FlyerTalk Forums - View Single Post - New Heartbleed Bug
Thread: New Heartbleed Bug
View Single Post
Old Apr 25, 2014 | 2:42 pm
  #13  
gqZJzU4vusf0Z2,$d7
All eyes on you!
10 Years on Site
 
Join Date: Feb 2013
Location: Somewhere In The Five Eyes
Posts: 238
> there's not really any evidence that anyone knew about, let alone was
> exploiting it before very recently.

Few sites keep the voluminous logs required to determine if they've been
subjected to HeartBleed intrusion.

EFF is reporting that HeartBleed's first notice/exploit was logged in November
2013, from source IPs: 193.104.110.12 and 193.104.110.20 ... both of which
seem to be members of a larger botnet.

What HeartBleed has done is highlight:

- Too few browsers are checking & obeying certificate revocation.
You should check ALL of your browsers. I suggest using:
https://revoked.grc.com/

--- If your browser delivers GRC's explanation page, your browser
--- is not correctly handling revocation.

- Too few Certificate Authorities are following the rules re: certificate
revocation. By contract; a certificate authority is obligated to revoke
certificates within 24 hours if there is evidence of a key compromise.

--- A private key is considered to be compromised if its value has been
--- disclosed;
--- *OR*
--- If there exists a practical technique by which an unauthorized
--- person may discover its value (private key). This did not happen
--- and is not yet happening. There should have been ~500k
--- revocations by now ... and we've seen only a trickle.

- IMHO; the certificate revocation infrastructure has failed us. It needs
to be re-architected. I suggest starting with something more in the
spirit of DNSsec.
Last edited by gqZJzU4vusf0Z2,$d7; Apr 25, 2014 at 2:50 pm
gqZJzU4vusf0Z2,$d7 is offline  
Reply