Biz & IT —

Critical crypto bug exposes Yahoo Mail, other passwords Russian roulette-style

OpenSSL defect still exposing sensitive data even after patch is released.

Critical crypto bug exposes Yahoo Mail, other passwords Russian roulette-style

Lest readers think "catastrophic" is too exaggerated a description for the critical defect affecting an estimated two-thirds of the Internet's Web servers, consider this: at the moment this article was being prepared, the so-called Heartbleed bug was exposing end-user passwords, the contents of confidential e-mails, and other sensitive data belonging to Yahoo Mail and almost certainly countless other services.

The two-year-old bug is the result of a mundane coding error in OpenSSL, the world's most popular code library for implementing HTTPS encryption in websites, e-mail servers, and applications. The result of a missing bounds check in the source code, Heartbleed allows attackers to recover large chunks of private computer memory that handle OpenSSL processes. The leak is the digital equivalent of a grab bag that hackers can blindly reach into over and over simply by sending a series of commands to vulnerable servers. The returned contents could include something as banal as a time stamp, or it could return far more valuable assets such as authentication credentials or even the private key at the heart of a website's entire cryptographic certificate.

Underscoring the urgency of the problem, a conservatively estimated two-thirds of the Internet's Web servers use OpenSSL to cryptographically prove their legitimacy and to protect passwords and other sensitive data from eavesdropping. Many more e-mail servers and end-user computers rely on OpenSSL to encrypt passwords, e-mail, instant messages, and other sensitive data. OpenSSL developers have released version 1.0.1g that readers should install immediately on any vulnerable machines they maintain. But given the stakes and the time it takes to update millions of servers, the risks remain high.

Enter Yahoo Mail

For an idea of the type of information that remains available to anyone who knows how to use open source tools like this one, just consider Yahoo Mail, the world's most widely used Web mail service. The images below were recovered by Mark Loman, a malware and security researcher with no privileged access to Yahoo Mail servers. The plaintext passwords appearing in them have been obscured to protect the Yahoo Mail users they belong to, a courtesy not everyone exploiting this vulnerability is likely to offer. To retrieve them, Loman sent a series of requests to servers running Yahoo Mail at precisely the same time as the credentials just happened to be stored—Russian roulette-style—in Yahoo memory.

Hackers can repeat the process over and over on unpatched servers and then use freely available software to scan the results for all kinds of sensitive data. In theory, attackers may also be able to query client machines running OpenSSL-powered software to retrieve large chunks of sensitive memory, too.

(Private) keys to the kingdom

The huge number of servers running software vulnerable to Heartbleed exploits isn't the only thing that makes patching difficult. That's because one of the crucially sensitive pieces of information potentially exposed by the vulnerability is the private key that corresponds to a website's digital certificate. Attackers who get access to the private key can use it to impersonate a site even after the OpenSSL patch is applied. What's more, for sites that don't use a cryptographic property known as perfect forward secrecy, attackers might be able to use the key to decrypt data already sent. And of course, any sensitive data transmitted between the time the flaw was discovered and when it was patched remains potentially compromised.

All of this means that applying the OpenSSL patch is only the starting point on the multi-step path of Heartbleed recovery. Website operators should strongly consider replacing their X.509 certificates after applying the update and getting all users and administrators to change passwords as well. While it's possible that none of this data has been compromised, there's no way to rule it out, either.

It's probably premature for users to replace passwords across the board, but for sites they know have received the OpenSSL patch, it may be a good idea to change login credentials. People who are truly security conscious may want to change passwords a second time if they notice a patched site later updates its digital certificate.

In the meantime, readers should steer clear of Yahoo Mail and any other sites that are still running vulnerable versions of OpenSSL. The login credential you save may be your own.

Story updated to add "other" to headline.

Channel Ars Technica