The "Goto Fail" and "Heartbleed" Bugs

Heartbleed

Like Goto Fail, the Heartbleed bug was caused by a programmer's error. But the faulty software, called OpenSSL, runs mostly on web and mail servers, not on the typical user's computer, laptop, or mobile device. OpenSSL, as you could guess by the name, is an open-source software package that implements SSL. For a server, this means generating the private key, handling the digital certificates used for SSL authentication, and executing computations needed to perform SSL communications with website visitors or e-mail users.

Although the bug hit the news and got its official logo in April 2014, it was around for over two years before that! OpenSSL was first written in the 1990s. But, right at the end of 2011, a contributor added a heartbeat function to OpenSSL. In the computing world, a heartbeat is when one computer sends a small message to another over the Internet to tell the other computer it is still on and wants to communicate. The idea is to improve efficiency; without a heartbeat function in SSL, a web server will typically close the SSL session after each web page is sent to a visitor, requiring the SSL session to be set up again each time the user clicks on another link. This can make a big difference in performance for a server that handles thousands or millions of visitors at a time.

Here's the problem. The program code in OpenSSL allows someone to send a heartbeat request specially crafted to trick the server into including the contents of some of its operating memory in its heartbeat reply. The content of a server's operating memory is one of the most lucrative targets for a criminal, because, so long as the server is handling SSL sessions with connected users, the server's private key is probably in there somewhere. Normally, criminals have to employ sophisticated techniques to try to access a server's operating memory, which can at the very least leave evidence behind of what they did. This flaw in OpenSSL is therefore devastating, because it bleeds the server's memory just through its normal operation using throwaway heartbeat packets, and there is no trace of who got what. Thus the Heartbleed moniker.

Once a server's private key is in the hands of criminals, the integrity of the server and the confidentiality of all its encrypted communications are compromised. So, where the Goto Fail bug only affected a particular user on a certain flawed computer or mobile device targeted by a criminal in that user's proximity, a criminal can use the private key obtained from a Heartbleed-inflicted server to impersonate the server with the server's genuine credentials. This means a user with any computer or device—not just Apple—can be fooled if a criminal can get him to connect to his impostor website, and the user will have no way to know it's not genuine.

But it gets worse. Anyone can sit at his computer and exploit Heartbleed to gather private keys from affected servers around the world. And it's not just servers; some routing devices produced by Cisco and Juniper, which form the backbone of the Internet, had the bug. Exploiting these could certainly enable someone, with enough wile and effort, to redirect users to their impostor server from a wide geographical range, not just the people sharing Wi-Fi at the coffee house. Or, if a criminal can get close enough to the server, he can read its encrypted communications with all visitors, without having to target or redirect any of them.

An updated version of OpenSSL was released the same week the bug was announced, with the bug fixed. Managers of affected web sites and network equipment scrambled to install the fixed version on their systems to stop the bleeding, revoke the validity of private keys that may have been stolen, and generate new private keys. But, the question now is: What was the damage? Well, you probably got e-mails from all your online service providers telling you whether their servers were affected—anything from your bank, to your e-mail providers, to remote access providers like LogMeIn, and particularly cloud storage providers. Ideally, you should have changed your password to any affected provider. The thinking behind this is that, even in the brief period from announcement of this bug until the fix, data thieves may have unencrypted and captured untold numbers of passwords by monitoring communications, and it's only a matter of time until they try to log in to your account with yours.

And, you should consider the possibility that any encrypted information you sent back and forth with an affected server from 2012 through 2014 is more likely to have been read by someone not authorized to do so. How much more likely is impossible to say. Fortunately, due to the complexity of Internet communications, additional security features implemented by most websites, and the fact that apparently no so-called hacker groups knew of this bug before website managers were already fixing it, widespread exploitation of this bug is unlikely. However, as with Goto Fail, the real lasting damage is the confirmation that while the core security apparatus of the Internet is impenetrable by design, it can be devastatingly flawed in its implementation.