|
A newly discovered vulnerability in OpenSSL, one of the most commonly used implementations of the SSL and TLS cryptographic protocols, presents an immediate and serious danger to any unpatched server. The bug, known as Heartbleed, allows attackers to intercept secure communications and steal sensitive information such as login credentials, personal data, or even decryption keys. Heartbleed, or the OpenSSL TLS 'heartbeat' Extension Information Disclosure Vulnerability (CVE-2014-0160), affects a component of OpenSSL known as Heartbeat. OpenSSL is one of the most widely used, open source implementations of the SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols. Heartbeat is an extension to the TLS protocol that allows a TLS session to be kept alive, even if no real communication has occurred for some time. The feature will verify that both computers are still connected and available for communication. It also saves the user the trouble of having to reenter their credentials to establish another secure connection if the original connection is dropped. How does it work? Heartbeat sends a message to the OpenSSL server, which in turn relays that message back to the sender, verifying the connection. The message contains two components, a packet of data known as the payload which can be up to 64KB and information on the size of the payload. However, the Heartbleed vulnerability in OpenSSL allows an attacker to spoof the information on the payload size. For example, they could send a payload of just one kilobyte in size, but state that it is 64KB. How an OpenSSL server deals with this malformed Heartbeat message is key to the danger this vulnerability poses. It does not attempt to verify that the payload is the same size as stated by the message. Instead it assumes that the payload is the correct size and attempts to send it back to the computer it came from. However, since it doesn’t have the full 64KB of data it will instead automatically “pad out” the payload with data stored next to it in the application’s memory. If the server received a 1KB payload, it will thus send it back along with 63KB of other data stored in its memory. This could include the login credentials of a user, personal data, or even, in some cases, session and private encryption keys. The data the application sends back is random and it is possible that the attacker may receive some incomplete or useless pieces of data. However, the nature of the vulnerability means that the attack can be performed again and again, meaning the attacker can build a bigger picture of the data stored by the application over time. Private encryption keys may be the most difficult thing to steal using this attack. Data is stored in a sequential fashion, with new data stored in front of older data. Encryption keys will usually be stored “behind” the payload in memory, meaning they are less likely to be accessed. Content from current SSL/TLS sessions is the type of data most likely to be at risk. The Heartbleed bug is the latest in a series of SSL/TLS vulnerabilities uncovered this year. TLS and its older predecessor SSL are both secure protocols for Internet communication and work by encrypting traffic between two computers. In February, Apple had to patch two critical vulnerabilities affecting SSL in its software. It first issued an update for its mobile operating system iOS, which patched a flaw that enabled an attacker with a privileged network position to capture or modify data in sessions protected by SSL/TLS. Days later, a second update was issued, this time for its desktop operating system OS X, after it was discovered that the same vulnerability also affected it. In March, a certificate vulnerability was found in security library GnuTLS, which is used in a large number of Linux versions, including Red Hat desktop and server products, and Ubuntu and Debian distributions of the operating system. GnuTLS is an open source software implementation of SSL/TLS. The bug meant that GnuTLS failed to correctly handle some errors that could occur when verifying a security certificate. This could allow an attacker to use a specially crafted certificate to trick GnuTLS into trusting a malicious website. The vulnerability was immediately patched by GnuTLS. Heartbleed is by far the most serious vulnerability in SSL/TLS to be uncovered of late. The nature of the bug and the fact that affects one of the most widely used implementations of SSL/TLS means that it poses an immediate risk. Advice for businesses: - This is a vulnerability of the OpenSSL library, and not a flaw with SSL/TLS nor certificates issued by Symantec.
- Anyone using OpenSSL 1.0.1 through 1.0.1f should update to the latest fixed version of the software (1.0.1g), or recompile OpenSSL without the heartbeat extension
- After moving to a fixed version of OpenSSL, if you believe your web server certificates may have been compromised or stolen as a result of exploitation, contact the certificate authority for a replacement
- Finally, and as a best practice, businesses should also consider resetting end-user passwords that may have been visible in a compromised server memory
Advice for consumers: - You should be aware that your data could have been seen by a third party if you used a vulnerable service provider
- Monitor any notices from the vendors you use. Once a vulnerable vendor has communicated customers that they should change their passwords, users should do so
- Avoid potential phishing emails from attackers asking you to update your password – to avoid going to an impersonated website, stick with the official site domain
- Stick to reputable websites and services. They are most likely to have immediately addressed the vulnerability
- Monitor your bank and credit card statements to check for any unusual transactions
UPDATE April 10, 2014: Symantec’s SSL Tools Certificate Checker will check whether a website is vulnerable to exploitation. You can access the Certificate Checker at the following location:https://ssltools.websecurity.symantec.com/checker/ To use the Certificate Checker, click on Check your cerftificate installation and then enter your website URL. 
Google翻译:
OpenSSL中, SSL和TLS加密协议中最常用的实现之一,新发现的漏洞提供了一个直接和严重威胁的任何未打补丁的服务器。该缺陷,被称为Heartbleed ,允许攻击者拦截安全通信并窃取敏感信息,如登录凭据,个人数据,甚至解密密钥。
Heartbleed ,或者OpenSSL的TLS '心跳'拓信息泄露漏洞( CVE -2014- 0160 ) ,影响的OpenSSL的一个组成部分称为心跳。 OpenSSL是SSL(安全套接字层)和TLS (传输层安全)协议中使用最广泛的,开放源码的实现之一。
心跳是一个扩展到TLS协议,允许TLS会话将保持活动状态,即使已经发生了一段时间没有真正的沟通。该功能将验证两台计算机仍然连接和可用于通信。这也节省了用户不必重新输入其凭据来建立另一种安全连接,如果原来的连接断开的麻烦。
它是如何工作的?心跳将消息发送到OpenSSL的服务器,这反过来继电器的消息发回给发送者,验证连接。该消息中包含两种成分,被称为它可以是最多64KB和在有效载荷的大小的信息的有效载荷数据的数据包。
然而,在OpenSSL中的Heartbleed漏洞允许攻击者欺骗的有效载荷大小的信息。例如,他们可以发送有效载荷只有一个KB的大小,但是状态,它是64KB 。
如何将OpenSSL的服务器处理这个异常的心跳消息是关键,这个漏洞带来的危险。它不试图确认该有效载荷具有相同的大小由该消息作为说明。相反,它假定负载是正确的大小并尝试把它送回来给它来自计算机。但是,由于它不具有数据的完整64KB它将代替自动地“垫出”与存储在应用程序的内存在它旁边的数据有效载荷。如果服务器收到一个1KB的有效载荷,它会因此随着存储在其内存中的其它数据63KB送回去。这可能包括用户的登录凭证,个人数据,或什至在某些情况下,会话和私有加密密钥。
应用程序发回的数据是随机的,它是可能的攻击者可以接收一些不完整的或无用的数据片段。然而,该漏洞的性质,表示该攻击可以一次又一次地进行,这意味着攻击者可以构建应用程序存储在一段时间内数据的大局观。
私人加密密钥可能是最困难的事情使用这种攻击来窃取。数据被存储在一个连续的方式,与存储在较旧的数据前面的新数据。加密密钥通常被存储的“后面”的存储器中的有效载荷,这意味着它们是不太可能被访问。从当前的SSL / TLS会话内容是数据最有可能处于危险的类型。
该Heartbleed bug是最新的一个系列SSL / TLS漏洞今年破获。 TLS和其年长的前辈SSL都是互联网的沟通和工作通过加密两台计算机之间的通信安全协议。
今年二月,苹果公司不得不修补影响的SSL在其软件中的两个重要的漏洞。它首先为它的移动操作系统iOS的,它修补一个漏洞,启用了一个特权网络位置,在会议通过SSL / TLS保护的捕获或修改数据,攻击者发布了更新。几天后,第二次更新已发布,这个时候它的桌面操作系统OS X ,之后人们发现同样的漏洞也影响它。
今年三月,证书漏洞被发现在安全库的GnuTLS ,这是用在大量的Linux版本,包括Red Hat的桌面和服务器产品,以及操作系统Ubuntu和Debian的发行版。
gnutls是一套开放源码软件实现SSL / TLS的。该错误意味着失败的GnuTLS正确处理验证的安全证书时可能发生的一些错误。这可能允许攻击者使用一个特制的证书,以欺骗的GnuTLS为相信一个恶意网站。该漏洞立刻被的GnuTLS修补。
Heartbleed是迄今为止SSL / TLS中最严重的漏洞被发现的晚了。影响SSL / TLS中使用最广泛的实现之一的bug和事实的性质意味着,它构成即时危险。
忠告企业:
这是一个漏洞OpenSSL库的,而不是使用SSL / TLS ,也不由赛门铁克颁发的证书缺陷。 任何使用OpenSSL 1.0.1通过1.0.1f应该更新到软件( 1.0.1g )的最新版本,固定,或重新编译OpenSSL的无心跳扩展 移动到OpenSSL的固定版本后,如果您认为您的Web服务器证书可能已被破坏或被盗剥削的结果,请联系证书颁发机构进行更换 最后,作为一个最佳实践,企业也应该重新考虑,可能已被攻破的服务器内存是可见的最终用户密码 给消费者的建议:
如果你使用一个脆弱的服务提供者,你应该知道,你的数据可能已经看到第三方 监控从您使用的供应商的任何通知。一旦脆弱的供应商已通知客户,他们应该改变自己的密码,用户应该这样做 避免攻击者潜在的网络钓鱼电子邮件,要求您更新您的密码 - 避免到一个模拟的网站,坚持与官方网站域名 坚持信誉的网站和服务。他们是最有可能马上解决的漏洞 监控您的银行和信用卡帐单,以检查是否有任何不寻常的交易
要使用证书检查器中,单击检查您的cerftificate安装,然后输入你的网站的网址。
| 
发表于 2014-4-14 00:40:23
楼主
