• Save
Heart Bleed Bug Webcast part2 - SANS Institute for IT Security
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

Heart Bleed Bug Webcast part2 - SANS Institute for IT Security

  • 1,006 views
Uploaded on

Heart Bleed Bug Webcast part2 - SANS Institute for IT Security

Heart Bleed Bug Webcast part2 - SANS Institute for IT Security

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
1,006
On Slideshare
1,005
From Embeds
1
Number of Embeds
1

Actions

Shares
Downloads
0
Comments
0
Likes
1

Embeds 1

http://www.linkedin.com 1

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Brought to you by SANS Live Online Training www.sans.org/vlive www.sans.org/simulcast Welcome to OpenSSL "Heartbleed" Vulnerability Session 2 Live Online Classrooms Attend a Live SANS Event from Home
  • 2. HeartBleed – Round 3 © 2014 SANS HeartBleed – what you need to know (round 3) James Lyne Johannes Ullrich Jake Williams
  • 3. HeartBleed – Round 3 © 2014 SANS Should you swap certificates/keys? • Can someone mess up my server? • Can someone mess up my desktop? • Can someone mess up my customers?
  • 4. HeartBleed – Round 3 © 2014 SANS Threat • Memory leak could reveal secret key • Possible, but typically the secret key is only in the right spot after reboot • Later on, still possible but not likely • Replacing keys can be a lot of work (cost?)
  • 5. HeartBleed – Round 3 © 2014 SANS Mitigating Factors • You patched fast: – You MAY be ok if you patched on the 7th. – You are NOT ok if you patched on the 9th • You got DLP: – Is it working? – Does it look on port 443? • You got full packet captures going back 2 years
  • 6. HeartBleed – Round 3 © 2014 SANS Checking Sites With LastPass • LastPass link checker: – https://lastpass.com/heartbleed/
  • 7. HeartBleed – Round 3 © 2014 SANS Vulnerable Android Versions • The only versions of Android that may have been impacted are 4.1.0 and 4.1.1 – Some reports indicate that only 4.1.1 is vulnerable • Unfortunately, more than 1/3 of all Androids run a 4.1.x version
  • 8. HeartBleed – Round 3 © 2014 SANS Android Versions
  • 9. HeartBleed – Round 3 © 2014 SANS Android Versions (2) • From the Google site, these are the Nexus builds that show 4.1.1 as the latest 4.1 version available
  • 10. HeartBleed – Round 3 © 2014 SANS Back to the bug • if (1 + 2 + payload + 16 > s->s3- >rrec.length) • That’s a relatively easy find compared to many. This should have been seen. • What happens next time with a bigger change than a heartbeat extension of the protocol? • Others will now be sifting the code with great interest
  • 11. HeartBleed – Round 3 © 2014 SANS Why Do Bad Things Happen? • Of course, no 100% in security • OpenSSL = Critical Infrastructure (really) • But Neel Mehta shouldn’t have been first here – (though thank you ) • Perception of OSS – Open = Secure. • Reality – <1M$ budget – $841 donations this week – Yet depended on heavily.
  • 12. HeartBleed – Round 3 © 2014 SANS http://www.openssl.org/support/donations.html
  • 13. HeartBleed – Round 3 © 2014 SANS Open Discussion • Time for open discussion – FLASH: Should I revoke my certificate? – Ullrich – OSS vs. closed source – Contributions to open source
  • 14. HeartBleed – Round 3 © 2014 SANS Questions? James Lyne (@JamesLyne), Johannes Ulrich (@sans_isc), Jake Williams (@MalwareJake)