Welcome to

OpenSSL "Heartbleed" Vulnerability

by Jake Williams

Brought to you by

SANS Live Online Training

Live Online Classrooms

www.sans.org/vlive

Attend a Live SANS Event from Home

www.sans.org/simulcast

HeartBleed what you

need to know (round 2)
Jake Williams
@MalwareJake

HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

HeartBleed TL;DR Edition

Massive SSL bug impacts Internet
You should change your passwords unless you
KNOW the site in question was not vulnerable
Even if you change your passwords, you
should work with your business partners to
ensure that vulnerable servers had certificates
reissued
Otherwise youre not much more secure
HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

Heartbeats
SSL heartbeats are defined in RFC6520
Used for keep alive messages without the need for
renegotiating the SSL session
Also used for path MTU discovery

Heartbeat messages can be sent without

authenticating with the server

HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

HeartBleed What is it?

CVE-2014-0160 describes a flaw the heartbeat
extension to the SSL protocol
The OpenSSL code accepts a user supplied
length value for memory to read without
proper validation
Never trust user supplied input

Bug was introduced in March 2012

OpenSSL 1.0.1
Good news: OpenSSL 1.0.0 is NOT vulnerable!
HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

HeartBleed What is it? (2)

Attackers can dump up to 64k of memory near
the SSL heartbeat on the impacted machine
Luck of the draw as to what you get

Attack can be repeated many times to obtain

different 64k memory allocations
64k is a lot of memory to leak!

Patched in OpenSSL 1.0.1g

HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

Whats in a memory disclosure bug?

Private keys (cryptographic keys)
Data otherwise encrypted by SSL
Usernames and passwords
Session identifiers
Your private data

Pointers to programming structures

May be used to defeat other exploit protections,
making some other bugs exploitable
HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

HeartBleed Visual
Attacker Sends
SSL v3 Record
Length (4 bytes)

HeartBeat Message Heartbeat Message

Type (1 byte)
Length (2 bytes)

Message Data
(variable bytes)

Oh noes! The attacker

controls both of these
length fields!
SSL v3 Record
Length = 4

HeartBeat Message Heartbeat Message

HB_REQUEST
Length = 65535

Message Data
1 random byte

HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

HeartBleed Visual (2)

Victim Replies
SSL v3 Record
Length = 65535

HeartBeat Message Heartbeat Message

HB_RESPONSE
Length = 65535

Message Data
1 random byte

Almost 64k (-1 byte) of extra memory allocated to the server process

Memory contains ?????

Could include private SSL keys, usernames,
passwords, or other sensitive data.

HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

Memory Disclosure!

This should
be a secret!

HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

Are attacks logged?

In short, no there is no logging of a
successful attack beyond normal SSL
connection
Nginx patches are available to log that an
attack was attempted
https://gist.github.com/kmosher/10313697

HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

What should vendors do?

If not vulnerable
Communicate this (prominently) to customers

If ever vulnerable
Communicate this (prominently) to customers
Revoke possibly (probably) compromised certs
Issue new server SSL certs
Change assumed secret data the customer cant
Force change of passwords for customers
HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

What should you do?

Coordinate with vendors to identify vulnerable
software/devices and get patches installed
Coordinate with IT to get new certs for VPN
client software
Change passwords for anything you need to
keep secret
Monitor carefully for signs of identity theft

HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

No web server, so Im safe, right?

Not at all!
Your data is protected by server certificates,
which may have already been leaked
Attackers who compromise a servers private
key may decrypt previously recorded traffic
An attacker with compromised server
certificates can perform a MiTM attack

HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

Client Side Attacks

Full list of vulnerable clients not yet known
If an attacker can direct traffic to an SSL
server they control, they could read memory
from the client process
No public proof of concept code available yet

Watch for to secure network clients

Consider restricting use of public wireless unless
you know for sure you are not vulnerable
HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

Good news everyone!

Firefox, Chrome, and MSIE (on Windows) all
use the Windows crypto implementation and
do not link against OpenSSL
IIS server is also not vulnerable

HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

Bad news everyone!

Android is vulnerable
Not sure what this means for Chrome Books

Will manufacturers updated older devices?

Not betting on any support here

Not sure of the full list of Linux browsers that

are vulnerable

HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

(More) Bad news everyone!

Third party code using Python/Perl/Ruby
OpenSSL libraries may still be vulnerable
Windows programs may have been linked
against vulnerable versions of OpenSSL
Need to work with vendors to confirm
vulnerabilities have been patched (or dont
exist)

HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

OpenVPN
Huge numbers of companies use OpenVPN
Bad news it was vulnerable

Considering that many employees use it in

untrusted environments (public WiFi) DO NOT
DELAY updating your client and server
software

HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

Finding Vulnerable Sites

A number of scanners have been used to
identify popular vulnerable sites
Yahoo!, LastPass, OkCupid, and Flickr were all
vulnerable for a time
https://github.com/musalbas/heartbleedmasstest/blob/master/top1000.txt

HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

Finding Vulnerable Sites (2)

A server at http://filippo.io/Heartbleed/ is set
up to check for vulnerable sites

HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

Server Certificates
Ensure that your browser is set to check for
revoked certificates
Chrome on Windows does not do this by default
Firefox does

HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

Checking site certificates (FireFox)

HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

Checking site certificates (Safari)

HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

Checking site certificates (MSIE)

HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

Chrome Plugin
The ChromeBleed plugin shows whether the
site you are communicating with is vulnerable

https://chrome.google.com/webstore/detail/chromebl
eed/eeoekjnjgppnaegdjbcafdggilajhpic

HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

Forensics Implications
Suppose your friendly law enforcement
captured your SSL encrypted traffic last month
Or your employer

Before HeartBleed they couldnt read it

If the server involved was vulnerable, they
may be able to read it today
If the servers private keys were leaked

HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

Forensics Implications (2)

Currently no central site for compromised certs
Expecting to see these popping up in the
underground

Hard to believe that this wasnt found by a

nation state earlier
Reminded of parallel construction and DEA manual

Can old (previously vulnerable) SSL certs be

subpoenaed today by LE? Obtained otherwise?
IANAL ask someone who is
HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

Deploying Cloud Servers?

Check that the baseline image has been
updated to the newest OpenSSL
Good advice for software in general anyway

Many Amazon images are already updated

Others were not at the time of this presentation

HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

Finding Vulnerable Software

Probably easier on Linux
Windows software more likely to be linked
with OpenSSL without this being obvious

Uh oh!

HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

Linux Command Line

@jekil posted a neat one-liner on Twitter
grep -l 'libssl.*deleted'
/proc/*/maps | tr -cd 0-9\\n | xargs
-r ps u
Finds running processes that still have old
(deleted) OpenSSL libraries mapped

But what if I havent patched yet?

Um shame on you, go patch! Right now!
HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

Linux Command Line (2)

Modified command line finds all processes that
load OpenSSL at all
grep -l 'libssl' /proc/*/maps | tr cd 0-9\\n | xargs -r ps

HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

Linux Command Line (3)

Some bad developers may not include correct
versioning in the names of their libraries

HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

Good List of Impacted Vendors

Best list Ive found so far is at ISC
https://isc.sans.edu/forums/diary/Heartbleed+ven
dor+notifications/17929

HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

Snort Detections
Looks for heartbeat codes and checks the size.
Anything larger than 200 bytes is assumed bad

HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

Will attackers use this?

Of course, they are probably using it already
MetaSploit already has a module to test for
vulnerabilities
Client side attack server is probably not far behind

Planned to write an attack server today, but

was too busy with clients

HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)

Questions?

Jake Williams
@MalwareJake

HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)