Your SlideShare is downloading. ×
Heart Bleed Bug Webcast part2 - SANS Institute for IT Security
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Heart Bleed Bug Webcast part2 - SANS Institute for IT Security

758

Published on

Heart Bleed Bug Webcast part2 - SANS Institute for IT Security

Heart Bleed Bug Webcast part2 - SANS Institute for IT Security

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
758
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Brought to you by SANS Live Online Training www.sans.org/vlive www.sans.org/simulcast Welcome to OpenSSL "Heartbleed" Vulnerability Session 2 Live Online Classrooms Attend a Live SANS Event from Home
  • 2. HeartBleed – Round 3 © 2014 SANS HeartBleed – what you need to know (round 3) James Lyne Johannes Ullrich Jake Williams
  • 3. HeartBleed – Round 3 © 2014 SANS Should you swap certificates/keys? • Can someone mess up my server? • Can someone mess up my desktop? • Can someone mess up my customers?
  • 4. HeartBleed – Round 3 © 2014 SANS Threat • Memory leak could reveal secret key • Possible, but typically the secret key is only in the right spot after reboot • Later on, still possible but not likely • Replacing keys can be a lot of work (cost?)
  • 5. HeartBleed – Round 3 © 2014 SANS Mitigating Factors • You patched fast: – You MAY be ok if you patched on the 7th. – You are NOT ok if you patched on the 9th • You got DLP: – Is it working? – Does it look on port 443? • You got full packet captures going back 2 years
  • 6. HeartBleed – Round 3 © 2014 SANS Checking Sites With LastPass • LastPass link checker: – https://lastpass.com/heartbleed/
  • 7. HeartBleed – Round 3 © 2014 SANS Vulnerable Android Versions • The only versions of Android that may have been impacted are 4.1.0 and 4.1.1 – Some reports indicate that only 4.1.1 is vulnerable • Unfortunately, more than 1/3 of all Androids run a 4.1.x version
  • 8. HeartBleed – Round 3 © 2014 SANS Android Versions
  • 9. HeartBleed – Round 3 © 2014 SANS Android Versions (2) • From the Google site, these are the Nexus builds that show 4.1.1 as the latest 4.1 version available
  • 10. HeartBleed – Round 3 © 2014 SANS Back to the bug • if (1 + 2 + payload + 16 > s->s3- >rrec.length) • That’s a relatively easy find compared to many. This should have been seen. • What happens next time with a bigger change than a heartbeat extension of the protocol? • Others will now be sifting the code with great interest
  • 11. HeartBleed – Round 3 © 2014 SANS Why Do Bad Things Happen? • Of course, no 100% in security • OpenSSL = Critical Infrastructure (really) • But Neel Mehta shouldn’t have been first here – (though thank you ) • Perception of OSS – Open = Secure. • Reality – <1M$ budget – $841 donations this week – Yet depended on heavily.
  • 12. HeartBleed – Round 3 © 2014 SANS http://www.openssl.org/support/donations.html
  • 13. HeartBleed – Round 3 © 2014 SANS Open Discussion • Time for open discussion – FLASH: Should I revoke my certificate? – Ullrich – OSS vs. closed source – Contributions to open source
  • 14. HeartBleed – Round 3 © 2014 SANS Questions? James Lyne (@JamesLyne), Johannes Ulrich (@sans_isc), Jake Williams (@MalwareJake)

×