SSL/TLS COMPROMISED HOW TO FIX OPEN SOURCE OPENSSL HEARTBLEED BUG

Recently a bug was found in the popular cryptographic software library Openssl

This information was gotten from the official documentation on Heartbleed.com

The Heartbleed Bug

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

What leaks in practice?

We have tested some of our own services from attacker's perspective. We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication.

How to stop the leak?

As long as the vulnerable version of OpenSSL is in use it can be abused. Fixed OpenSSL has been released and now it has to be deployed. Operating system vendors and distribution, appliance vendors, independent software vendors have to adopt the fix and notify their users. Service providers and users have to install the fix as it becomes available for the operating systems, networked appliances and software they use.

---

Q&A

What is the CVE-2014-0160?

CVE-2014-0160 is the official reference to this bug. CVE (Common Vulnerabilities and Exposures) is the Standard for Information Security Vulnerability Names maintained by MITRE. Due to co-incident discovery a duplicate CVE, CVE-2014-0346, which was assigned to us, should not be used, since others independently went public with the CVE-2014-0160 identifier.

To test if your server is affected by the bug Run Test here, or visit the repo, to be aware

Why it is called the Heartbleed Bug?

Bug is in the OpenSSL's implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520). When it is exploited it leads to the leak of memory contents from the server to the client and from the client to the server.

What makes the Heartbleed Bug unique?

Bugs in single software or library come and go and are fixed by new versions. However this bug has left large amount of private keys and other secrets exposed to the Internet. Considering the long exposure, ease of exploitation and attacks leaving no trace this exposure should be taken seriously.

Is this a design flaw in SSL/TLS protocol specification?

No. This is implementation problem, i.e. programming mistake in popular OpenSSL library that provides cryptographic services such as SSL/TLS to the applications and services.

What is being leaked?

Encryption is used to protect secrets that may harm your privacy or security if they leak. In order to coordinate recovery from this bug we have classified the compromised secrets to four categories: 1) primary key material, 2) secondary key material and 3) protected content and 4) collateral.

What is leaked primary key material and how to recover?

These are the crown jewels, the encryption keys themselves. Leaked secret keys allows the attacker to decrypt any past and future traffic to the protected services and to impersonate the service at will. Any protection given by the encryption and the signatures in the X.509 certificates can be bypassed. Recovery from this leak requires patching the vulnerability, revocation of the compromised keys and reissuing and redistributing new keys. Even doing all this will still leave any traffic intercepted by the attacker in the past still vulnerable to decryption. All this has to be done by the owners of the services.

What is leaked secondary key material and how to recover?

These are for example the user credentials (user names and passwords) used in the vulnerable services. Recovery from this leaks requires owners of the service first to restore trust to the service according to steps described above. After this users can start changing their passwords and possible encryption keys according to the instructions from the owners of the services that have been compromised. All session keys and session cookies should be invalided and considered compromised.

What is leaked protected content and how to recover?

This is the actual content handled by the vulnerable services. It may be personal or financial details, private communication such as emails or instant messages, documents or anything seen worth protecting by encryption. Only owners of the services will be able to estimate the likelihood what has been leaked and they should notify their users accordingly. Most important thing is to restore trust to the primary and secondary key material as described above. Only this enables safe use of the compromised services in the future.

What is leaked collateral and how to recover?

Leaked collateral are other details that have been exposed to the attacker in the leaked memory content. These may contain technical details such as memory addresses and security measures such as canaries used to protect against overflow attacks. These have only contemporary value and will lose their value to the attacker when OpenSSL has been upgraded to a fixed version.

Recovery sounds laborious, is there a short cut?

After seeing what we saw by "attacking" ourselves, with ease, we decided to take this very seriously. We have gone laboriously through patching our own critical services and are in progress of dealing with possible compromise of our primary and secondary key material. All this just in case we were not first ones to discover this and this could have been exploited in the wild already.

How revocation and reissuing of certificates works in practice?

If you are a service provider you have signed your certificates with a Certificate Authority (CA). You need to check your CA how compromised keys can be revoked and new certificate reissued for the new keys. Some CAs do this for free, some may take a fee.

visit heartbleed for more information

Read More

THE BEST HACKING BOOKS YOU MUST READ TO BECOME A HACKER

Hacking is considered to be a two-way tool wherein a computer system is penetrated either to make it more secure or to create mischief. Ethical hacking is defined as making use of programming skills, so as to penetrate a computer system, and determine its vulnerabilities. The ethical hackers are skilled computer experts, often called as the “white hats”. As against non-ethical hackers or “black hats” that penetrate into a computer system and exploit it for their own personal gains or mischief, the “white hats” evaluate and point out the vulnerabilities of system software, and suggest system changes to make it less penetrable.
With an increase in the use of Internet, concerns regarding its security have also grown manifold. This is particularly true in the case of highly confidential data. There have been past instances where the sites owned by even the most influential organizations have been hacked. This calls for designing systems which are impenetrable or an identification of the weaknesses of an existing system. Due to this reason, there is now a high demand for computer experts who can conduct ethical hacking operations.
Most of the organizations seek to acquire ethical hacking services from full-time employees or consultants so as to ensure security of their systems and information, thus making ethical hacking a highly lucrative profession.
Some of the best how to hack books that an aspiring ethical hacker must read are:

Hacking: The Art of Exploitation, 2nd Edition

This is one of the best books which will take you through the technicalities of areas like programming, shell code and exploitation. Regardless of whether you are a beginner or have very little hacking knowledge, this book will help you understand the complexities of the digital security tasks.
This excellent and well written book will make you learn all the clever stuff of getting access to a system. All in all, the best book to buy.

The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy (Syngress Basics Series)

The best thing about this book is that it covers all the basics of penetration testing and hacking, without assuming that the reader has any prior hacking knowledge. It provides a step-by-step journey of penetration testing, moving from Information Gathering to Scanning, Exploitation and finally, Report Writing.
Instead of dealing with individual concepts in-depth, this book will provide you with a wholesome picture of hacking.

Metasploit: The Penetration Tester's Guide

This book deals with Penetration Testing by making use of the open source Metasploit Framework testing. It is suitable for readers who have no prior knowledge of Metasploit. The tutorial-like style of the book makes you learn things by doing them.
The ending of the book provides you with an actual penetration test’s simulated version so as to provide you with a realistic experience.

BackTrack 5 Wireless Penetration Testing Beginner's Guide

Right from the beginning, this book gives you what you need, without wasting time in unnecessary justifications. Instead of explaining only theoretical concepts, the book consists of finely tuned and crystal clear tutorials. It provides a good mix of basics and high level knowledge and works cohesively with the reader.

CEH Certified Ethical Hacker All-in-One Exam Guide

This is undoubtedly one of the most well written books of all times. It provides crisp and clear writing with relevant examples along with a humorous touch to enliven the dry and mundane subject. The contents of the book are well organized in a neither too chatty nor too dry manner. However, you require some basic networking background to derive full benefits from this book.

CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide

This certification book is easy to read, straightforward and explains some of the complex topics in an excellent manner. All you need to do in order to pass the test is to read the book and do the practice exercises.
In addition to this, the “remember this sections” and the content headers highlight all the key topics that one must pay attention to. So, if you wish to straightaway get down to the study material without wasting time on esoteric gibberish, this is the book for you.

Although, hacking may sound like an interesting area of study, when it comes to the application of the various concepts of penetration testing, it is easier said than done. In addition to having an educational background in the field of computer science, the hackers must have an affinity to learning and acquiring new skills on an ongoing basis. Also, the ethical hackers must possess out-of-the box thinking so that they are able to come with maximum number of possible ways of designing and securing a computer system.

Read More

FREE CPANEL HOSTING AND FREE DOMAIN SERVICES

If you wish to have a professional shared hosting quality in a free hosting package, come and host with 000webhost.com and experience the best service you can get absolutely free. Founded in December 2006, 000webhost.com has a trusted free hosting members base of over 60,000 members and still counting! Offering professional quality hosting, support, uptime and reliability, we have a great community of webmasters, you'd love to be a part of! Register now and get it all free: *** 1500 MB of disk space *** 100 GB of data transfer *** PHP and MySQL support with no restrictions *** cPanel control panel *** Website Builder *** Absolutely no advertising! Join us now: http://www.000webhost.com

Read More