Heartbleed developer explains OpenSSL mistake that put Web at risk
"Trivial" coding error in open source project wasn't intentional, report says.
The
software developer who inserted a major security flaw into OpenSSL has
said the error was "quite trivial" despite the severity of its impact,
according to a new report.
The Sydney Morning Herald published an interview today with Robin Seggelmann,
who added the flawed code to OpenSSL, the world's most popular library
for implementing HTTPS encryption in websites, e-mail servers, and
applications. The flaw can expose user passwords and potentially the
private key used in a website's cryptographic certificate (whether
private keys are at risk is still being determined).
The Herald reports:
A Netcraft post on Tuesday said that "Support for heartbeats was added to OpenSSL 1.0.1 (released in 2012) by Robin Seggelmann, who also coauthored the Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) Heartbeat Extension RFC. The new code was committed to OpenSSL's git repository just before midnight on new year's eve 2011."
A "heartbeat" is "a check to see if the other party is still present or if they’ve dropped off," security expert Troy Hunt wrote. "In the context of SSL, the initial negotiation between the client and the server has a communication overhead that the heartbeat helps avoid repeating by establishing if the peer is still 'alive,'" he wrote. "Without the heartbeat, the only way to do this is by renegotiation, which in relative terms is costly." The Heartbleed flaw lets attackers "control the heartbeat size and structure to be larger than expected" and receive responses from the server that contain information that should have been kept secure.
"Ultimately, this boiled down to a very simple bug in a very small piece of code that required a very small fix," Hunt wrote. "Now it just needs to be installed on half a million vulnerable websites."
The Herald reports:
Dr. Seggelmann, of Münster in Germany, said the bug which introduced the flaw was "unfortunately" missed by him and a reviewer when it was introduced into the open source OpenSSL encryption protocol over two years ago.Seggelmann said it might be "tempting" to assume the bug was inserted deliberately by a spy agency or hacker. "But in this case, it was a simple programming error in a new feature, which unfortunately occurred in a security relevant area," he said, according to the newspaper report. "It was not intended at all, especially since I have previously fixed OpenSSL bugs myself and was trying to contribute to the project."
"I was working on improving OpenSSL and submitted numerous bug fixes and added new features," he said.
"In one of the new features, unfortunately, I missed validating a variable containing a length."
After he submitted the code, a reviewer "apparently also didn’t notice the missing validation," Dr. Seggelmann said, "so the error made its way from the development branch into the released version." Logs show that reviewer was Dr. Stephen Henson.
Dr. Seggelmann said the error he introduced was "quite trivial", but acknowledged that its impact was "severe".
A Netcraft post on Tuesday said that "Support for heartbeats was added to OpenSSL 1.0.1 (released in 2012) by Robin Seggelmann, who also coauthored the Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) Heartbeat Extension RFC. The new code was committed to OpenSSL's git repository just before midnight on new year's eve 2011."
A "heartbeat" is "a check to see if the other party is still present or if they’ve dropped off," security expert Troy Hunt wrote. "In the context of SSL, the initial negotiation between the client and the server has a communication overhead that the heartbeat helps avoid repeating by establishing if the peer is still 'alive,'" he wrote. "Without the heartbeat, the only way to do this is by renegotiation, which in relative terms is costly." The Heartbleed flaw lets attackers "control the heartbeat size and structure to be larger than expected" and receive responses from the server that contain information that should have been kept secure.
"Ultimately, this boiled down to a very simple bug in a very small piece of code that required a very small fix," Hunt wrote. "Now it just needs to be installed on half a million vulnerable websites."
No comments:
Post a Comment