• Save
Heart Bleed Bug Webcast part2 - SANS Institute for IT Security
Upcoming SlideShare
Loading in...5
×
 

Heart Bleed Bug Webcast part2 - SANS Institute for IT Security

on

  • 706 views

Heart Bleed Bug Webcast part2 - SANS Institute for IT Security

Heart Bleed Bug Webcast part2 - SANS Institute for IT Security

Statistics

Views

Total Views
706
Views on SlideShare
705
Embed Views
1

Actions

Likes
0
Downloads
0
Comments
0

1 Embed 1

http://www.linkedin.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Heart Bleed Bug Webcast part2 - SANS Institute for IT Security Heart Bleed Bug Webcast part2 - SANS Institute for IT Security Presentation Transcript

    • Brought to you by SANS Live Online Training www.sans.org/vlive www.sans.org/simulcast Welcome to OpenSSL "Heartbleed" Vulnerability Session 2 Live Online Classrooms Attend a Live SANS Event from Home
    • HeartBleed – Round 3 © 2014 SANS HeartBleed – what you need to know (round 3) James Lyne Johannes Ullrich Jake Williams
    • HeartBleed – Round 3 © 2014 SANS Should you swap certificates/keys? • Can someone mess up my server? • Can someone mess up my desktop? • Can someone mess up my customers?
    • HeartBleed – Round 3 © 2014 SANS Threat • Memory leak could reveal secret key • Possible, but typically the secret key is only in the right spot after reboot • Later on, still possible but not likely • Replacing keys can be a lot of work (cost?)
    • HeartBleed – Round 3 © 2014 SANS Mitigating Factors • You patched fast: – You MAY be ok if you patched on the 7th. – You are NOT ok if you patched on the 9th • You got DLP: – Is it working? – Does it look on port 443? • You got full packet captures going back 2 years
    • HeartBleed – Round 3 © 2014 SANS Checking Sites With LastPass • LastPass link checker: – https://lastpass.com/heartbleed/
    • HeartBleed – Round 3 © 2014 SANS Vulnerable Android Versions • The only versions of Android that may have been impacted are 4.1.0 and 4.1.1 – Some reports indicate that only 4.1.1 is vulnerable • Unfortunately, more than 1/3 of all Androids run a 4.1.x version
    • HeartBleed – Round 3 © 2014 SANS Android Versions
    • HeartBleed – Round 3 © 2014 SANS Android Versions (2) • From the Google site, these are the Nexus builds that show 4.1.1 as the latest 4.1 version available
    • HeartBleed – Round 3 © 2014 SANS Back to the bug • if (1 + 2 + payload + 16 > s->s3- >rrec.length) • That’s a relatively easy find compared to many. This should have been seen. • What happens next time with a bigger change than a heartbeat extension of the protocol? • Others will now be sifting the code with great interest
    • HeartBleed – Round 3 © 2014 SANS Why Do Bad Things Happen? • Of course, no 100% in security • OpenSSL = Critical Infrastructure (really) • But Neel Mehta shouldn’t have been first here – (though thank you ) • Perception of OSS – Open = Secure. • Reality – <1M$ budget – $841 donations this week – Yet depended on heavily.
    • HeartBleed – Round 3 © 2014 SANS http://www.openssl.org/support/donations.html
    • HeartBleed – Round 3 © 2014 SANS Open Discussion • Time for open discussion – FLASH: Should I revoke my certificate? – Ullrich – OSS vs. closed source – Contributions to open source
    • HeartBleed – Round 3 © 2014 SANS Questions? James Lyne (@JamesLyne), Johannes Ulrich (@sans_isc), Jake Williams (@MalwareJake)