.com/webstore/detail/chromebleed/eeoekjnjgppnaegdjbcafdggilajhpic

  • HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

    Forensics Implications

    Suppose your friendly law enforcement captured your SSL encrypted traffic last month

    Or your employer

    Before HeartBleed they couldnt read it

    If the server involved was vulnerable, they may be able to read it today

    If the servers private keys were leaked

  • HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

    Forensics Implications (2)

    Currently no central site for compromised certs

    Expecting to see these popping up in the underground

    Hard to believe that this wasnt found by a nation state earlier

    Reminded of parallel construction and DEA manual

    Can old (previously vulnerable) SSL certs be subpoenaed today by LE? Obtained otherwise?

    IANAL ask someone who is

  • HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

    Deploying Cloud Servers?

    Check that the baseline image has been updated to the newest OpenSSL

    Good advice for software in general anyway

    Many Amazon images are already updated

    Others were not at the time of this presentation

  • HeartBleed Wh