Comment Re:Highly likely that NSA knew early on (Score 1) 149
Typo, meant the 0.9.8 branch of SSL of course.
Comment Highly likely that NSA knew early on (Score 3, Interesting) 149
Actually I wrote this yesterday but was unable to publish it:
...
I have not yet grasped the full scope of the implications of this bug, but if you take the stance that things that could have been done also has been done (imho the only safe assumption), is this a good characterization? Or are there any limiting factors that makes this impossible? Like for example the amount of memory that could be leaked while the application is running (as servers aren't restarted often) is certain information that is stored statically in memory potentially not reachable?
During the last two years:
1. Any/all certificates used by servers running openssl 1.0.1 might have been compromized and should be revoked (the big cert-reset of 2014?)
2. Because of 1, any/all data sent over a connection to such servers might now be know by a bad MITM (i.e. for large scale: the various security services/hostile ISPs, local scale/targeted attacks: depends on who else happened to know, and this person/organization happened to be your adversary, looks unlikely, but who knows...)
3. Any/all data stored in SSL-based client applications might have been compromised.
From a users perspective - change all passwords/keys that has been used on applications based on openSSL-1.0.1? How to know what services? To be safe, change them all? Consider private data potentially sent over SSL to be open and readable by the security services?
Thinking about the large-scale:
For how long has the NSA been picking up information leaked by Heartbleed (assuming that they have at least since late evening the 7:th or early morning the 8:th seems a given)?
-Not in the Snowden documents that has been revealed so far (absence of proof != proof of absence, but language might give a hint)
-No report of unusual heartbeat streams being spotted in the wild (was anyone looking?)
Let's assume for the sake of argument the NSA does not have people actually writing the OpenSSL code in the first place.
When did they know about it's existence?
time_to_find_bug = budget * complexity_of_bug / size_of_sourcecode * complexity_of_sourcecode * intention_to_find_bugs
Where
budget = manpower * skillset
and
time_to_find_bug < inf.
when
skillset >= complexity_of_bug
Heartbeat bug:
complexity_of_bug = low
OpenSSL:
size_of_sourcecode = 376409 lines of code (1.0.1 beta1)
complexity_of_sourcecode = high
NSA:
intention_to_find_bugs = 1
budget = $20 * 10^9 ?
=> manpower = 30k ?
skillset = high
Guesstimate: one to a few months -> early 2012 to go through the changes made to 1.0.1 building on earlier work already done on the 0.8.9 branch...
...
Or to say it another way, I think it is safe to assume that, given the simplicity of the bug, NSA knew about Heartbleed in early on. The anonymous comments to Bloomberg gives nice confirmation of this.
...
I have not yet grasped the full scope of the implications of this bug, but if you take the stance that things that could have been done also has been done (imho the only safe assumption), is this a good characterization? Or are there any limiting factors that makes this impossible? Like for example the amount of memory that could be leaked while the application is running (as servers aren't restarted often) is certain information that is stored statically in memory potentially not reachable?
During the last two years:
1. Any/all certificates used by servers running openssl 1.0.1 might have been compromized and should be revoked (the big cert-reset of 2014?)
2. Because of 1, any/all data sent over a connection to such servers might now be know by a bad MITM (i.e. for large scale: the various security services/hostile ISPs, local scale/targeted attacks: depends on who else happened to know, and this person/organization happened to be your adversary, looks unlikely, but who knows...)
3. Any/all data stored in SSL-based client applications might have been compromised.
From a users perspective - change all passwords/keys that has been used on applications based on openSSL-1.0.1? How to know what services? To be safe, change them all? Consider private data potentially sent over SSL to be open and readable by the security services?
Thinking about the large-scale:
For how long has the NSA been picking up information leaked by Heartbleed (assuming that they have at least since late evening the 7:th or early morning the 8:th seems a given)?
-Not in the Snowden documents that has been revealed so far (absence of proof != proof of absence, but language might give a hint)
-No report of unusual heartbeat streams being spotted in the wild (was anyone looking?)
Let's assume for the sake of argument the NSA does not have people actually writing the OpenSSL code in the first place.
When did they know about it's existence?
time_to_find_bug = budget * complexity_of_bug / size_of_sourcecode * complexity_of_sourcecode * intention_to_find_bugs
Where
budget = manpower * skillset
and
time_to_find_bug < inf.
when
skillset >= complexity_of_bug
Heartbeat bug:
complexity_of_bug = low
OpenSSL:
size_of_sourcecode = 376409 lines of code (1.0.1 beta1)
complexity_of_sourcecode = high
NSA:
intention_to_find_bugs = 1
budget = $20 * 10^9 ?
=> manpower = 30k ?
skillset = high
Guesstimate: one to a few months -> early 2012 to go through the changes made to 1.0.1 building on earlier work already done on the 0.8.9 branch...
...
Or to say it another way, I think it is safe to assume that, given the simplicity of the bug, NSA knew about Heartbleed in early on. The anonymous comments to Bloomberg gives nice confirmation of this.
Slashdot Top Deals
The nice thing about standards is that there are so many of them to choose from. -- Andrew S. Tanenbaum
