Re: [cryptography] Wild at Heart: Were Intelligence Agencies Using Heartbleed in November 2013?

[dan]

Jeffrey Walton shares:
 | 
https://www.eff.org/deeplinks/2014/04/wild-heart-were-intelligence-agencies-using-heartbleed-november-2013
 | 
 | ...
 | The second log seems much more troubling. We have spoken to Ars
 | Technica's second source, Terrence Koeman, who reports finding some
 | inbound packets, immediately following the setup and termination of a
 | normal handshake, containing another Client Hello message followed by
 | the TCP payload bytes 18 03 02 00 03 01 40 00 in ingress packet logs
 | from November 2013. These bytes are a TLS Heartbeat with contradictory
 | length fields, and are the same as those in the widely circulated
 | proof-of-concept exploit.
 | ...


First, one must assume that one is never the first discoverer.

Second, the article continues with

 | ...
 | To reach a firmer conclusion about Heartbleed's history, it would
 | be best for the networking community to try to replicate Koeman's
 | findings.
 | ...

and one should remember that the installed base of such firms as
NetWitness (bought by, and brought into, EMC after the RSA APT
attack) do exactly what is being asked for above, as do other such
products that have not appeared in commercial offerings.  (For
timely reasons, one wonders how all the tax preparation sites plus
irs.gov are waltzing with Heartbleed just now.  April 15 is Tuesday...)

.

Combining points one and two inside any entity where competent data
analysis at scale is routine, a novel attack using an extant flaw
may well become available to such entities by *observation* rather
than by synthesis and/or invention.  Like organisms that borrow
genes across species barriers, the best on the offense side would
have no qualms about capturing what can be observed.  There are
neither patents nor false modesty in that space.

EFF, or someone here, would do well to devise a nomogram whereby
one laid one's straight-edge on the page and read off If this
attack occured against a target of this value, then detection implies
first use was N months ago.  For diseases with guessable intervals
between infection and clinical signs, this is how you look for
Patient Zero.

--dan

___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

[cryptography] Wild at Heart: Were Intelligence Agencies Using Heartbleed in November 2013?

[Jeffrey Walton]

https://www.eff.org/deeplinks/2014/04/wild-heart-were-intelligence-agencies-using-heartbleed-november-2013

Yesterday afternoon, Ars Technica published a story reporting two
possible logs of Heartbleed attacks occurring in the wild, months
before Monday's public disclosure of the vulnerability. It would be
very bad news if these stories were true, indicating that blackhats
and/or intelligence agencies may have had a long period when they knew
about the attack and could use it at their leisure.

In response to the story, EFF called for further evidence of
Heartbleed attacks in the wild prior to Monday. The first thing we
learned was that the SeaCat report was a possible false positive; the
pattern in their logs looks like it could be caused by ErrataSec's
masscan software, and indeed one of the source IPs was ErrataSec.

The second log seems much more troubling. We have spoken to Ars
Technica's second source, Terrence Koeman, who reports finding some
inbound packets, immediately following the setup and termination of a
normal handshake, containing another Client Hello message followed by
the TCP payload bytes 18 03 02 00 03 01 40 00 in ingress packet logs
from November 2013. These bytes are a TLS Heartbeat with contradictory
length fields, and are the same as those in the widely circulated
proof-of-concept exploit.
...
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography