6

Is there a way to determine as an end-user which HTTPS sites use OpenSSL? Due to heartbleed it is recommended that clients change their passwords that were sent over TLS recently as private keys may have been compromised so eavesdropping and MitM attacks were possible.

However, I haven't seen any notices from any HTTPS sites saying, yes we used OpenSSL, please change your password. Is there anyone compiling a list of big sites?

Preferably including ones that are already patched, but use OpenSSL and quite possibly were vulnerable?

Yes, I've seen that there are HeartBleed checker tools, except these tools seem incomplete -- they only can tell if the site is currently vulnerable. If a site is currently vulnerable, its quite possible that someone could MitM your traffic to said site with a copy of their private key (but on the MitM not be vulnerable to Heartbleed).

ack__
  • 2,728
  • 14
  • 25
dr jimbob
  • 38,768
  • 8
  • 92
  • 161
  • 1
    There are ways to determine whether a site is *currently* vulnerable, but what makes this issue so critical is that sites which are not currently vulnerable (but were in the past) may have been exploited before. There's no way for system administrators to know if their site has been previously exploited, and there is no way for users to tell if there's a MitM who's exploited a site because the attacker would be using the legitimate original certificates. – Iszi Apr 08 '14 at 16:37
  • It would be nice to have a firefox/chrome extension that warns you when the website you're visiting sends content to a vulnerable SSL server... – lorenzog Apr 11 '14 at 08:24

3 Answers3

5

As an end user, not easily, unless an attacker brags about it or a site owner discovers it, you can't tell what's actually been lost.

For the technically adept, anyone (end user or site operator) running Snort or another IDS/IPS can look for indicators of realtime compromise in Snort rule form, as the attack can go both ways (your client can be attacked, too, if it's vulnerable). This doesn't tell you if someone else has attacked the website in the past, but it might tell you if someone's attacking you right now.

  • alert tcp any [!80,!445] -> any [!80,!445] (msg:"FOX-SRT - Suspicious - SSLv3 Large Heartbeat Response"; flow:established,to_client; content:"|18 03 00|"; depth: 3; byte_test:2, >, 200, 3, big; byte_test:2, <, 16385, 3, big; threshold:type limit, track by_src, count 1, seconds 600; reference:cve,2014-0160; classtype:bad-unknown; sid: 1000000; rev:4;)

  • alert tcp any [!80,!445] -> any [!80,!445] (msg:"FOX-SRT - Suspicious - TLSv1 Large Heartbeat Response"; flow:established,to_client; content:"|18 03 01|"; depth: 3; byte_test:2, >, 200, 3, big; byte_test:2, <, 16385, 3, big; threshold:type limit, track by_src, count 1, seconds 600; reference:cve,2014-0160; classtype:bad-unknown; sid: 1000001; rev:4;)

  • alert tcp any [!80,!445] -> any [!80,!445] (msg:"FOX-SRT - Suspicious - TLSv1.1 Large Heartbeat Response"; flow:established,to_client; content:"|18 03 02|"; depth: 3; byte_test:2, >, 200, 3, big; byte_test:2, <, 16385, 3, big; threshold:type limit, track by_src, count 1, seconds 600; reference:cve,2014-0160; classtype:bad-unknown; sid: 1000002; rev:4;)

  • alert tcp any [!80,!445] -> any [!80,!445] (msg:"FOX-SRT - Suspicious - TLSv1.2 Large Heartbeat Response"; flow:established,to_client; content:"|18 03 03|"; depth: 3; byte_test:2, >, 200, 3, big; byte_test:2, <, 16385, 3, big; threshold:type limit, track by_src, count 1, seconds 600; reference:cve,2014-0160; classtype:bad-unknown; sid: 1000003; rev:4;)

Site owners might detect compromises on a site that was recording a full packet sniffer trace, and was actually able to inspect the response sizes of heartbeat requests; other than that, it's very difficult to detect after the fact.

Other possible ways for site owners to detect it would be traffic analysis - having sent too many outbound responses of just over 64KB would be a warning sign, for instance.

Right now, though, there are several Heartbleed vulnerability detectors/checkers that I'll list for the community.

Qualys SSL Labs is more or less the canonical free SSL test site; they added an experimental Heartbleed test hours ago (and set the security grade to F for every site that's found to be vulnerable.

titanous on github appears to still be under active development, and titanous also released Go programming code for Heartbleed detection, had better messages than Filippo as of this morning, and was last updated 32 minutes ago. It appears to be under the Go license, though I didn't do a full comparison; similar to a BSD 3 clause license.

Filippo.io was one of the first Web sites, and they released their code on github with an MIT license (Go programming language), and was last updated 4 hours ago.

musalbas on github released the Python program "ssltest.py" about 10 hours ago that can do mass/bulk tests in only 178 lines (including a few comments), no license listed. Musalbas also released lists of the results of scanning the top 100, 1000, 10000, and 1 million Internet sites as of about 7 hours ago. This is a variant of Stafford's code.

possible.lv is another web site that does Heartbleed vulnerability scans.

Codenomicon Defensics appears to do detect Heartbleed as well.

@Lekensteyn released the pacemaker python client checker, modified a few hours ago, as well as the original Stafford version of ssltest.py. No specific license is listed.

Metasploit is also gaining Heartbleed tests very rapidly, including both the server check linked here and a client check from @HDMoore and @Lekensteyn.

Per @DrJimBob, the LastPass Heartbleed checker is a very nice setup for a Web checker; in particular, it also checks the SSL cert! Output looks like this:

Site:   security.stackexchange.com
Server software:    Not reported
Vulnerable: Possibly (might use OpenSSL)
SSL Certificate:    Possibly Unsafe (created 9 months ago at Jul 2 00:00:00 2013 GMT)
Assessment: Wait for the site to update before changing your password
Community
  • 1
Anti-weakpasswords
  • 9,785
  • 2
  • 23
  • 51
  • 2
    I also like the http://lastpass.com/heartbleed/ as it stores results of tested sites (was it ever tested to be vulnerable?), gives you information on whether their certificate was recently generated (indicating likely vulnerable in the past), and whether it seems to be running a unix/linux stack (where OpenSSL is more prevalent). – dr jimbob Apr 10 '14 at 15:08
  • @DrJimBob thank you, that's just what I was hoping to find. Answer updated! – Anti-weakpasswords Apr 11 '14 at 05:59
  • There's also this list of Alexa sites that potentially were claimed to be compromised at some point: https://gist.github.com/dberkholz/10169691 – dr jimbob Apr 11 '14 at 06:12
4

What you can do is to check if a website is vulnerable using the following online tool: http://filippo.io/Heartbleed

If it is, you might want to change your password for that site, whether or not the owner contacted you to do so.

However, to answer the last part of your question, no it is not possible to tell if a specific website has been compromised or not from an external end-user point of view. This can only be determined by the system administrators, following traditional incident management procedures, including forensics, monitoring etc. providing that specific auditing features were enabled.

ack__
  • 2,728
  • 14
  • 25
  • 2
    Note that changing your password on the site is only really valuable *after* the site has been patched so that it is no longer vulnerable. – Iszi Apr 08 '14 at 17:50
  • 1
    The description of the bug on heartbleed.com seems to say, at least as I udnderstood it, that there's no way to know for sure if a system has been compromised or not. So I'm not sure about the truth of the last sentence of this answer. –  Apr 08 '14 at 23:59
  • @fsb - well the sysadmins should know if they were using a compromised version of openssl and whether they've changed their private keys or not. Granted I don't trust them to reveal it publicly. – dr jimbob Apr 09 '14 at 03:28
  • @fsb - Even though this is rare and most companies are not doing it, proper and in-depth monitoring of network trafic can show if an attacker exploited the vulnerability or not. I understand this is only possible through network monitoring, as there is no trace left on the system (everything is done in memory, nothing written on disk). – ack__ Apr 09 '14 at 10:16
0

Is there a way to determine as an end-user which HTTPS sites use OpenSSL?

only website administrator can tell this info. From outside SSL version info can be retrived.

Due to heartbleed it is recommended that clients change their passwords that were sent over TLS recently as private keys may have been compromised so eavesdropping and MitM attacks were possible.

Changing Password will make sense only when a Patch is applied to OpenSSL or website is upgraded to OpenSSL VERSION 0.1.g otherwise you are risking another set of passwords.

However, I haven't seen any notices from any HTTPS sites saying, yes we used OpenSSL, please change your password. I there anyone compiling a list of big sites?

This vulnerability is new, many websites are still evaluating their software. Many website has disabled the heartbeat extension or they have proprietary SSL so no threat.This may be reason why you have not seen any notices. If a website is compromised then they should post this notice.

Preferably including ones that are already patched, but use OpenSSL and quite possibly were vulnerable?

Yes, I've seen that there are HeartBleed checker tools, except these tools seem incomplete -- they only can tell if the site is currently vulnerable. If a site is currently vulnerable, its quite possible that someone could MitM your traffic to said site with a copy of their private key (but on the MitM not be vulnerable to Heartbleed).

It can be traced through some log mechanism in the heartbeat extension calls with IP addresses. Not all website need heartbeat extension.

Manoj U
  • 1
  • 2