We break down the critical flaw in OpenSSL, and explain why the Heartbleed catastrophe impacts so many systems we use. the timeline of events, and more.

Plus your great questions, our answers, and much much more.

On this week’s TechSNAP!

Thanks to:

— Show Notes: —

Critical flaw in OpenSSL discloses usernames, passwords and possibly encryption keys

• Two separate groups of researchers discovered a disastrous flaw in OpenSSL, the cryptographic library that protects almost all information on the Internet.
• The flaw is in the rarely used OpenSSL feature ‘heartbeat’ which allows the client to send a block of data to the server and have it returned to the client, keeping the connection and session alive
• The flaw stems from a missing security check, where the software assumes that the ‘length’ of the data send by the client matches the length the client included in the header. When the actual length of the data sent by the client is less than that size, the software returns a larger chunk of memory that intended, disclosing the contents of segments of memory that were recently freed
• This flaw allows an attacker to send a malformed request and in response get up to a 64kb chunk of memory from the server that may contain sensitive information
• There are a number of proof-of-concept tools out there, and when used against an HTTPS server, they often return the HTTP headers of recent requests, which can include POST data (usernames, password, private emails) as well as cookies and other data that could be used for session hijacking
• There also exists the possibility that by brute forcing this exploit an attacker may get some or all of the private key used to decrypt data sent to the server over TLS. In the common case of sessions that lack the newer PFS (Perfect Forward Secrecy) feature, if an attacker managed to compromise the private key, they would be able to decrypt all traffic that was ever encrypted to that key
• It is possible that even PFS sessions may be compromised, if the flaw also leaks the temporary tokens used to make PFS sessions unique
• People I’ve talked to have managed to compromise data from their own servers using only very basic tools, including capturing the admin username and password for a router and hijacking a web forum session
• Because of the risk that the private key for the SSL certificate was compromised, the proper course of action after patching all of the servers and applications, is to re-key the certificate (generate a new private key, and get a fresh certificate signed), and then revoke the old certificate. It is unclear how well the root CAs will handle the load caused by this, or how the CRL and/or OCSP infrastructures will handle the mass revocation of keys
• Luckily, the root CA keys are not likely to have been compromised, as they will not have been on servers exposed to the Internet
• OpenSSL provides SSL/TLS for protocols such as HTTPS (encrypted HTTP, used for online banking, logging in to services including gmail and facebook), IMAP/SMTP and POP3 (encryption for email delivery. This affects all email, and especially the usernames and passwords used to access email), chat servers (IRC and XMPP), many types of VPN (SSL VPNs like OpenVPN) and much more
• The flaw was originally discovered by Neel Mehta of Google Security, and around the same time was independently discovered by Riku, Antti and Matti at Codenomicon. The fix was written by Adam Langley agl@chromium.org and Bodo Moeller bmoeller@acm.org
• OpenSSL versions 1.0.1 through 1.0.1f (including 1.01-beta) are vulnerable. 1.0.2-beta1 is also vulnerable. Versions 1.0.0 and 0.9.8 are not affected. All users of 1.0.1 are encouraged in the strongest terms to upgrade to OpenSSL 1.0.1g (or 1.0.2-beta2).
• Questions are being raised about the fumbling of the responsible disclosure. It seems some companies like CloudFlair and CacheFly were notified as much as a week before anyone else.
• Amazon appears to have not been given any advanced warning – A later post describes steps customers should take
• Also, the security officers of major open source projects including all of the BSDs, Debian/Ubuntu, Suse etc, received absolutely no advanced warning, just the initial security advisory.
• It appears that RedHat has approximately 2 days warning because one of the OpenSSL developers is also on their security team
• The researchers at Codenomicon notified the National Cyber Security Centre Finland (NCSC-FI) and tasked them with coordinating the disclosure to OpenSSL, operating system vendors (which should have included the various BSD and Linux projects), appliance and service vendors (Amazon, Cisco, CloudFlare etc)
• The issue appears to be that while the responsible disclosure was being organized, someone leaked the information and forced OpenSSL to issue the advisory. This was followed quickly by the publishing of the heartbleed.com website (by the researchers at Codenomicon) and the CloudFlare blog post.
• It is unclear why CloudFlare was notified, but Amazon and most open source operating systems were not
• CloudFlare Blog Post features a very long comment thread
• Long thread discussing the issue on the Open Source Software Security list
• Insight on the FreeBSD security process
• Timeline:
  • 2012-01-03 – OpenSSL 1.0.1-beta1 is available
  • 2012-03-14 – OpenSSL 1.0.1 is released, first GA version with heartbeat support
  • (sometime prior to 2014-04-05): Researchers at Codenomicon and Google discover the flaw. The flaw is reported to NCSC-FI (CERT) and OpenSSL
  • 2014-04-07 05:56 – Huzaifa Sidhpurwala (RedHat) add a bug to Red Hat bugzilla
  • 2014-04-07 06:10 – Huzaifa Sidhpurwala sends a mail to linux distros list with no details but an offer to request them privately
  • 2014-04-07 11:34 – Timestamp on RedHat OpenSSL 1.0.1g build
  • 2014-04-07 ??:?? – Information about the bug leaks, forces OpenSSL to issue advisory immediately
  • 2014-04-07 16:53 – Fix is committed to OpenSSL git
  • 2014-04-07 17:27 – OpenSSL releases advisory
  • 2014-04-07 18:00 – CloudFlare posts blog entry (claiming they were notified a week ago)
  • 2014-04-07 19:00 – Heartbleed.com is published
  • 2014-04-09 – The planned disclosure of the bug was to happen here
• Vulnerable:
  • Debian Wheezy (stable) (OpenSSL 1.0.1e-2+deb7u4)
  • Ubuntu 12.04.4 LTS (OpenSSL 1.0.1-4ubuntu5.11)
  • CentOS 6.5 (OpenSSL 1.0.1e-15)
  • Fedora 18 (OpenSSL 1.0.1e-4)
  • OpenBSD 5.3 and 5.4 (OpenSSL 1.0.1c 10 May 2012)
  • FreeBSD 10.0 (OpenSSL 1.0.1e 11 Feb 2013)
  • NetBSD 5.0.2 (OpenSSL 1.0.1e)
  • OpenSUSE 12.2 (OpenSSL 1.0.1c)
• Not Vulnerable:
  • Debian Squeeze (oldstable) (OpenSSL 0.9.8o-4squeeze14)
  • SUSE Linux Enterprise Server
  • FreeBSD 8.4 (OpenSSL 0.9.8y 5 Feb 2013)
  • FreeBSD 9.2 (OpenSSL 0.9.8y 5 Feb 2013)
  • FreeBSD Ports – OpenSSL 1.0.1g (At 7 Apr 21:46:40 2014 UTC)
• It is not clear how many appliances are vulnerable, but many consumer grade appliances are likely to be vulnerable and unlikely to receive a fix. If the only solution for these devices is to throw them in the trash and replace them, the issue remains that it would likely take 2-12 months for fresh embedded devices to make it to stores where users could buy new ones
• Analysis:
  • Reddit conspiracy theory – Suggest PHK was right. Did the NSA/GCHQ pay someone to insert this flaw in OpenSSL?
  • Bruce Schneier – Heartbleed is a catastrophic bug in OpenSSL
  • Theo de Raadt – OpenSSL has mitigation counter measures to break the operating systems ability to mitigate such attacks
  • Ted Unangst – Why this didn’t have to happen
  • Ted Unangst – Fixing the mitigation counter measures
  • Brian Krebs – heartbleed exposes web traffic
  • Brian Krebs – heartbleed, what can you do?
  • Elastica – Video explaing heartbleed
  • Sean Cassidy – Diagnosis of Heart Bleed
  • Matthew Green – Attack of the week: OpenSSL Heartbleed
    
  • Matthew Sullivan – Hijacking user sessions with the Heartbleed vulnerability
  • EFF – Possibile evidence that HeartBleed was used by Intelligence Agencies last year
  • [RETRACTED] Errata Security – Why heartbleed doesn’t leak private keys
  • The Hacker News OpenSSL Game
  • List of sites that were vulnerable
  • XKCD
• Canada Halts Online Tax-Filing Services
• The Heartbleed Hit List: The Passwords You Need to Change Right Now
• Additional Coverage – The Register
• Additional Coverage – Washington Post
• Additional Coverage – ThreatPost
• IDS Signature for detecting heartbleed
• What you should know about heartbleed
• Critical crypto bug exposes Yahoo Mail, other passwords Russian roulette-style
• FreeBSD Security Advisory

Feedback:

• Heartbleed is manna from heaven for spooks and criminals?

• Amazing FreeNAS Motherboard

• PKI at Home

• Applying for an internship at an IT security consulting company

Round Up:

• Comcast: Without Time Warner Cable, we can’t compete against Google, Netflix
• 18 year old security researcher claims to have ability to print airline boarding passes and get free flights around Europe – Will present at “Hack in the box” next month in Amsterdam
• The #1 New Paid App In The Play Store Costs $4, Has Over 10,000 Downloads, A 4.7-Star Rating… And It\’s A Total Scam
• Seagate releases first 6TB drives using perpendicular magnetic recording, no helium required. 25% faster than the WD 6TB Helium drive (which never specified what RPM it ran at). Available in 2, 4, 5 and 6 TB sizes, with SAS 12g/s or SATA 6g/s interfaces and featuring 128mb of cache with a max sustained data transfer rate of 216 MB/s (226 MB/s with SAS interface)
• Drop Condoleezza Rice or we will #dropdropbox
• 5 year old discovered XBox security flaw, access an account without the password by pressing the sparebar a few times… Microsoft sends a gift package including four free games, US$50 and a one-year Xbox Live subscription
• Hewlett-Packard Admits To International Bribery and Money Laundering Schemes
• Before anyone called it “the cloud”, game companies depended on GameSpy to do multiplayer matchmaking “in the cloud”. Since is now shutting down, leaving many older makes unplayable
• Zeus malware found with valid digital certificate
• Scenes from the 2014 Kaspersky Security Analyst Summit
• Microsoft announces Skype TX with studio-grade audio and video for broadcasters
• Schneier: Unbreaking encryption is likely not unbreakable
• MtGox CEO faces likely US arrest as legal woes mount over failed bitcoin exchange

The post SSL Heartbreak | TechSNAP 157 first appeared on Jupiter Broadcasting.

We’ll break down Apple’s major SSL flaw, and what it says about Apple’s general security posture, then the Zeus trojan evolves…

Plus an awesome batch of your questions, our answers.

On this week’s episode of, TechSNAP.

Thanks to:

— Show Notes: —

Apple fixes certificate validation flaw in iOS and OS X

• The flaw in the certificate verification step allowed an attacker to sign a certificate with any private key, or no key at all, and the certificate would still be accepted by the device
• This means an attacker could trivially perform a man-in-the-middle (MitM) attack, and intercept all traffic between you and a secure destination
• This would allow an attack to get your email passwords, logins for services like facebook and twitter, and compromise your online banking account
• A MitM attack is what TLS/SSL are designed to prevent
• A MitM is trivial to perform if you can trick a user into connecting to a WiFi access point you control, say at a coffee shop or other public space
• The flaw is also present in Mac OS X and fixed in 10.9.2 (Released Feb 25th, 4 days after the iOS update)
• The issue is caused by a duplicate ‘goto’ statement. The first is inside the if structure (with implied curly braces), but the 2nd is unconditional, causing the goto fail to happen in every case
• It is unclear how long Apple has known about the flaw, but the CVE for the bug was reserved on January 8th
• diff between Mac OS X 10.8.5 and 10.9 showing the addition of the errant goto
• OS X 10.9.2 also fixes an issue with cURL, where the TLS/SSL verification code did not check the hostname again the certificate if the URL was an IP address
• Hacker News thread
• More analysis
• Why were there gotos in apple software in the first place?
• Apple Announcement

University of Maryland ID card system breached

• 309,079 of the students, faculty, and staff of the University of Maryland College Park and Shady Grove campuses have had their personal information exposed in an attack against the ID card system
• The breach occurred about 04:00 February 18th
• An attacker was able to get access to the ID card database that holds information on all card holders dating back to 1998
• The data includes full name, SSN, birth date and University ID number
• Brian Voss, CIO of U Md., said “what most concerns him is the sophistication of the attack: The hacker or hackers must have had a “very significant understanding” of how the school’s data are designed and protected”
• Voss claims that this was not a case of a ‘door left open’, that the attackers had to ‘pick through multiple locks’
• It will be interesting to see if details of the attack are published
• Related: The total cost of unmasked data

New Zeus trojan variant targets SalesForce.com

• “The Adallom Labs team recently discovered an unusual variant of the Zeus trojan that targets Salesforce users. We’ve been internally referring to this type of attack as “landmining”, since the attackers laid “landmines” on unmanaged devices used by employees to access company resources. The attackers, now bypassing traditional security measures, wait for the user to connect to *.my.salesforce.com in order to exfiltrate company data from the user’s Salesforce instance.”
• We have covered the Zeus trojan before, it is a sophisticated malware used to steal online banking credentials and perform transactions, even in the face of two-factor authentication schemes by performing ‘man-in-the-browser’ attacks
• This attack does not exploit a vulnerability of SalesForce, it is just taking over the user’s device used to access the site, in order to steal data from the site once logged in
• This attack seems to be a totally new kind of attack, not described by any existing Common Attack Pattern Enumeration and Classification (CAPEC) pattern.
• When the Adallom security system detected an employee accessing a large number of records in a short period of time, it triggered an ‘insider thread’ alert. This alert is fairly common and is usually related to a sales agent downloading their entire rolodex, sometimes in preparation for leaving the company
• When corporate security integrated the employee in question, they claimed no knowledge of the bulk download
• The employees laptop was scanned and found to be clean
• Further investigation lead to the employees home PC, which was running outdated windows XP, an unpatched version of Internet Explorer, and an expired virus scanner
• The machine was infected with various bits of malware, but specifically, a modified version of the Zeus Trojan (win32/ZBot)
• The interesting part is that the Trojan targets *.my.salesforce.com instead of banking sites
• The attack also leveraged devices not controlled by corporate security
• This highlights the risks involved with BYOD and allowing employees to use their home computers to access corporate applications, especially SaaS applications

Feedback:

• sshshark

• Fibre internet in Australia

• Advice for low data rate network?

• GCHQ Revelations

• Webmin Alternative

• Flight of the Intruder

• Flight of the Intruder Audiobook – Full Cast
• Influx Audiobook | Daniel Suarez

Round Up:

• Apple Drops Snow Leopard Security Updates, Doesn\’t Tell Anyone
• GCHQ hijacked webcams of Yahoo chat and stored images of over 1.8 million users in 6 months, program ran for 2 years and collected a large quantity of sexually explicit images
• MakerBot Starts Taking Pre-Orders For Their Itty-Bitty 3D Printer
• Netflix shuts down gift card sales temporarily after rash of fraud from Brazil
• Microsoft introduces Microsoft Lync, allows companies to spy on their employees the same way the NSA does. Find out who is dating who, and who is looking for a new job
• OpenBSD revs bcrypt password hash to solve issue with passwords over 255 characters
• Phishing scam sends fake credit card fraud alerts, targeting real companies to trick customers
• Zero day flaw in IE9 and 10 exploited in watering hole attacks targeting Veterans and Military contractors. CVE-2014-0322
• Operation Greedy Wonk, Flash and AIR exploit, CVE-2014-0502
• Inside the Flash zero day CVE-2014-0502
• Breaking the Bitcrypt ransomware
• Why is broadband not getting any fasters? ISPs don’t want to spend any money. Verizon and TWC not set to lay any new lines any time soon
• The problem with 3rd party email, sometimes it goes away. Facebook is shutting down its email service. Will forward to your registered email address, for now
• DDoSing Cell Phone Networks
• Schneier highlights a recent profile of Brian Krebs

The post Go Directly to Fail | TechSNAP 151 first appeared on Jupiter Broadcasting.

Microsoft is rolling out their latest version of Windows, and it changes everything. Tune in to find out just how revolutionary this amazing new UI is and how it leaves the competition in the duts!

PLUS: Microsoft cracks down on evil doers

And so much more!

All this week on, The Windows Action Show!

Thanks to: