heartbleed_infographic
DESCRIPTION
Heartbleed_infographicTRANSCRIPT
7/17/2019 Heartbleed_infographic
http://slidepdf.com/reader/full/heartbleedinfographic 1/1
WEB SERVER
YOU ARE
HERE
ATTACKER
SENSITIVE DATA FROM THE
WEB SERVER’S MEMORY
VULNERABLE
OPENSSL
(1.0.1-1.0.1f )
HEARTBLEED
ATTACK
INTERNET
BANKING
$ ONLINE
SHOPPING
SOCIAL
NETWORKS
PERSONAL,
CORP EMAIL
WELFARE, TAX, HEALTH
FINANCE,STOCK TRADE
COMMUNICATIONS
OVER TLS
SERVER
Secure Session Request Send Certificate
Check Certificate
Get Public Key
Generate Session Key
Decrypt Session Key
with the Server’sPrivate Key
Encrypt it with the
Server’s Public Key Secure Communications
with the Session Key
CLIENT
HOW TLS (TRANSPORT LAYER SECURITY) WORKS
SERVER
Send HeartbeatRequest Message
(to make sure the peer is alive)
CLIENT
HOW HEARTBEAT EXTENSION FOR TLS WORKS
PAYLOAD
HEARTBEAT REQUEST
MESSAGE
HEARTBEAT RESPONSE
MESSAGE
Extract payload & put
it into Response Message
Make sure the received
payload is the same
SERVER
Malformed Heartbeat:Small payload disguised as
a big one
CLIENT
HOW THE HEARTBLEED EXPLOIT WORKS
RECEIVED
HEARTBEAT RESPONSE
Extract payload & put
it into Response Message
MEMORY
DATA
TLS/SSL Private Keys
Authentication Cookies
Passwords/Credentials
The payload
is expected to be big, so the
‘bucket’ gets other data too
HEARTBLEED - THE OPENSSL HEARTBEAT EXPLOIT
RECOMMENDATIONS FOR
SERVER ADMINISTRATORS
Check & Upgrade OpenSSL
Change passwords & keys
Apply IDS signatures
Buy a new TLS certificate
NUMBER OF VULNERABLE WEBSITES
AMONG TOP 10,000
628
301180
8 April 2014
4:00PM UTC
9 April 2014
7:30AM UTC
10 April 2014
12:30AM UTC
15.5 hours17 hours
Copyright © 2014 BAE Systems.
All Rights reserved. BAE SYSTEMS, the BAE SYSTEMS Logo and the product names referenced herein are trade marks of BAE Systems plc.Other company names, trade marks or products referenced herein are the property of t heir respective owners and are used only to describe such companies, trade marks or products.
BAE Systems Applied Intelligence Limited is registered in England & Wales under company number 01337451 and has its registered office at Surrey R esearch Park, Guildford, England, GU2 7RQ.
E: [email protected]: www.baesystems.com/ai
& key pair
VULNERABLE OPENSSL CLIENTS
ARE ALSO SUSCEPTABLE TO ATTACK
FROM COMPROMISED SERVERS
(users & internal e.g. DB)