{"id":6097,"date":"2014-04-10T09:54:17","date_gmt":"2014-04-10T07:54:17","guid":{"rendered":"http:\/\/blog.netspark.de\/?p=6097"},"modified":"2014-04-10T09:54:17","modified_gmt":"2014-04-10T07:54:17","slug":"heartbleed-or-when-the-it-goes-crazy","status":"publish","type":"post","link":"https:\/\/blog.netspark.de\/?p=6097","title":{"rendered":"Heartbleed – Or when the IT goes crazy"},"content":{"rendered":"

\"heartbleed\"<\/a>Since the leak got public, every IT service provider is going crazy about
\nthe heartbleed bug that is active with OpenSSL 1.0.1 to 1.0.1f. But what
\nexactly makes the heartbleed bug so dangerous? This website<\/a> has com-
\nprehensive information available for those running OpenSSL.<\/p>\n

Since there are hundreds of thousands of websites active that use one of the affected OpenSSL versions, the chance is high, that a malicious exploit user has already taken action to successfully gain access to the private encryption key. Once one has the pkey, it is possible to fake a server’s identity with the customer not noticing this as the server is able to create valid OpenSSL-connections. The customer only sees the Lock logo indicating that all is well so far but in the background he is sending his private information to another server.<\/p>\n

As many e-shops, e-banking websites and other protected services all run OpenSSL on their webservers, the risk is high. There’s a website to check one’s personal favourites that use secured connections if they’re exposed to the bug or really secure. Check yours here: Heartbleed check site<\/a><\/p>\n

I found out that all of my favs are already secure. In switzerland, the MELANI office warned about the issue 48 hours ago. Yesterday most of the swiss websites have already been secured as website operators have applied the supplied patch. But there are numerous websites out in the world that may not have applied the patch till now.<\/p>\n

So how to determine if your website’s allright?<\/p>\n

Open the Heartbleed check site and enter the URL of the site to be checked in the form of https:\/\/<yourURL><\/strong><\/p>\n

If the result is this (checked https:\/\/auvito.ru for example):<\/p>\n

\"heartbleed-explained_03\"<\/a><\/p>\n

…it means your website is vulnerable and affected by the bug and you’re now in charge to update your OpenSSL version as soon as possible!<\/p>\n

And if you get this:<\/p>\n

\"heartbleed-explained_01\"<\/a><\/p>\n

…then all should be fine (yet it’s a good idea to update to the newest OpenSSL version if it hasn’t been done since!<\/p>\n

But what exactly does the exploit do? Symantec has made a very clear and short description:<\/p>\n

\"heartbleed-explained_02\"<\/a><\/p>\n

The malicious client sends a heartbeat request which should be usually less than 1KB in size however the header of the request asks for the first 64KB(!) of the server data.<\/p>\n

The server then collects the first 64KB of the momory and encapsulates it into the heartbeat request.<\/p>\n

\"heartbleed\"<\/a><\/p>\n

Last, the client unpacks the heartbeat request and has now access to the 64KB of data sent back. Either you’re in luck and the memory content in the first 64KB was just garbage which ain’t of much interest or the client got sensitive information such as stored, unencrypted passwords or other secure information. The most mean thing about the heartbleed exploit is, that a server operator won’t notice traces!<\/p>\n

And what can you do as the end user?<\/p>\n

If you’re serious about your privacy, you can check your sites using SSL and check them with the heartbleed test if they’re vulnerable. If so, consider not using that site until they fix the exploit!<\/p>\n","protected":false},"excerpt":{"rendered":"

Since the leak got public, every IT service provider is going crazy about the heartbleed bug that is active with OpenSSL 1.0.1 to 1.0.1f. But what exactly makes the heartbleed bug so dangerous? This website has com- prehensive information available for those running OpenSSL.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[55,4,3],"tags":[660,2372,2788,1071,317,2787,2789],"class_list":["post-6097","post","type-post","status-publish","format-standard","hentry","category-computer-2","category-curiosities","category-news","tag-attack","tag-exploit","tag-heartbleed","tag-leak","tag-memory","tag-openssl","tag-unsecure"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/blog.netspark.de\/index.php?rest_route=\/wp\/v2\/posts\/6097","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.netspark.de\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.netspark.de\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.netspark.de\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.netspark.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6097"}],"version-history":[{"count":0,"href":"https:\/\/blog.netspark.de\/index.php?rest_route=\/wp\/v2\/posts\/6097\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.netspark.de\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6097"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.netspark.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6097"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.netspark.de\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6097"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}