The Heartbleed vulnerability (or why you should change your Vivaldi.net password)

A few days ago a group of researchers revealed that they had discovered a serious vulnerability in OpenSSL 1.0.1, an implementation of the Transport Layer Security protocol (TLS, or SSL) which they called «Heartbleed«.

This vulnerability is very serious and will take its place among other serious TLS-related vulnerabilities of the past few years, such as the Renego problem, BEAST, CRIME and others, and is probably even more severe than any of them, particularly since this problem does not require working with a complex setup through the user’s browser, and the scope of the attack affect all users, not specific users. Some, like Bruce Schneier, are using the word «catastrophic» and this label may actually be warranted in this case.

Heartbleed’s severity is due to the fact that an attacker, exploiting a problem in OpenSSL’s implementation of a TLS protocol feature called the Heartbeat extension, developed as a lightweight way to check if a secure server is still alive, can get 64 KB of raw memory from the vulnerable server. This memory can contain passwords, or other sensitive user data, but worst of all: it can contain the private encryption keys used to secure all transactions with the server, meaning that an attacker can pretend to be the site and perform a Man In the Middle attack against the site and its users. The problem have been present in OpenSSL for two years, and there is no way to know if it have previously been discovered and used by others.

Consequences

There have been a lot of writing in various news sites about this issue, and while some have moderated their stories after a while, many still have some exaggerations as well as some very bad advice mixed with good advice.

First of all, this issue does not affect 65-70% of all websites, 17% is probably more accurate. It is accurate that about 65-70% of web sites use OpenSSL, but most are still using older versions that are not vulnerable to this issue. Netcraft estimates the number of affected servers at 17%. This sounds reasonable, as my own scans indicates that 23% of TLS servers that I have scanned
support TLS 1.2, not all of which are using OpenSSL, which was also added in the vulnerable versions of OpenSSL.

As the vulnerability also may have exposed user’s passwords, a number of articles recommends changing passwords, in part prompted by statements from computer security experts and government agencies, some of them saying something like «Change all your passwords RIGHT NOW!!!». Unfortunately, if you do so without doing a couple of checks first, that could be almost the worst thing you can do. Why? This is why: if the website has not been updated and secured before you change the password, then you might just be handing the attackers your new password on a silver platter. Before changing your password, make sure, by asking them, that the site have secured its servers. Otherwise, you may have changed one unsecure password for another one, and will have to repeat the process when the site have been secured.

Also, please note that some websites may send emails about this issue, and that scammers are sure to follow up with phishing email  using Hearthbleed password updates as the bait. Never click on links in such emails! Use your normal URL for accessing the site, verify that the site has been secured (by asking), then change the password using the standard methods for doing that, in the account preferences.

What about Vivaldi.net?

Like many sites with a modern Linux based server park, Vivaldi.net was using one of the vulnerable versions of OpenSSL, as was our distribution service, CloudFlare.

To fix the problem on our servers, we did not just have to upgrade the servers to use the patched version, we also had to create new private encryption keys for our servers and obtain new SSL/TLS certificates for them, and revoke the old certificates. Our servers are now secure against this problem.

We, and all other web sites affected by the problem, have to go that far, since the vulnerability may have exposed our private keys, which means they cannot be trusted anymore.

However, be aware there may be a couple of side effects for clients due to the changed certificates. When we changed the certificates we also upgraded them to being signed by the more secure SHA-256 method. This also means that the certificates are signed by a new intermediate certificate, but the web and email servers are sending this certificate, but it appears that some clients have problems, either with the certificates or by not understanding SHA-256. In such cases an upgrade of the client may be necessary.

Unfortunately, the process of recovering from this vulnerability is not over yet. Now it is your turn.

We do not know, and probably will never know, whether or not somebody attacked our servers using this vulnerability before we were able to patch the servers and replace the certificates. If they did, then the passwords of all our users may have been compromised, and this means that you should change your password for Vivaldi.net as soon as possible.

7 thoughts on “The Heartbleed vulnerability (or why you should change your Vivaldi.net password)”

  1. Many thanks for the informative and balanced info.

    For more info on this I found the following Mashable article (http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/) and this Naked Security article (http://nakedsecurity.sophos.com/2014/04/10/heartbleed-heartache-should-you-really-change-all-your-passwords-right-away/) also have great advice.
    They agree that it is best not to change anything until one knows ones services are secure.

    As a good friend once said «Don’t Panic».

  2. Thank you Yngve.

    Some questions:

    How high would the risk have been — afaik it is not very probably the there are ultra sensitive sensitive data in the 64kB, ok, may be the one or other TLS sessioncookie, but chances that the attacker gets hold of the private key is not very high, or do I err?

    Just musing:
    The vivaldi page is somewhat «hidden» behind the cloudflare network and cloudflare patched about a week before the message went really public — so would it have been possible to steal some kind of credentials from the vivaldi server at all after they updated?

    (Yes, I know that the security hole exists for 2 years now, so I consider almost all of my passwords as burned.)

  3. QuHno: The attacker can repeat the procedure as many times as he wants to, and the memory buffer will likely contain old data from other connections, so it is very likely that decrypted form data is present, including passwords when you log in. (An issue with current web login mechanisms is that they all send the password in the clear, more secure HTTP authentication methods aren’t used «because we [the web site] cannot style it [the browser dialog] to look like our web site should look».

    In a number of situations the buffer might contain the private key, and an attack during such periods would be able to retrieve that information.

    Cloudflare mirror servers forwards many requests, particularly logged in user requests, to the central server that we operate, and it is openly available, too, so an attacker could go straight to that server.

Comments are closed.