Upload
raju
View
228
Download
1
Embed Size (px)
DESCRIPTION
Heart Bleed
Citation preview
Brought to you by
SANS Live Online Training
www.sans.org/vlive www.sans.org/simulcast
Welcome to
OpenSSL "Heartbleed" Vulnerability
by Jake Williams
Live Online Classrooms Attend a Live SANS Event from Home
HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)
HeartBleed what you need to know (round 2)
Jake Williams
@MalwareJake
HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)
HeartBleed TL;DR Edition
Massive SSL bug impacts Internet
You should change your passwords unless you KNOW the site in question was not vulnerable
Even if you change your passwords, you should work with your business partners to ensure that vulnerable servers had certificates reissued
Otherwise youre not much more secure
HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)
Heartbeats
SSL heartbeats are defined in RFC6520
Used for keep alive messages without the need for renegotiating the SSL session
Also used for path MTU discovery
Heartbeat messages can be sent without authenticating with the server
HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)
HeartBleed What is it?
CVE-2014-0160 describes a flaw the heartbeat extension to the SSL protocol
The OpenSSL code accepts a user supplied length value for memory to read without proper validation
Never trust user supplied input
Bug was introduced in March 2012
OpenSSL 1.0.1
Good news: OpenSSL 1.0.0 is NOT vulnerable!
HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)
HeartBleed What is it? (2)
Attackers can dump up to 64k of memory near the SSL heartbeat on the impacted machine
Luck of the draw as to what you get
Attack can be repeated many times to obtain different 64k memory allocations
64k is a lot of memory to leak!
Patched in OpenSSL 1.0.1g
HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)
Whats in a memory disclosure bug?
Private keys (cryptographic keys)
Data otherwise encrypted by SSL
Usernames and passwords
Session identifiers
Your private data
Pointers to programming structures
May be used to defeat other exploit protections, making some other bugs exploitable
HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)
HeartBleed Visual
SSL v3 Record
Length (4 bytes)
Attacker Sends HeartBeat Message
Type (1 byte)
Heartbeat Message
Length (2 bytes)
Message Data
(variable bytes)
Oh noes! The attacker controls both of these length fields!
SSL v3 Record
Length = 4
HeartBeat Message
HB_REQUEST
Heartbeat Message
Length = 65535
Message Data
1 random byte
HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)
HeartBleed Visual (2)
Victim Replies SSL v3 Record
Length = 65535
HeartBeat Message
HB_RESPONSE
Heartbeat Message
Length = 65535
Message Data
1 random byte
Almost 64k (-1 byte) of extra memory allocated to the server process
Memory contains ????? Could include private SSL keys, usernames, passwords, or other sensitive data.
HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)
Memory Disclosure!
This should be a secret!
HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)
Are attacks logged?
In short, no there is no logging of a successful attack beyond normal SSL connection
Nginx patches are available to log that an attack was attempted
https://gist.github.com/kmosher/10313697
HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)
What should vendors do?
If not vulnerable
Communicate this (prominently) to customers
If ever vulnerable
Communicate this (prominently) to customers
Revoke possibly (probably) compromised certs
Issue new server SSL certs
Change assumed secret data the customer cant
Force change of passwords for customers
HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)
What should you do?
Coordinate with vendors to identify vulnerable software/devices and get patches installed
Coordinate with IT to get new certs for VPN client software
Change passwords for anything you need to keep secret
Monitor carefully for signs of identity theft
HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)
No web server, so Im safe, right?
Not at all!
Your data is protected by server certificates, which may have already been leaked
Attackers who compromise a servers private key may decrypt previously recorded traffic
An attacker with compromised server certificates can perform a MiTM attack
HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)
Client Side Attacks
Full list of vulnerable clients not yet known
If an attacker can direct traffic to an SSL server they control, they could read memory from the client process
No public proof of concept code available yet
Watch for to secure network clients
Consider restricting use of public wireless unless you know for sure you are not vulnerable
HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)
Good news everyone!
Firefox, Chrome, and MSIE (on Windows) all use the Windows crypto implementation and do not link against OpenSSL
IIS server is also not vulnerable
HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)
Bad news everyone!
Android is vulnerable
Not sure what this means for Chrome Books
Will manufacturers updated older devices?
Not betting on any support here
Not sure of the full list of Linux browsers that are vulnerable
HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)
(More) Bad news everyone!
Third party code using Python/Perl/Ruby OpenSSL libraries may still be vulnerable
Windows programs may have been linked against vulnerable versions of OpenSSL
Need to work with vendors to confirm vulnerabilities have been patched (or dont exist)
HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)
OpenVPN
Huge numbers of companies use OpenVPN
Bad news it was vulnerable
Considering that many employees use it in untrusted environments (public WiFi) DO NOT DELAY updating your client and server software
HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)
Finding Vulnerable Sites
A number of scanners have been used to identify popular vulnerable sites
Yahoo!, LastPass, OkCupid, and Flickr were all vulnerable for a time
https://github.com/musalbas/heartbleed-masstest/blob/master/top1000.txt
HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)
Finding Vulnerable Sites (2)
A server at http://filippo.io/Heartbleed/ is set up to check for vulnerable sites
HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)
Server Certificates
Ensure that your browser is set to check for revoked certificates
Chrome on Windows does not do this by default
Firefox does
HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)
Checking site certificates (FireFox)
HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)
Checking site certificates (Safari)
HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)
Checking site certificates (MSIE)
HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)
Chrome Plugin
The ChromeBleed plugin shows whether the site you are communicating with is vulnerable
https://chrome.google.com/webstore/detail/chromebleed/eeoekjnjgppnaegdjbcafdggilajhpic
HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)
Forensics Implications
Suppose your friendly law enforcement captured your SSL encrypted traffic last month
Or your employer
Before HeartBleed they couldnt read it
If the server involved was vulnerable, they may be able to read it today
If the servers private keys were leaked
HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)
Forensics Implications (2)
Currently no central site for compromised certs
Expecting to see these popping up in the underground
Hard to believe that this wasnt found by a nation state earlier
Reminded of parallel construction and DEA manual
Can old (previously vulnerable) SSL certs be subpoenaed today by LE? Obtained otherwise?
IANAL ask someone who is
HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)
Deploying Cloud Servers?
Check that the baseline image has been updated to the newest OpenSSL
Good advice for software in general anyway
Many Amazon images are already updated
Others were not at the time of this presentation
HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)
Finding Vulnerable Software
Probably easier on Linux
Windows software more likely to be linked with OpenSSL without this being obvious
Uh oh!
HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)
Linux Command Line
@jekil posted a neat one-liner on Twitter
grep -l 'libssl.*deleted'
/proc/*/maps | tr -cd 0-9\\n | xargs
-r ps u
Finds running processes that still have old (deleted) OpenSSL libraries mapped
But what if I havent patched yet?
Um shame on you, go patch! Right now!
HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)
Linux Command Line (2)
Modified command line finds all processes that load OpenSSL at all
grep -l 'libssl' /proc/*/maps | tr -
cd 0-9\\n | xargs -r ps
HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)
Linux Command Line (3)
Some bad developers may not include correct versioning in the names of their libraries
HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)
Good List of Impacted Vendors
Best list Ive found so far is at ISC
https://isc.sans.edu/forums/diary/Heartbleed+vendor+notifications/17929
HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)
Snort Detections
Looks for heartbeat codes and checks the size. Anything larger than 200 bytes is assumed bad
HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)
Will attackers use this?
Of course, they are probably using it already
MetaSploit already has a module to test for vulnerabilities
Client side attack server is probably not far behind
Planned to write an attack server today, but was too busy with clients
HeartBleed What you need to know 2014 Jake Williams (@MalwareJake)
Questions?
Jake Williams
@MalwareJake