Re: [cryptography] [Cryptography] The Heartbleed Bug is a serious vulnerability in OpenSSL
On 08/04/14 11:46, ianG wrote: We have here a rare case of a broad break in a security protocol leading to compromise of keys. Though it's an implementation break, not a protocol break. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] The Heartbleed Bug is a serious vulnerability in OpenSSL
On 08/04/14 11:46, ianG wrote: We have here a rare case of a broad break in a security protocol leading to compromise of keys. On 2014-04-09 21:53, Alan Braggins wrote: Though it's an implementation break, not a protocol break. Not exactly. The protocol failed to define a response to nonsensical records. The bug was that the protocol responded to invalid records the same way as if they were valid. The protocol should have said a valid record shall satisfy the following requirements. Invalid records shall be silently discarded and all actions that depend on them silently terminated. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] The Heartbleed Bug is a serious vulnerability in OpenSSL
On 04/10/2014 12:29 AM, James A. Donald wrote: On 08/04/14 11:46, ianG wrote: We have here a rare case of a broad break in a security protocol leading to compromise of keys. On 2014-04-09 21:53, Alan Braggins wrote: Though it's an implementation break, not a protocol break. Not exactly. The protocol failed to define a response to nonsensical records. The bug was that the protocol responded to invalid records the same way as if they were valid. The protocol should have said a valid record shall satisfy the following requirements. Invalid records shall be silently discarded and all actions that depend on them silently terminated. Well, the RFC [1] (end of p5) does say : If the payload_length of a received HeartbeatMessage is too large, the received HeartbeatMessage MUST be discarded silently. I guess that doesn't say longer than actual payload though so it doesn't explicitly call out the case that caused the problem. I figure there are some protocol design lessons maybe. There's a thread started on the TLS list about it today. [2] Be interesting to see what that turns up. S. [1] https://tools.ietf.org/html/rfc6520 [2] https://www.ietf.org/mail-archive/web/tls/current/msg11891.html ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] The Heartbleed Bug is a serious vulnerability in OpenSSL
On Apr 9, 2014, at 4:41 PM, Stephen Farrell stephen.farr...@cs.tcd.ie wrote: I figure there are some protocol design lessons maybe. There's a thread started on the TLS list about it today. [2] Be interesting to see what that turns up. There is actually a second thread on the TLS list today related to the topic of protocol design lessons: https://www.ietf.org/mail-archive/web/tls/current/msg11889.html. It will be interesting to see what that turns up as well. --Paul Hoffman ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] The Heartbleed Bug is a serious vulnerability in OpenSSL
On 7/04/2014 22:53 pm, Edwin Chu wrote: Hi A latest story for OpenSSL http://heartbleed.com/ The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs). The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users. We have here a rare case of a broad break in a security protocol leading to compromise of keys. While everyone's madly rushing around to fix their bitsbobs, I'd encouraged you all to be alert to any evidence of *damages* either anecdotally or more firm. By damages, I mean (a) rework needed to secure, and (b) actual breach into sites and theft of secrets, etc, leading to (c) theft of property/money/value etc. In risk analysis, we lean very heavily on firm indications of actual, tangible damages, because risk analysis is an uncertain tool and the security industry is a FUD-driven sector. Where we have actual experiences of lost money, time, destruction of property or whatever, this puts us in a much better position to predict what is worth spending money to protect. E.g., if we cannot show any damages from this breach, it isn't worth spending a penny on it to fix! Yes, that's outrageous and will be widely ignored ... but it is economically and scientifically sound, at some level. I maintain a risk history here: http://wiki.cacert.org/Risk/History for the CA field, so if anyone can find any real damages effecting the CA world, let me know! iang ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] The Heartbleed Bug is a serious vulnerability in OpenSSL
On Tue, Apr 08, 2014 at 11:46:49AM +0100, ianG wrote: While everyone's madly rushing around to fix their bitsbobs, I'd encouraged you all to be alert to any evidence of *damages* either anecdotally or more firm. By damages, I mean (a) rework needed to secure, and (b) actual breach into sites and theft of secrets, etc, leading to (c) theft of property/money/value etc. [[...]] E.g., if we cannot show any damages from this breach, it isn't worth spending a penny on it to fix! This analysis appears to say that it's not worth spending money to fix a hole (bug) unless either money has already been spent or damages have *already* occured. This ignores possible or probable (or even certain!) *future* damages if no rework has yet happened. This seems like a flawed risk analysis to me. In particular, this analysis could be used to argue against spending any money trying to reduce risk or damages from rare events which haven't happened yet. For example, as of January 1, 2011 (= 69 days before the Fukushima Daiichi disaster), this analysis would have said that since no nuclear reactor in the world has ever been damaged by a tsunami (a true statement on that date), it isn't worth spending any money trying to secure nuclear reactors against tsunami damage. -- -- Jonathan Thornburg [remove -animal to reply] jth...@astro.indiana-zebra.edu Dept of Astronomy IUCSS, Indiana University, Bloomington, Indiana, USA There was of course no way of knowing whether you were being watched at any given moment. How often, or on what system, the Thought Police plugged in on any individual wire was guesswork. It was even conceivable that they watched everybody all the time. -- George Orwell, 1984 ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] The Heartbleed Bug is a serious vulnerability in OpenSSL
Message du 08/04/14 18:44 De : ianG E.g., if we cannot show any damages from this breach, it isn't worth spending a penny on it to fix! Yes, that's outrageous and will be widely ignored ... but it is economically and scientifically sound, at some level. So, let's wait until another 40 million credit cards are stolen, then we prove this method was used exactly, then we will try to fix it in all deployments ... yeah, seems reasonable. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] The Heartbleed Bug is a serious vulnerability in OpenSSL
On Tue, Apr 08, 2014 at 01:12:25PM -0400, Jonathan Thornburg wrote: On Tue, Apr 08, 2014 at 11:46:49AM +0100, ianG wrote: While everyone's madly rushing around to fix their bitsbobs, I'd encouraged you all to be alert to any evidence of *damages* either anecdotally or more firm. By damages, I mean (a) rework needed to secure, and (b) actual breach into sites and theft of secrets, etc, leading to (c) theft of property/money/value etc. [[...]] E.g., if we cannot show any damages from this breach, it isn't worth spending a penny on it to fix! This analysis appears to say that it's not worth spending money to fix a hole (bug) unless either money has already been spent or damages have *already* occured. This ignores possible or probable (or even certain!) *future* damages if no rework has yet happened. The first part (gather data) is OK. The second I thought was said facetiously. It is flawed, indeed, but it's also true that people have a hard time weighing intangibles. I don't know how we can measure anything here. How do you know if your private keys were stolen via this bug? It should be possible to establish whether key theft was feasible, but establishing whether they were stolen might require evidence of use of stolen keys, and that might be very difficult to come by. We shouldn't wait for evidence of use of stolen keys! Nico -- ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] The Heartbleed Bug is a serious vulnerability in OpenSSL
On Tue, Apr 8, 2014 at 3:18 PM, tpb-cry...@laposte.net wrote: Message du 08/04/14 18:44 De : ianG E.g., if we cannot show any damages from this breach, it isn't worth spending a penny on it to fix! Yes, that's outrageous and will be widely ignored ... but it is economically and scientifically sound, at some level. So, let's wait until another 40 million credit cards are stolen, then we prove this method was used exactly, then we will try to fix it in all deployments ... yeah, seems reasonable. Keep it as is if you want. https://www.mattslifebytes.com/?p=533 ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] The Heartbleed Bug is a serious vulnerability in OpenSSL
On Tue, Apr 8, 2014 at 6:46 AM, ianG i...@iang.org wrote: On 7/04/2014 22:53 pm, Edwin Chu wrote: ... E.g., if we cannot show any damages from this breach, it isn't worth spending a penny on it to fix! Yes, that's outrageous and will be widely ignored ... but it is economically and scientifically sound, at some level. This system works great for the firms involved. The first data breach I was part of, it cost me over $10,000 to fix. I did not find out until I had judgements against me, and the collection agencies came after me. The latest breach I got sucked into only involved a compromised credit card, so it only cost me $75 to have a new one shipped to me while I was out of town (I only have one credit card). Saving those pennies has worked out great for me. I'm glad the executives got their bonuses and the stock holders got their dividends. Jeff ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] The Heartbleed Bug is a serious vulnerability in OpenSSL
Message du 08/04/14 21:42 De : ianG A : tpb-cry...@laposte.net, cryptogra...@metzdowd.com, cryptography@randombit.net Copie à : Objet : Re: [Cryptography] The Heartbleed Bug is a serious vulnerability in OpenSSL On 8/04/2014 20:18 pm, tpb-cry...@laposte.net wrote: Message du 08/04/14 18:44 De : ianG E.g., if we cannot show any damages from this breach, it isn't worth spending a penny on it to fix! Yes, that's outrageous and will be widely ignored ... but it is economically and scientifically sound, at some level. So, let's wait until another 40 million credit cards are stolen, then we prove this method was used exactly, then we will try to fix it in all deployments ... yeah, seems reasonable. Well, be blind if you like. But 40 million stolen credit cards are measurable, are damages, and are directly relatable by statistical models to theft damages. My advice is when you have a number like 40m in front of you, then you should DO SOMETHING. Spend a penny, dude! Your first advice is extremely dangerous and preposterous, I was being sardonic in my comment, but let's get this straight. You said you control a quite famous bug list. I should not ask this here, but considering the situation we found ourselves regarding encryption infrastructure abuse from the part of US government ... I'm just curious and can't resist it. How much are you being paid to give such dangerous and preposterous advice? Or, who are your handlers? ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] The Heartbleed Bug is a serious vulnerability in OpenSSL
On 8/04/2014 20:33 pm, Nico Williams wrote: On Tue, Apr 08, 2014 at 01:12:25PM -0400, Jonathan Thornburg wrote: On Tue, Apr 08, 2014 at 11:46:49AM +0100, ianG wrote: While everyone's madly rushing around to fix their bitsbobs, I'd encouraged you all to be alert to any evidence of *damages* either anecdotally or more firm. By damages, I mean (a) rework needed to secure, and (b) actual breach into sites and theft of secrets, etc, leading to (c) theft of property/money/value etc. [[...]] E.g., if we cannot show any damages from this breach, it isn't worth spending a penny on it to fix! This analysis appears to say that it's not worth spending money to fix a hole (bug) unless either money has already been spent or damages have *already* occured. This ignores possible or probable (or even certain!) *future* damages if no rework has yet happened. The first part (gather data) is OK. The second I thought was said facetiously. It is flawed, indeed, but it's also true that people have a hard time weighing intangibles. Right, exactly. Thought experiment. I don't know how we can measure anything here. How do you know if your private keys were stolen via this bug? It should be possible to establish whether key theft was feasible, but establishing whether they were stolen might require evidence of use of stolen keys, and that might be very difficult to come by. Precisely, that is the question. What happens if we wait a year and nothing .. happens? What happened with the Debian random plonk? Nothing, that I ever saw in terms of measurable damages. The BEAST thing? Twitter, was it? What happened with PKI? We (I) watched and watched and watched ... and it wasn't until about 2011 that something finally popped up that was a measurable incident of damages, 512bit RSA keys being crunched from memory. That's 16 years! Does that mean (a) PKI was so good that it clobbered all attacks, or (b) PKI was so unnecessary because there was nobody interested in attacks? Dan Geer once said on this list [0]: The design goal for any security system is that the number of failures is small but non-zero, i.e., N0. If the number of failures is zero, there is no way to disambiguate good luck from spending too much. Calibration requires differing outcomes. We now have what amounts to a *fantastic* opportunity ghoulish laugh to clarify delta. We've got a system wide breach, huge statistics, and it's identifiable in terms of which servers are vulnerable. Hypothesize: Let the number of attacked servers be 1% of population of vulnerable servers. Let our detection rate be 1%. Multiply. That means 1 in 10,000 attacked servers. Let's say we have 1m vulnerable servers. We should detect 100 attacks over the next period. We should detect something! We shouldn't wait for evidence of use of stolen keys! (Well, right. I doubt we can actually tell anyone to wait.) Nico iang [0] http://financialcryptography.com/mt/archives/001255.html ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] The Heartbleed Bug is a serious vulnerability in OpenSSL
On 8/04/2014 21:02 pm, tpb-cry...@laposte.net wrote: You said you control a quite famous bug list. Not me, you might be thinking of the other iang? I should not ask this here, but considering the situation we found ourselves regarding encryption infrastructure abuse from the part of US government ... I'm just curious and can't resist it. the shoe turns, the knife fits... How much are you being paid to give such dangerous and preposterous advice? Or, who are your handlers? Nothing, nix. I wish. Please!? At this stage it is customary to post a bitcoin address but I don't even have one of them iang ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] The Heartbleed Bug is a serious vulnerability in OpenSSL
we should probably stop keeping secrets on the internet. (snark snark) marc On Tue, Apr 8, 2014 at 3:17 PM, ianG i...@iang.org wrote: On 8/04/2014 21:02 pm, tpb-cry...@laposte.net wrote: You said you control a quite famous bug list. Not me, you might be thinking of the other iang? I should not ask this here, but considering the situation we found ourselves regarding encryption infrastructure abuse from the part of US government ... I'm just curious and can't resist it. the shoe turns, the knife fits... How much are you being paid to give such dangerous and preposterous advice? Or, who are your handlers? Nothing, nix. I wish. Please!? At this stage it is customary to post a bitcoin address but I don't even have one of them iang ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography