A critical vulnerability in OpenSSL (CVE-2014-0160: OpenSSL Private Key Disclosure Vulnerability) was recently disclosed, which affects servers running OpenSSL 1.0.1 through 1.0.1f, estimated at ”over 17% of SSL web servers which use certificates issued by trusted certificate authorities.” The vulnerability essentially compromises the integrity of SSL encryption, allowing attackers to steal sensitive data from this secure channel.
The vulnerability, also know as the Heartbleed bug, most severely impacts enterprise servers running vulnerable versions of OpenSSL, and in a worst-case scenario could expose end-user communication over SSL encryption.
Palo Alto Networks immediately addressed this vulnerability, ensuring our customers are protected against exploitation of Heartbleed, including the following updates:
PAN-OS, our core operating system, is not impacted by CVE-2014-0160, as we are not using a vulnerable version of the OpenSSL library
We released a content update on April 9th, 2014 that automatically detects and immediately blocks attempted exploitation of the vulnerability (IPS vulnerability signature ID 36416)
To be clear, Palo Alto Networks software is not vulnerable, and customers with a Threat Prevention subscription, and their users, are protected from Heartbleed. We advise that all Threat Prevention users ensure they are running the latest content version on their device.
Furthermore, we recommend that all enterprises update their web servers to the latest patched version of OpenSSL available as of April 7, 2014 (1.0.1g), and immediately replace SSL private keys after the patch is in place. Given the close relationships many of you have with your vendors and partners, it is important that you help identify vulnerable systems, and notify partners immediately.
As an end-user, continue to practice good Internet hygiene, such as not accessing public Wi-Fi hotspots, clicking on unknown links in email, or downloading and opening suspicious files.
What the newly exposed SSL/TLS threat really means for enterprises and end-users.
The newly exposed Heartbleed bug plaguing some 17 percent of SSL-secured websites as well as various VPN products has caused a massive case of Internet heartburn over the past 48 hours as companies rushed to confirm their exposure and lock down their SSL/TLS software. But just how bad is it?
Errata Security CEO Robert Graham scanned the Net for machines vulnerable to the implementation flaw in the so-called Heartbeat function of TLS, and discovered some 600,000 affected out of 28 million SSL machines. He estimates that some one-third of SSL machines had been patched with the update to the buggy OpenSSL library. Netcraft, meanwhile, says the buggy Heartbeat extension is enabled on 17.5 percent of SSL sites, which include close to a half-million digital certificates at risk of theft and spoofing from the attack.
Heartbleed may be one of the biggest Internet security events since security expert Dan Kaminsky found and helped coordinate a fix for the massive Domain Name Service (DNS) caching vulnerability in 2008. Bruce Schneiergives Heartbleed an 11 rating on an ascending scale of 1 to 10, and security companies and experts are issuing warnings of the severity of the bug. The flaw, a two-year old implementation bug in the open-source OpenSSL, has been fixed with the new OpenSSL 1.0.1g, but experts say to assume it’s already been abused by nation-states or cyber criminals given the two years it wasn’t publicly known.
Fixing Heartbleed isn’t cheap. The estimated cost to remedy the flaw is hundreds or thousands of dollars per server or application, according to Tatu Ylonen, inventor of the SSH protocol and CEO and founder of SSH Communications Security. That adds up to more than a billion dollars in overall labor and certificate renewal costs worldwide, Ylonen says.
The bug, in Versions 1.0.1 and 1.0.2 beta, leaks the contents of the memory from the server to the client and vice versa, potentially exposing passwords and other sensitive data and the SSL server’s private key. While there have been reports of Yahoo passwords exposed by the bug and massive nefarious scanning for the flaw on the Net and signs of attacks since Heartbleed was revealed late Monday, there’s still debate over just how easily exploitable the bug really is.
“Certainly, nation-states will have the best capability to quickly weaponize this vulnerability for large-scale exploitation,” Schneier says.
Carrying out an attack using this flaw is not for script kiddies, experts say. It would take a nation-state or organized crime organization. “There are not enough skilled attackers with non-attributable networks to safely carry out large-scale collection efforts using this vulnerability,” says security expert Ralph Logan, CEO of Kiku Software, a large data analytics software firm. For example, “In order to collect mail.yahoo.com uid:pass pairs using this vulnerability, you would need a giant non-attributable network larger than TOR, but TOR won’t work in this case because we all know that it’s attributable.
“Joe Hacker/single actor in the .ru still has to have a non-attributable network to infiltrate and exfiltrate large amounts of data across the web.”
But the bad news now that the cat’s out of the bag is that proofs-of-concept are out — and some attacks are under way. Jaime Blasco, director of AlienVault Labs, says his firm has spotted scans for the flaw as well as brute-force attack attempts on some of its customers. “We have seen active attacks” in the past 48 hours, Blasco says.
Mozilla’s former director of security assurance Michael Coates, now director of product security for Shape Security and chairman of OWASP, points out that the attacker must have access to network devices “along the communication” path of a user and a website. “In order to decrypt data exchanged between a user and a website, the attacker must have access to network devices along the communication path. This attack could most easily be launched by state actors, intelligence agencies, or criminal enterprises operating with collusion from network operators,” Coates said today in a blog post.
An individual attacker could also target users on a shared WiFi hotspot with Heartbleed, he says.
As for concerns about attackers stealing a website’s digital certificate via a Heartbleed attack, Errata’s Graham contends that panic over private keys leaking is somewhat overblown. “In most [packaged] software, this cannot happen. That’s because memory containing the private key is never freed, and hence allocated heartbleed buffers can never contain it,” Graham said in a blog post today:
The upshot is this. What you can eavesdrop on with heartbleed hacks is dynamic stuff, stuff that was allocated only moments ago. What you probably can’t get is static information. Certainly, you can’t get any static information that hasn’t been freed, and you probably can’t get static information that was freed long ago, such as program startup. It’s a great way to steal passwords from recent logins, but it’s unlikely to give private keys. Certainly, there is some poorly written software that when it validates the SSL connection, copies the private key into a buffer, uses it, then frees the buffer. Thus, there certainly exists some software that reliably leaks the private key, it’s just that on most software it’s not possible.
Intranet Heartbleed Not all SSL servers are public Internet-facing, of course: Also at risk are internal intranet SSL servers that run internal corporate applications. And VPN software such as the open-source OpenVPN software was exposed but has since been patched.
“You need to change all certificates and keys,” says Kevin Bocek, vice president, security strategy and threat intelligence, at Venafi. “What’s inside the firewall is a lot more” lucrative to an attacker, he says.
“If I’m an advanced attacker, this is just a heyday. Now I can easily punch a server. I can get the keys and certs that allow me to [move] internally, which before would have taken a lot more effort. [Heartbleed] is also an internal concern.”
Enterprises should confirm whether their servers and VPN products are vulnerable if they have not done so already, and if they are, update them and obtain new digital certificates to be safe. Once they’ve cleaned that up, then they should institute end-user password changes, experts say.
End users should change their passwords on websites that were vulnerable, but not until after they’ve been patched. “This particular vulnerability still exists in many locations, so changing your password may just mean that the new password is vulnerable,” says Matt Willems, an engineer for LogRhythm Labs. “The best advice is to follow normal best-practices for online identity information. Change your passwords regularly, and if an online service says your information may be at risk, follow their directions.”
Meanwhile, SANS Internet Storm Center is tracking software vendors that have updated their products here. And several free online scanning tools are available for testing SSL servers for the flaw, such as this and this.
Kelly Jackson Higgins is Senior Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, CommunicationsWeek, Virginia Business magazine, and other major media properties. Jackson Higgins was recently selected as one of the Top 10 Cybersecurity Journalists in the US. She began her career as a sports writer in the Washington, DC metropolitan area, and earned her BA at The College of William & Mary. Follow her on Twitter @kjhiggins.
Chances are good you have already seen news about the OpenSSL Heartbleed vulnerability (i.e., CVE-2014-0160). It’s a pretty significant bug, particularly since it impacts popular open-source web servers such as Apache (the most popular web server) and Nginx. This means that a combined population of up to 66 percent of the Internet is potentially impacted (based on data from Netcraft).
One significant area that has been covered less in the industry press is the impact this issue could have outside of the population of vulnerable web servers. Now clearly, the impact to web servers is a big deal. But consider for a moment what else might be impacted by this. Here’s a hint: it’s Internet of Things Day today. In other words, consider the impact on embedded systems and “special purpose” systems (like biomed or ICS).
OpenSSL has a very developer-friendly license, requiring only attribution for it to be linked against, copied/pasted or otherwise incorporated into a derivative software product. It is also free. This makes it compelling for developers to incorporate it into anything they’re building that requires SSL functionality: everything from toasters to ICS systems, medical equipment, smoke detectors, remote cameras, consumer-oriented cable routers and wireless access points. It’s literally the path of least resistance as a supporting library/toolkit when developing new software that requires SSL.
We’ve seen an analogue of this in the past. Remember the fallout from the string of ASN1 parsing vulnerabilities a few years ago (e.g., CVE-2003-0543 and CVE-2003-0544)? Take a look at the long list of products and vendors affected by that bug in the link above. The underlying reason for the wide reach of that problem is that the code for ASN1 parsing was reused and recycled so extensively in other products. Because ASN1 parsing is hard to do, finding code that does it already and incorporating it into derivate software is a huge timesaver. Likewise, SSL functionality is complicated to write—it is advantageous to incorporate something that is already written (like OpenSSL), particularly when doing so doesn’t incur additional cost to you or lock you in to a particular operating system platform, such as with OS-specific proprietary libraries.
From a practical standpoint, there are a few ramifications to this. While a webserver can be upgraded (relatively) easily to use the fixed OpenSSL code, an embedded system is quite a bit more challenging to upgrade. Upgrading a biomedical system, for example, without careful coordination with the vendor who supplies it can (quite literally) have a life and safety impact to patients. Upgrading an ICS system, likewise, requires careful coordination and specialized testing.
Given these facts (and not to be hyperbolic about it), recovering from this issue could literally take years.
So what can organizations do about it? Patching webservers is obviously a good idea. Folks who run websites might also wish to consider getting a new certificate since it’s possible private key data might have been exposed. Everyday users might consider changing their passwords since they could have been exposed.
For the longer-term issue that could be lurking in embedded devices or specialized systems? That’s a thornier issue. One thing that could be helpful is encouraging vendors of those systems to confirm explicitly (and in writing) that they are not vulnerable to this if they provide SSL functionality (or to provide instructions on remediation if they are). By doing this, organizations with a population of these devices can get an assurance that someone at the vendor has at least evaluated the issue and how it might impact production deployments.
Ed Moyle
Director of Emerging Business and Technology, ISACA
Thailand has managed to give life to insurance ads in a three-minute spot titled “Unsung Hero.”
The ad paints a touching story of a young man committed to helping those around him. He feeds stray dogs, gives his elderly neighbor bananas and gives a begging schoolgirl extra cash.
We see that this man’s actions don’t have much impact on his own life; he doesn’t gain fame or recognition, much less a mere “thank you.” But eventually, he realizes the power of paying it forward.
The ad currently has accrued more than 2.5 million views in less than a week.
The heartwarming life insurance ad isn’t the first viral hit to come from Thailand. In February, a lingerie ad went viral for challenging the assumptions about single parents, and last September, a telecom ad highlighted a similar concept of unexpected kindness.
Cybersecurity more and more resembles nothing less than old-fashioned warcraft, with both sides confident in the weaponry they have and in their ability to either penetrate or defend borders. As the threat of cyberconflicts ratchets up, the two modes of warfare seem at times to be getting chillingly similar.
The latest expression of confidence came from Defense Secretary Chuck Hagel, who on March 28 spoke to an audience at the National Security Agency headquarters to mark the retirement of Gen. Keith Alexander, the head of both the NSA and the U.S. Cyber Command.
The Pentagon is well on its way to building a modern cyberforce, he said, which will be 6,000 strong by 2016.
The force will improve the U.S. ability to “deter aggression in cyberspace, deny adversaries their objectives,” and defend the country from cyberattacks. At the same time, however, he pointed out the “proliferation of destructive malware” that is being used to constantly, and aggressively, probe and disrupt networks.
More confidence shone through in a recent report that surveyed IT and security professionals in both the military and civilian agencies. Nearly all of them, some 94 percent, rated their own agency’s cybersecurity readiness as either good or excellent, saying they feel they have the right tools, processes and policies in place.
(Well, OK the survey also found 9 percent of the respondents were unsure if there even were cyberthreats that affected their agency).
Perhaps of most interest, though, was what kinds of threats they considered the most serious. Insider threats, which until relatively recently were seen as the greatest, have fallen behind those from “external hacking,” even in the age of Wikileaks and Edward Snowden.
In fact, of the six top threats, insiders come in fifth, behind external hacking, malware, social engineering and SPAM, and just ahead of distributed denial of service.
Where do the bad guys come out in all of this? It’s no secret they’ve become much more sophisticated in their ability to get on the inside of networks, but a report from the RAND Corp., Markets for Cybercrime Tools and Stolen Data, shows also just how professionalized and extensive their ability has become.
The black and gray markets for hacking tools and services, and for the ill-gotten gains they produce, are expanding and growing in complexity, the RAND report said. What was once a varied landscape of discrete, ad hoc networks of individuals motivated by little more than ego and notoriety, it said, “has emerged as a playground of financially driven, highly organized, and sophisticated groups.”
Adding to the complexity for government defenders are the rapidly emerging and highly secretive markets for zero-day vulnerabilities, RAND said, which are available in both licit and illicit markets.
The potential impact of these market-driven tools was seen in the 2013 attack on Target stores, which were confirmed earlier this year. The malware used for that was a tailored version of the “BlackPOS” malware, which according to writer Brian Krebs was available on the black market for the low, low price of $1,800 to $2,300.
Of course, Target seems to have screwed up in so many ways in its own security. A reportfrom the Senate Committee on Commerce, Science and Transportation lays it out in excruciating detail.
Nevertheless, it all makes a point. The business of creating malware and other tools to attack US networks and infrastructure now really is a business, with all of the profit-based energy and innovation that brings with it. Add the even more focused abilities of nation states, and the threat industry is vibrant.
Hagel and others are confident that government has the ability to withstand it. Are they right?
