Category: TLS

Apr 11

What Can App Developers Learn From Heartbleed?

Heartbleed bugWhat lessons can application developers take from the Heartbleed bug?  How can we use this experience to make the Internet more secure?  Unless you have been offline in a cave for the past few days, odds are that you’ve seen the many stories about the Heartbleed bug (and many more stories today) and, hopefully, have taken some action to update any sites you have that use the OpenSSL library.  If you haven’t, then stop reading this post and go update your systems! (You can test if your sites are vulnerable using one of the Heartbleed test tools.) While you are at it, it would be a good time to change your passwords at services that were affected (after they have fixed their servers). There is an enormous list of the Alexa top 10000 out there, but sites like Mashable have summarized the major sites affected.  (And periodically changing your password is just a general “best practice”, so even if the site was not affected, why not spend a few minutes to make the changes?)

Client Applications Need Updating, Too

For application developers, though, it is also important to update any client applications you may have that use the OpenSSL libraries to implement TLS/SSL connections.  While most of the attention has been focused on how attackers can gain access to information stored on servers, it is also true that a malicious site could harvest random blocks of memory from clients visiting that site.  There is even demonstration code that lets you test this with your clients.  Now, granted, for this attack to work an attacker would need to set up a malicious site and get you to visit the site through, for instance, a phishing email or link shared through social media.  The attacker could then send malformed heartbeat messages to your vulnerable client in an attempt to read random blocks of memory… which then may or may not have any useful information in them.

Again, the path for an attacker to actually exploit this would be a bit complex, but you definitely should test any client applications you have that rely on any OpenSSL libraries.

With all that said, since we have started this “TLS For Applications” topic here are on Deploy360, what are some of the important lessons we can take away from this experience?  Here are a few I see coming out of this – I’d love to hear the lessons you take from all of this in the comments.

Security Testing Is Critical

It turns out that this was an incredibly trivial coding error. As Sean Cassidy points out in his excellent Diagnosis of the OpenSSL Heartbleed Bug, the issue boils down to this:

What if the requester didn’t actually supply payload bytes, like she said she did? What if pl really is only one byte? Then the read from memcpy is going to read whatever memory was near the SSLv3 record and within the same process.

There was no checking on the input and this allowed reading from other parts of the computer’s memory.  As Cassidy later writes about the fix:

This does two things: the first check stops zero-length heartbeats. The second check checks to make sure that the actual record length is sufficiently long. That’s it.

Today’s XKCD comic shows this all in an even simpler explanation.

This is the kind of trivial mistake that probably every developer has made at some point of his or her life.  I am sure that if I were to go back through many lines of code in my past I’d find cases where I didn’t do the appropriate input or boundary testing.  It highlights the importance of doing security testing – and of setting up security unit tests that are just done as part of the ongoing testing of the application. It also highlights the need for ongoing security audits, and for reviewers of code submissions to also be testing for security weaknesses.  But again, this is a common type of error that probably every developer has made.  You need testing to catch things like this.

In this instance it just happens that the mistake was in a piece of software that has now become critical for much of the Internet!  Which leads to a second lesson…

Having A Rapid Upgrade Path/Plan Is Important

As people learned about this bug earlier this week there has been a massive push to upgrade software all across the Internet. Which raises the question: how easy is it for your users to upgrade their software in a high priority situation such as this?

In many cases, it may be quite easy for users to install an update either from some kind of updated package or a download from an online application store.  In other cases, it may be extremely difficult to get updates out there.  In the midst of all this I read somewhere that many “home routers” may be vulnerable to this bug.  Given that these are often something people buy at their local electronics store, plug in, and pretty much forget… the odds of them getting updated any time soon are pretty slim.

Do you have a mechanism whereby people can rapidly deploy critical security fixes?

UPDATE: A ZDNet post notes that both Cisco and Juniper have issued update statements for some of their networking products. I expect other major vendors to follow soon.

Marketing Is Important To Getting Fixes Deployed

Finally, Patrick McKenzie had a great post out titled “What Heartbleed Can Teach The OSS Community About Marketing” that nicely hits on key elements of why we’re seeing so much attention to this – and why we are seeing fixes deployed.  He mentions the value of:

  1. Using a memorable name (“Heartbleed” vs “CVE-2014-0160″)
  2. Clear writing
  3. A dedicated web presence with an easy URL to share
  4. A visual identity that can be widely re-used

His article is well worth reading for more details.  His conclusion includes this paragraph that hit home for me (my emphasis added):

Given the importance of this, we owe the world as responsible professionals to not just produce the engineering artifacts which will correct the problem, but to advocate for their immediate adoption successfully.  If we get an A for Good Effort but do not actually achieve adoption because we stick to our usual “Put up an obtuse notice on a server in the middle of nowhere” game plan, the adversaries win.  The engineering reality of their compromises cannot be thwarted by effort or the feeling of self-righteousness we get by not getting our hands dirty with marketing, it can only be thwarted by successfully patched systems.

Exactly!

We need to make it easy for people to deploy our technologies – and our updates to those technologies.  (Sound like a familiar theme?)

What other lessons have you taken from this Heartbleed bug?  What else should application developers be thinking about to make TLS/SSL usage more secure?

Please do leave a comment here or on social media sites where this article is posted.  (And if you’re interested in helping us get more documentation out to help app developers with TLS/SSL, how about checking out our content roadmap for the TLS area?  What other items should we include?  Do you know of existing documents we should consider pointing to?  Interested in writing some documents?  Please do let us know.)

P.S. There’s now a post out about the process the Codenomicon team went through in disclosing the bug that is worth reading.

Mar 21

Google Is Now Always Using TLS/SSL for Gmail Connections

Gmail logoWe were pleased today to read that Google is now changing their Gmail service to always use TLS-encrypted connections. As they note in their announcement blog post:

Starting today, Gmail will always use an encrypted HTTPS connection when you check or send email. Gmail has supported HTTPS since the day it launched, and in 2010 we made HTTPS the default. Today’s change means that no one can listen in on your messages as they go back and forth between you and Gmail’s servers—no matter if you’re using public WiFi or logging in from your computer, phone or tablet. 

The key point is the one I emphasized in bold in the text: attackers cannot listen in on your messages as they go between your mail client (which could be your web browser) and Gmail’s servers.   Obviously the messages could still be potentially viewed either on your client device or on Gmail’s servers… but this step is removing the ability for the messages to be viewed “on the wire”.

This is a great example of the kind of action we’d like to see to make communication over the Internet more secure- and why we launched our new “TLS for Applications” section of this site.  We want to encourage more application providers and developers to make the steps that Google has done here.

Kudos to the Google/Gmail team for taking this step!

Mar 02

Slides: Why We Need #MoreCrypto / TLS In Applications

Why do we need TLS in applications? Why do we need “more crypto”? Recently Olle Johansson put together a good set of slides that nicely summarize the issue:

Yes! We need more use of TLS! Please help us spread the word!

Feb 28

Introducing A New Deploy360 Topic: TLS for Applications

TLSHow can we help make it easier for developers to learn how to add TLS (SSL) support to their applications?   If you’ve been following our work here at Deploy360 for a while, you know that part of our attention is focused on accelerating the deployment of DNSSEC and of technologies that help in securing BPG and Internet routing.

With DNSSEC, a great bit of our focus has been on the enormous potential of the DANE protocol to help make Internet connections using Transport Layer Security (TLS) more secure.  You already use TLS probably every day with your web browser… although you may know it more by its older name of “Secure Sockets Layer (SSL)”.  Any time you go to a website with a “https” at the beginning of a URL, or if you see a “lock” icon in many browsers, you are using TLS.   Any app developer using TLS is a great candidate to be using DANE.

But how do we get more developers using TLS to encrypt their connections and secure the data sent over those connections?

Around the time we were thinking about this, a new working group was launched within the IETF called “Using TLS in Applications (UTA)”.  This working group is chartered to create a set of “best practices” guides to help application developers know how to implement TLS in the best way possible to defend against attacks such as those outlined in draft-sheffer-uta-tls-attacks.  You can find out more about the UTA Working Group, including how to join the public mailing list, at these links:

It seemed to us that these documents being created within the UTA group were ones that should be shared widely.  I put some ideas forward on the UTA mailing list and received positive responses – and so we’re launching this new section of Deploy360 to help get that information out.  As the UTA working group publishes documents we’ll try to do what we can to help more developers and network operators learn about those documents.

To that end, I’ll also note that the UTA working group will be meeting this coming Friday, March 7, from 0900-1130 UTC at the IETF 89 meeting in London.  I wrote about this in my article yesterday about the DNS-related activities happening at IETF 89.  You can join the session remotely to listen in, so if this is of interest to you please do join.

Now, our “TLS for Applications” section here on Deploy360 will not be ONLY about the documents coming out of the UTA working group. We’ll also be finding the best documents and tutorials related to TLS that we can find out there on the Internet.  We’ve put up a content roadmap identifying the types of documents we intend to add to the site.

We’d love to hear your feedback about this new section of Deploy360. Do you see this as something that will be helpful to you?

How You Can Help

We need your help!  In order to provide the best possible resources to help application developers expand their use of TLS, we need to hear from you!  We need your feedback to help us know how we can best help you.  A few specific requests:

1. Read through our pages and content roadmap - Please take a look at our “TLS for Applications” page to understand what we are trying to do, and also please take a look at our content roadmap for BGP.  Are the current resources listed helpful?  Is the way we have structured the information helpful?  Will the resources we list on our roadmap help you make your routers more secure?

2. Send us suggestions – If you know of a tutorial, video, case study, site or other resource we should consider adding to the site, please let us know. We have a list of many resources that we are considering, but we are always looking for more.

3. Volunteer – If you are very interested in this topic and would like to actively help us on an ongoing basis, please fill out our volunteer form and we’ll get you connected to what we are doing.

4. Help us spread the word – As we publish resources and blog posts relating to adding TLS to applications, please help us spread those links through social networks so that more people can learn about the topic.

Thank you!  Working together we can make the Internet more secure!