December 18, 2014

NSA denies it knew about Heartbleed, says it is in the national interest for it to disclose vulnerabilities

odniIt looks like the ramifications of the Heartbleed bug in OpenSSL will be felt for quite a while to come. While security analysts are asking if the NSA had prior knowledge of the bug, cyber criminals are at work stealing data from sites which haven’t patched their servers and changed their SSL certificates. The Canadian Revenue Agency has said that the Heartbleed bug was the reason why an attacker was able to steal 900 social insurance numbers, and British parenting website Mumsnet said that username and password data used to authenticate users during log in was accessed before the site was able to patch its servers.

As for the NSA, the Director of National Intelligence has issued a statement saying that the NSA was not aware of the Heartbleed vulnerability until it was made public. The statement went on to say that the Federal government relies on OpenSSL the same as everyone else to protect the privacy of users of government websites and other online services.

However, what is even more important is that the statement categorically says that had the NSA, or any other of the agencies and organizations which make up the U.S. intelligence community, found the bug they would have reported it to the OpenSSL project.

“If the Federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community responsible for OpenSSL,” said the statement issued by the ODNI Public Affairs Office. The statement also said that when Federal agencies discover a new vulnerability “it is in the national interest to responsibly disclose the vulnerability rather than to hold it for an investigative or intelligence purpose.”

The Office of the Director of National Intelligence also said that in response to the President’s Review Group on Intelligence and Communications Technologies report that it had reinvigorated an interagency process for deciding when to share vulnerabilities.  According to the report, “The US Government should take additional steps to promote security, by (1) fully supporting and not undermining efforts to create encryption standards; (2) making clear that it will not in any way subvert, undermine, weaken, or make vulnerable generally available commercial encryption; and (3) supporting efforts to encourage the greater use of  encryption technology for data in transit, at rest, in the cloud, and in storage.” Such a statement is important following the accusations that the NSA tried (and succeeded) in weakening certain encryption standards.

The report also says that, “US policy should generally move to ensure that Zero Days are quickly blocked, so that the underlying vulnerabilities are patched on US Government and other networks. In  rare instances, US policy may briefly authorize using a Zero Day for high priority intelligence collection, following senior, interagency review involving all appropriate departments.”

This “rare” use of zero-day vulnerabilities was reiterated by the ODIN statement. “Unless there is a clear national security or law enforcement need, this process is biased toward responsibly disclosing such vulnerabilities.”

Heartbleed bug exposes OpenSSL’s secrets, patches available

heartbleedA serious security bug has been found in the ubiquitous OpenSSL encryption library that allows data to be stolen in its unencrypted form. According to the heartbleed.com website, which was set up expressly to inform system admins about the potential dangers, the Heartbleed bug can be exploited from the Internet and it allows an attacker to read up to 64k of the server’s memory at one time. By reading the memory an attacker can gain access to “the secret keys used to identify the service providers and to encrypt the traffic” along with “the names and passwords of the users and the actual content.” It means that attackers can eavesdrop communications that should have been otherwise encrypted.

A patched version of OpenSSL has already been published. According to the release notes, “a missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory” on a connected client or server. The OpenSSL project publicly thanked Neel Mehta of Google Security for discovering this bug and Adam Langley with Bodo Moeller for preparing the fix. It is recommended that all OpenSSL 1.0.1 users should upgrade to OpenSSL 1.0.1g. Those unable to immediately upgrade should recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS. OpenSSL 1.0.0 and OpenSSL 0.9.8 are not vulnerable.

Heartbleed isn’t a design flaw in the SSL/TLS protocol specification but rather a bug in OpenSSL’s implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520).

Because the bug can expose the keys used for encrypting the connection, attackers are able to decrypt any past and future traffic to the encrypted connection since the primary keys have been exposed. Unfortunately to remedy the problem, not only does the server require patching but all the compromised keys need to be revoked and new keys reissued. It also means that users who have used an encrypted service (say a web mail service, online shopping or cloud service) will need to change their passwords as potentially the connection used to log in was not secure.

One very worrying aspect of this bug is not only the widespread use of OpenSSL, but also that the first vulnerable version was published two years ago. If this bug has been previously found (but not disclosed) by cyber criminals or government run security agencies then the last two years worth of encrypted traffic should be deemed as exposed. Even if it wasn’t found but the traffic was recorded then there are probably lots of state level agencies working right now to siphon off keys from around the net before things are revoked and changed.