OpenSSL vulnerability

What is “Heartbleed”

A serious and widely spread vulnerability has recently been identified impacting estimated 2/3 of all websites and web related services. Many business and consumer web services are affected.

Risks

Risk associated with this vulnerability is that any information you may have submitted securely onto or via affected websites may not be secure and could be compromised (passwords, credit card numbers, etc.)

Recommended action

Recommended action is to verify web services you use are either not affected or have been updated. For any affected services, ensure you immediately change your passwords and monitor credit card activity where applicable.

EXPERT CARE MANAGED SERVICES CLIENTS

If your business is under Intellect IT Expert Care Managed Services contract, your managed infrastructure is being assessed and will have updates applied where necessary, no further action is required from you.

TIME & MATERIALS CLIENTS

Our vulnerability assessment services designed to swiftly identify system vulnerabilities across your network environment to ensure no stone is left unturned. Contact us on 1300 799 165 or your account manager for further information.

Technical details

This vulnerability is within open source cryptography library OpenSSL, it is used by millions of websites, web related services computer systems including firewalls, switches, routers and servers. Specific vulnerable process within OpenSSL is the heartbeat extension, which can be exploited to allow attacker access to sensitive information. 

Attacker is able to to access encrypted within the SSL (HTTPS) session plus system’s private key, allowing any past or future encrypted conversations to be decrypted. Information that is at risk includes but not limited to user names, passwords and financial information – basically any piece of information being sent or received via an affected system.

In addition to this, as the attacker is also able to obtain the private key from vulnerable system, they are able to impersonate the vulnerable system to unsuspecting users. Such attacks are called man in the middle attacks and are common methods for stealing bank/financial information. Window of vulnerability is open until administrators of vulnerable systems update their systems and regenerate all SSL certificates.

Affected systems

This vulnerability has existed for over a year, close to two, however it was only publicly detected in the last week. Since then a number of service providers and vendors already remedied their systems or are in the process of doing so. 

Software/hardware

Following list covers commonly used systems and server systems and their vulnerability status, for updated list please see cert.org:

AFFECTED

  • VMware vSphere including version 5.5
  • Cisco Systems Networking Equipment and Software
  • D-Link networking equipment
  • Juniper Networking Equipment and Software
  • Fortinet Firewalls
  • Watchguard Firewalls
  • Aruba Networks Networking equipment

NOT AFFECTED

  • Microsoft Windows OS and Application systems (including Exchange)
  • Digium Unified Communication systems
  • Palo Alto Networks Firewalls
  • Meru Networks Wireless
  • Any systems that does not run or have vulnerable OpenSSL libraries included

Online services

Following list covers commonly used online systems and services and their vulnerability status, please review your own list of services to confirm with each provider vulnerability status and if in doubt change your passwords. 

AFFECTED

  • Amazon Web Services
  • Dropbox
  • Box.net
  • Google
  • Facebook
  • Instragram
  • Yahoo
  • GoDaddy
  • Flickr
  • YouTube
  • Wikipedia

NOT AFFECTED

  • LinkedIn
  • Twitter
  • Microsoft Hotmail / Outlook.com
  • Microsoft Online services
  • eBay
  • PayPal
  • Most Online banking systems
  • Evernote

Posted on