Last week, a new security hole was discovered that made more than 66% of the websites active on the Internet vulnerable in terms of security. It is even said that this bug existed on NSA servers for 2 years and no one knew about it. The HeartBleed bug is a security weakness in the OpenSSL service that allows the theft of protected information easily, and it is simply not possible to prevent this security hole even by IDS/IPS firewalls without advanced settings.

What is SSL?

Heart Bleed at a glance: The term SSL (Secure Socket Layer) is the name of an encryption protocol. SSL-based sites can be recognized by the term https instead of http at the beginning of the address that is written in the address bar of the browser. The https prefix indicates It means that the site has communicated with your browser through a secure and encrypted connection. The SSL protocol actually ensures that no one can listen to your communication when you are doing banking, online shopping or any other work. Slow

What is OpenSSL?

OpenSSL is an open source implementation of the same SSL protocol as well as the TLS (Transport Security Layer) protocol. Many reputable sites and services around the world use OpenSSL, and the default library of Apache and nginx web servers for data encryption is this software. According to Netcraft statistics, in April this year, about two-thirds of all active sites in the world are configured to be compatible with OpenSSL. It means that OpenSSL has spread its umbrella over more than half of the Internet climate and it is obvious that in case of a security flaw, the range of damages will be equally wide!

Bug in openssl

This bug has been detected in OpenSSL and attackers can use it to read information from the web server. The purpose of the Heartbeat extension was to keep the communication channel between the browser and the web server secure without requiring security protocols to repeat the same process over and over again. This bug has been detected in OpenSSL and attackers can use it to read information from the web server.

HeartBleed extension

The purpose of the HeartBleed extension was to keep the communication channel between the browser and the web server secure without requiring security protocols to repeat the same process over and over again. But the bug in it made the attackers request data from the web server’s memory; Data that includes SSL encryption keys, user passwords and other important information. According to HeartBleed.com, a website launched by Codenomicon researchers, the HeartBleed bug allows anyone on the Internet to read the memory of systems protected by vulnerable versions of OpenSSL.

This puts the security keys needed for server identification and traffic encryption as well as user passwords and their content at risk.

In this way, attackers can tamper with traded data, steal them directly from services and users, and replace themselves with services and users.

How HeartBreed works

This vulnerability allows hackers to steal information encrypted by SSL/TLS, which can lead to sensitive information such as website passwords, emails, instant messages (IM) and even information transmitted over Some virtual private networks (VPN) can be discovered. As long as the vulnerable version of OpenSSL is installed on the server, this hole can be the source of theft of information being exchanged with the server. By using this security hole, a session can be created between the server and the client and the contents of the RAM memory can be extracted, which makes it possible to discover information such as encrypted keys.

HeartBleed and ways to deal with it

SMTP, FTP, HTTP service

It can be done by tracking the information of a person who is connected to a vulnerable site through the https service; He discovered all the information exchanged such as his username and password. The noteworthy point is that this security hole attacks the service from the side of the TLS protocol; It can endanger the security of services such as HTTP, FTP, SMTP. It should be noted that the bleeding heart was independently discovered by a team of security engineers (Riku, Antti & Matti) from Codenomicon and Neel Mehta from Google’s security team, who first reported it to the OpenSSL team; It was discovered, but it was probably misused in many cases before it became public.

CentOS, Debian, Ubuntu and most Linux distributions and OpenSSL itself quickly provided a new security patch that you will be safe from this security problem by updating the operating system. But if you are a member of the following sites, you need to change your password as soon as possible to avoid possible problems:

Yahoo Yahoo.com

Google Google.com

Facebook Facebook.com

Twitter

Gmail gmail.com

Stackoverflow Stackoverflow.com

Virtual Box Virtualbox.org

Dropbox Dropbox.com

Of course, before changing the password, you must be sure that the problem has already been resolved by the website in question.

Versions of the OpenSSL service whose vulnerability has been investigated: • OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable • OpenSSL 1.0.1g is NOT vulnerable • OpenSSL 1.0.0 branch is NOT vulnerable • OpenSSL 0.9. 8 branch is NOT vulnerable

Vulnerable Linux distributions

Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4

Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11

CentOS 6.5, OpenSSL 1.0.1e-15

Fedora 18, OpenSSL 1.0.1e-4

OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) and 5.4 (OpenSSL 1.0.1c 10 May 2012)

FreeBSD 10.0 – OpenSSL 1.0.1e 11 Feb 2013

NetBSD 5.0.2 (OpenSSL 1.0.1e)

OpenSUSE 12.2 (OpenSSL 1.0.1c)

Main times to repair OpenSSL

1- Patching OpenSSL

2- Regeneration of all SSL licenses

3- Changing passwords

Is my site vulnerable to this security hole?

To find out whether your website is facing this security problem or not, you can enter your website address and evaluate its vulnerability by visiting the following website: http://filippo. io/Heartbleed

Dealing with the bleeding heart security bug

If there is this security hole on the server, you can execute the following instructions:

Update the operating system

For CentOS services, use the following command.

# yum update

And for Ubuntu services, you can update the operating system from the command below.

# apt-get update

# apt-get upgrade

After updating the operating system, it is better to reboot the server once. It is also recommended to change the server password and reissue the SSL certificate for more confidence. By doing these things; The vulnerability of the server against the heartbleed security hole will be removed, and to ensure the correctness of the operation, it is suggested to re-evaluate the status of your website via http://filippo.io/Heartbleed.

Blog

    Leave a Reply

    Your email address will not be published. Required fields are marked *