Preventing Disaster from Potential Security Bugs like Heartbleed
samlanning.comIn addition to grabbing the private keys of the server, they can also grab anything that the server process happened to have in memory.
Among many other things, do you think your web server sees cookies? Yes, clearly, right? So do you think the server sees session IDs? Yes, clearly. So any session created in the last 2 years is presumed compromised. This is undergoing active exploitation at at least one Bitcoin exchange -- somebody came up with a list of session IDs and copy/pasta'd the cookies into their Firefox to check their balances. Checking balances: not nearly the most interesting thing you can accomplish after logging in as someone.
Not enough fun yet? Does your web server see page content? So any page content created in the last 2 years...
Yes of course.
However by far the worst part of it is the private key leakage. With that, all the other stuff it sees in memory that is sensitive is probably being transmitted over the wire anyway. Which means that is can be MITM'd. Granted that is a lot more work than just examining memory...
If you plug that hole with a system like this, a website owner could just expire sessions and require people to log in again. In addition, the sessions for the past 2 years wont be at risk, only the active sessions used that day.
In short, short-lived certificates will dramatically reduce the damage, not prevent all damage.
EDIT: Sorry I realised that you were just adding to the list of consequences to this bug, not arguing the mitigations I mention would be useless! =)
This proposal has nothing to do with the current vuln. Heartbleed lets you use the negotiation/handshake to read all the memory on the server. It has nothing to do with certs at all. Revoking a cert just means you're closing the exposure after the fact; it's not really preventing disaster, more like mopping up after it.
Hi Peter,
The point of the article was more saying that revoking certs is not sufficient, and we need better procedures in place to prevent disaster when problems of this nature occur.
I have updated the article to add some clarifications in response to the comments posted here.