The Heartbleed bug and SSL implementations

Like the tree falling in the forest, we simply do not know if the Heartbleed bug was ever exploited. The problem is that exploiting it makes no sound.

The Heartbleed bug is a fault in the implementation of the Heartbeat extension to OpenSSL. The effect is to expose up to 64kb of supposedly encrypted traffic in plaintext. That plaintext would likely include the encryption keys, user credentials (ID and password) and message content. But exploiting the bug leaves no trace in the logs, so in theory it could have been used by hackers at any time or ever since the flaw was introduced several years ago.

This potential problem is huge. “Just one application that uses OpenSSL, Apache, is used to run 346 million public websites or about 47 percent of the Internet today” explains Kevin Bocek, Vice President, Security Strategy & Threat Intelligence at Venafi. “And the problem is even larger since this doesn’t include the tens of millions of behind-the-firewall applications, devices and appliances that run Apache and use OpenSSL.”

An update to OpenSSL has been released, and hopefully the faulty implementations are being fixed. The encryption keys are being changed and all should be well soon. But will it?

Once the SSL keys are known, then all previous messages could be decrypted. So if any attacker has been sniffing and storing messages, and has at any time obtained those keys, then those stored messages could be decrypted (unless forward secrecy – which provides new keys for each message – was being used). Forward secrecy is only now becoming more popular for precisely such a concern.

The elephant, of course, is the NSA and GCHQ (and to a lesser extent probably every other national intelligence agency in the world). On the plus side, there is no indication in the Snowden files released so far to suggest that the NSA knew about or used this bug. The downside is that unless they wrote about it, we would probably never know.

Meanwhile, researchers have been trying to discover which services use vulnerable versions of OpenSSL and have put their users at risk. Filippo Valsorda produced a test site to check whether particular sites are vulnerable. “Very quickly, it became clear that popular sites like Google, Facebook, Twitter, Dropbox, were not affected, but other sites (for instance, dating site OKCupid, Imgur, Flickr, Stackoverflow and Eventbrite) were at risk,” commented Graham Cluley this morning.

More worrying, however, is that Yahoo was affected (although it has been fixed now). The problem with Yahoo is that we know that GCHQ had been intercepting and storing Yahoo traffic.

Qualys has also added Heartbleed detection to its SSL test site. The advantage of this site is that it provides a detailed analysis of a website’s overall SSL implementation. The two graphics show summary the results from Yahoo (after fixing Heartbleed: A) and a site operated by a major security company (which should really do better: F).

Although Yahoo has now fixed the Heartbleed bug, Yahoo users should all consider changing their passwords – just in case.