What happened in April 2014

In April 2014 it was discovered a catastrophic vulnerability in OpenSSL which was existed since 2012. This vulnerability: Heartbleed could expose sensitive memory from vulnerable servers including cryptographic keys, login credentials, and other private data like private keys in TLS certificates. The root cause for this matter was a buffer over-read in Heartbeat extension in TLS protocol where more data can be read than should be allowed.

A few months later, a research team published a research that was conducted to analyze the impact of this vulnerability. And according to their study,

They used the Zmap network scanner to test this bug by sending heartbeat requests with no payload nor padding and the length field set to zero. They started their first vulnerability scan on Alexa’s top 1 Million sites within 48 hours of the disclosure and found out 24–55% of HTTPS-enabled websites among this 1 Million were vulnerable at the time of the disclosure. As Google, Akamai, and few other companies discovered the bug earlier, they patched OpenSSL in their servers before the public disclosure on the 7th of April 2014. Furthermore, at the first scan of the IPv4 address space, they found that 5.9% of 11.4% HTTPS hosts were vulnerable at the time.

Popular websites did well at patching their systems as all Alexa’s top 100 sites were patched within two days from the disclosure. The patching trend of the entire IPv4 address space differed from Alexa's one displaying a huge drop off between 22–23 April 2014 due to the patching of several heavily affected Autonomous Systems. As this bug allowed attackers to gain private keys it is as important as patching systems to generate new cryptographic keys and revoke compromised certificates. But surprisingly, only 23% of HTTPS sites in Alexa’s top 1 Million replaced certificates and even only 4% revoked the vulnerable ones.

When looking at real attacks that tried to exploit the bug, they couldn’t find any evidence on attempts to exploit Heartbleed before the public disclosure. But once it is publicly disclosed, they found that almost 6000 attempts to exploit the vulnerability targeting 217 hosts by 692 distinct hosts while 7 attackers successfully completed 103 exploit attempts on 12 victim hosts.

Finally and most importantly, they conducted a mass notification of vulnerable hosts after three weeks from the disclosure. And found that it made a significant positive impact on the patching process indicating the widespread awareness of the problem is not enough to ensure patching.

Related posts:

Fully garnished in green shrouds Lofty mountains pierce the sky Scrawling secrets in the clouds With their hues of breathing dye. Slurping on the chilling breeze Gangling grass feels its massage…

Moral libertarianism calls for a vision of a genuinely free market of ideas, where individuals with Equal Moral Agency (EMA) can participate in the debate, criticism and improvement of every idea. Of…

HDL designs are conceptually at a crossroads between software and hardware. On the one hand, HDL is code. On the other hand, the ultimate object of that code is not to ‘run’ anywhere, but to…