[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Tue, Apr 08, 2014 at 03:28:58PM +0100, bad apple wrote: > You're missing the point - by far the biggest issue with this bug is > "OMG the attacker has compromised my cert"... I'd say the biggest issue is "OMG the attacker has read things from memory". There are so many things they can read and so many bad things they can do with it. > with PFS you don't care, > it was only valid for that session anyway and then it's tossed out. Unless I'm misunderstanding you, with the private key of your X.509 certificate, anyone can perform active MITM attacks against users of your server. It doesn't matter if you use PFS. PFS is a particularly good idea, but in this case only prevents one particular scenario out of so many. > > Yahoo login details? > > Still haven't seen any evidence of this yet, although it's definitely > technically possible. Still relies on battering the vulnerable server, > trying to read random <64k offsets from the TLS linked process and just > hoping you get enough bits to assemble something useful out of it. Not sure how much more evidence you want than the screenshot in the Fox-IT blog post. Others have reported the same. It's probably harder if you are looking for specific data, but still. A lot of very bad things can be done with random secret data. > All > of which without the usual IDS etc stuff any sensible admin (I know, I > know... there aren't many of them out there) would have set up > triggering or the process crashing. Would your average IDS have triggered on this? It happens very early on during the TLS negotiation. (I'm not suggesting it wouldn't. I just know very little about IDS.) Also, if the conclusion of this bug were that you need to run IDS for your average server, that'd be particularly bad consequence. PoC or it didn't happen (I do expect > this to turn up before too long, quite possibly on the Rapid7 site as > Metasploit module within 24 hours). Yes. Although I don't think I'd mind if they waited a little longer this time. Finally, the author of the blog post you linked to (thanks for which) now posted on Twitter: "Updated my post to include info about sbrk and mmap. I'm not longer skeptical about #Heartbleed sec key leakage. It could happen! Update!" Martijn. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq