Heartbleed: a serious security bug. What should I be doing?

Google the name “Heartbleed.” To sum up, it’s a security bug in OpenSSL that allows all kins of shenanigans, including the harvesting of names/passwords and the impersonation of sites.

What exactly can and should I do? I have dozens upon dozens of passwords all across the Internet. How do I know when I should change them, if at all?

Lifehacker has a good article on the subject. I’m on mobile so it’s hard to link right now.

Here you go.

Stack Exchange almost addresses this, but not particularly usefully right now.

I don’t think there’s anything anyone not a server admin can, or has to, do. Those can patch etc., and keep their fingers crossed their machines weren’t compromised. But even if I thought there was anything to panic about, it seems to have been open for 2 years without much happening. If CloudFlare hadn’t announced it early the patches would be soon ready and it would be merely of historical interest such as the bugs of yesteryear.

I read the article. So what am I supposed to assume — that if a site doesn’t tell me, I don’t necessarily need to change the password (same with “not connecting with vulnerable sites” — I see the link to the tool, but it says it doesn’t say anything about past vulnerability, and trying it just tells me it can’t connect to the site)? Like I said, I have at least 40 passwords all over the Internet (mostly for job sites). Changing them all is an all-night thing.

Keep your OS up to date and cross your fingers that your bank will too. I imagine Windows and most Linux distros will release OpenSSL updates soon. Servers don’t usually get updated as often for stability reasons, so if you’re really worried, you can pester Amazon and other websites who have your CC info to patch their software. Though if they really don’t update their software that often, they might still be on an older version of OpenSSL that doesn’t have the bug.

The bug can give a would be attacker access to pieces of RAM content from any machine using a buggy OpenSSL version (and there are many). So for the truly paranoid anything that touched random memory is compromised. For the more reasonably cautious, it would be enough to change only some high value passwords. There are no known exploits in the wild.

What you should do is update OpenSSL to a non buggy version, and anything that links statically with it. And hope the servers you use do the same.

The LastPass Heartbleed tool https://lastpass.com/heartbleed/ detects when the SSL certificate on any given site was reissued. Anyone who has done it very recently was probably vulnerable, and you can safely change the password. There’s no point changing it on any site that still shows are vulnerable.

Yahoo.com was still showing as vulnerable 5 hours ago, and I note that boards.straightdope.com reissued at Apr 8 18:22:02 2014 GMT

Indeed. Eight hours later, and no doubt earlier if I hadn’t just woken up, OpenSuse Yast has OpenSSL update, and a related gnutls update.

If it of value to you then change the password.

What about phone OSes? I have a Nexus phone that I keep up to date with CyanogenMod, so I’m not too worried. But I imagine most people have older phones with carrier installed OSes that they either can’t or won’t update.

Is there a list of OS versions affected? And do all those people need to avoid HTTPS sites entirely until they get a new phone?

  1. Update any server you run that has openssl to a non-vulnerable version.
  2. If no update is available, recompile openssl with the -DOPENSSL_NO_HEARTBEATS flag.
  3. Revoke any certificates you had on those servers, regenerate the private keys, re-create the CSRs, and get new certificates.

No Fedora yum update yet. My Fedora box has 1.0.1e.

Hmm, perhaps not

I’m having trouble understanding how this could be part of the bug. Does anyone know the details? Does a client say ‘give me data between addresses X and Y’?

The exploit uses the heartbeat function - basically checking that the server is still there to keep the connection. Normally the client just gets back a few bytes “Hi, I’m here!”, but a malicious client can exploit a vulnerability (due to a missed check) where effectively an additional (almost) 64kB of whatever is nearby in memory is returned.
The gory details are here: http://blog.existentialize.com/diagnosis-of-the-openssl-heartbleed-bug.html

As I understand it, the bug is that you can ask the server (or client) to send you X bytes of data in a message, but trick it into allocating a message that is much smaller than that. This means that you get whatever happens to be in memory right after your message.

The really nasty thing is that you can repeat this indefinitely and get a different piece of memory each time, so statistically your chances of getting something really important are extremely high given enough attempts.

This.

It’s very very unlikely you’ll capture a private key.

In one random attempt.

But throw enough darts at the dartboard, and eventually one will stick in the bullseye.

I’d like to hear more about this “effectively random” block of memory. If an attacker exploited this twice in a row on the same server, would they get back the same block of memory both times? If so, then it’s a very minor problem, since you’d only get something like a millionth of the total memory content, and any given piece of sensitive information would be very unlikely to be in that block. On the other hand, if it’s a different “random” block each time, or worse, systematically proceeds through all of the memory in the target machine, then an attacker can get a much larger amount of information.

EDIT: Never mind, Rysto ninjaed me.

Our computer centre just sent around a notice that they would be repairing the bug and let us know when it is done and then we should change our passwords, but there was no point in changing it until the fix was finished.