Computer Forensics Expert:
The heartbreak of Heartbleed:
What you need to know.

Digital Security Expert / Computer Forensics Articles

By Scott Greene

The Heartbleed bug is bad, very bad indeed. By one estimate, it affects nearly 2/3 of Internet sites.


In addition to websites, manufacturers of the equipment that run the Internet have also found that their equipment is affected. Cisco Systems and Juniper Networks, two of the biggest manufacturers of Internet equipment, announced that their products had been impacted by the Heartbleed bug. Routers, firewalls and switches from these manufacturers and others have likely been affected by the bug, leaving your personal information at risk of being stolen by hackers. 

Heartbleed OpenSSL Flaw

Unraveling the mystery and confusion:

OpenSSL is the product that is affected by the bug. The OpenSSL website describes their product this way: “The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation.”

The site goes on to say: “OpenSSL is based on the excellent SSLeay library developed by Eric A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an Apache-style licence, which basically means that you are free to get and use it for commercial and non-commercial purposes subject to some simple license conditions.”

To summarize, the software is free and can be used to encrypt data between devices and locations on the Internet. Encryption, when working properly, causes data to be unreadable. Theoretically the data using OpenSSL should be unreadable as it traverses the Internet.

The flaw in OpenSSL allows the theft of encryption certificate keys. This flaw may expose passwords and other data as it is being transmitted between your computer or router and websites. Internet companies with affected websites will re-generate their security by rekeying or generating new SSL certificates.

The Heartbleed flaw has been around for at least two years. The flaw was created when some of programmers of the software created a simple coding error that never got noticed. The Heartbleed bug was discovered by researchers at security firm Codenomicon and by Google Security's Neel Mehta.


What do you need to do?

So, what does this mean to you, your equipment and the information that you may have shared with websites on the internet? What should you be doing about the exploit?

  1. Do not panic. This bug is not as easy to exploit as some have made out. Still, caution is necessary.

  2. Find out if sites you use are impacted. Companies like Google, Facebook and Yahoo were all impacted and have fixed their systems. Smaller organizations may be slower to fix theirs.

  3. Change your passwords for sites that are affected. However, and this point is critical: There is no point changing your password until the site or sites that you are changing the password for are fixed. When they are fixed, it is time to change your password. Many of the affected companies are notifying their users when their sites have been fixed. Change your password at that point. We can’t emphasize this enough: Changing your password before the system is patched is worthless. You will only be required to change the password again when it is patched.

  4. Check the following sites to see what companies were affected and if they have patched their systems:

    1. Cnet

    2. Mashable

  5. The following sites report that they are patched and ready to receive your new password: Google (and Gmail), Yahoo (and Yahoo Mail), Facebook, Pinterest, Instagram, Tumblr, Etsy, GoDaddy, Intuit, USAA, Box and Dropbox. As more companies create patches to Heartbleed, this list will grow.

  6. If you use the same password across a lot of sites, then it is recommended that you change them all. If a hacker were to gain knowledge of your common password from one site, then they would have access to several. Do not change all of your passwords, however, until each of the websites is patched. You may be changing passwords, one at a time, for several months.

  7. If you wish to test a site that may be affected, you can use these online tools:

    1. Critical Watch

    2. Filippo.io

  8. Stay away from public hotspots and public Wi-Fi. You aren’t going to know what brands of routers and fire walls are being used in public places, nor are you going to know if the public hotspots and Wi-Fi have been patched or if proper precautions have been taken against Heartbleed. You are better off not using any public networks until the dust settles.

  9. Watch your credit card statements and bank accounts. Notify your bank or credit card company immediately if you see anything that doesn’t belong. If any personal information or even your identity was stolen, it may be a while before you find out. Be diligent about reviewing your accounts going forward. Don’t let your guard down.

  10. Download any software updates when they become available. Generally this bug will affect routers and firewalls in your home or organization. Check with the manufacturer to see if any of the devices that you own or use are affected. Cisco has released a complete list of all vulnerable products and is working on creating free software updates to protect customers. Juniper has also published a list of vulnerable devices and is working on a solution.

  11. Until the routers and firewalls are fixed, find out what kids of router you use in your home and office. Check to see if there is a software update or patch for that particular make and model. If there is not, check back on that company's site every few days to see if a software update is available for download. It could take some time, so be patient. If your router was supplied by your Internet Service Provider, contact them for more information.

  12. Turn off your router's remote access. This will turn off your ability to remotely program the router from outside of your home or office. That feature is probably not used anyway so you won’t be missing anything. Your ability to do what you have always done inside your network will not change. It will make it less likely that hackers can re-program your router to suit their needs. To do so, login to the web interface of the router and turn off “Remote Access”. If you don’t know how to do so, contact your IT person or the manufacturer for more information and help.


NSA:

Bloomberg has reported that at least two sources familiar with the matter said that the NSA had been aware of the bug for at least two years and used it to gather critical information. Apparently the NSA has the resources to look for these bugs.
Not surprisingly, the NSA has denied the report. Equally unsurprisingly, many people doubted the NSA’s denial. There seems to be little question that the NSA is aware of many bugs and has used them to collect intelligence. It seems that “The NSA denies any knowledge" is bound to be a recurring theme in our future.

Evidence Solutions, Inc.

Complex Electronic Evidence in PLAIN English.

Call us today with your Digital Evidence Questions: 866-795-7166 or  This email address is being protected from spambots. You need JavaScript enabled to view it.

Related Articles:

Six Steps to More Security and Privacy

Alert! Stop using Microsoft’s Internet Explorer RIGHT NOW!

Who is Watching You Online?

Electronic Frontier Foundation 2014 “Who has your back”

How to beef up your travel security & stay safe this summer

 

Like Our Electronic Evidence Expert Witnesses on Facebook

Follow Our Digital Evidence Division on LinkedIn

Circle Our Computer Forensics Division on Google+

Google+ Author

Google+ Publisher