What should I do about Heartbleed?

April 11, 2014 | Jaime Blasco

Heartbleed is not an exploit you want to ignore as an IT professional. It exposes passwords and cryptographic keys, and requires not only that you patch OpenSSL for each of the services using the OpenSSL library, but also that you replace the private keys and certificates so that attackers won’t be able to use any of the data compromised by the vulnerability.

It exists in OpenSSL versions 1.0.1 through 1.0.1f. The simplicity of the exploit makes it powerful. It appears that over a half million websites are vulnerable.

OpenSSL provides encryption technology for online communications, not just web servers. Web-enabled applications, VMware, Cisco, Juniper and applications such as VPNs and IP phones also use OpenSSL. The vulnerability gives attackers a way to infiltrate websites and download information without leaving evidence. Our AlienVault labs team began investigating the vulnerability after it was publicized and have seen a significant number of attacks already. The Open Threat Exchange™ (OTX), which provides crowd-sourced threat intelligence, was very helpful in our investigation.

In addition, since the vulnerability has existed for over two years, it is possible that attackers have been repeatedly siphoning information from victims without their knowledge. People have been poking at OpenSSL for years – no telling how far they have exploited the vulnerability.

The OpenSSL vulnerability can be used to steal not only user credentials, but also elements of the application’s source code and any information that is in the server’s memory. The attack can be combined with man-in-the-middle methods to acquire client credentials before authentication occurs.

Check to see if you are vulnerable here.

How AlienVault USM can help detect Heartbleed attacks

Our Labs team has released several IDS signatures for AlienVault USM as well as correlation rules to detect an attacker exploiting this threat.

Watch the video below to see a demonstration of how AlienVault USM can detect the Heartbleed vulnerability in your environment:

You can download a free 30-day trial of AlienVault USM now to detect this threat.

Jaime Blasco

About the Author: Jaime Blasco

Jaime Blasco is a renowned Security Researcher with broad experience in network security, malware analysis and incident response. At AT&T Cybersecurity, Jaime leads the Alien Labs Intelligence and Research team that leads the charge of researching and integrating threat intelligence into detection mechanisms. Prior to working at AT&T, Jaime was Chief Scientest at AlienVault. Prior to that, he founded a couple of startups (Eazel, Aitsec) working on web application security, source code analysis and incident response. He is based in San Francisco. Jaime's work in emerging threats and targeted attacks is frequently cited in international publications such as New York Times, BBC, Washington Post and Al Jazeera.

Read more posts from Jaime Blasco ›

‹ BACK TO ALL BLOGS

Get the latest security news in your inbox.

Subscribe via Email

Watch a Demo ›
Get Price Free Trial