目录

. Heartbleed漏洞简介

. 漏洞造成的风险和影响

. 漏洞的测试、POC

. OpenSSL漏洞源代码分析

. 防御、修复方案

. 从漏洞中得到的攻防思考

1. Heartbleed漏洞简介

从本质上说,这个漏洞的起因是一个操作系统基础软件库OPENSSL在实现TLS/DTLS heartbeat extension (RFC6520) 时存在代码bug,导致越权信息泄漏

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL Cryptographic Software Library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet.
SSL/TLS provides communication security and privacy over the Internet for applications such as

. web

. email

. instant messaging (IM)

. some virtual private networks (VPNs).

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software.
This compromises the

. secret keys used to identify the service providers and to encrypt the traffic

. names and passwords of the users and the actual content.

. allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

0x1: What makes the Heartbleed Bug unique?

Bugs in single software or library come and go and are fixed by new versions. However this bug has left large amount of private keys and other secrets exposed to the Internet. Considering the long exposure, ease of exploitation and attacks leaving no trace this exposure should be taken seriously.

这种敏感信息类型的漏洞造成的影响并不仅仅在于漏洞爆发后到修复这个期间互联网遭受到的黑客攻击,而更重要的是我们需要评估在这个期间应用系统遭受到的"不可逆的损失",这类安全漏洞也有很多,例如

. drupal注入漏洞导致黑客在数据库中插入管理员帐号:

从爆发到最后官方给出修复方案的8个小时中,目标系统就遭受到了大量的攻击,大量数据库遭受到了污染

. heartbleed漏洞造成的secret key、username/passwd泄漏

这种漏洞对应用系统造成的危害是长时间的,要做到彻底修复这个漏洞,需要进行密码大规模重置、密钥重置、脏数据回滚等操作

0x2: Is this a design flaw in SSL/TLS protocol specification?

要注意的是,Heartbleed不是一个协议设计漏洞,而是一个代码实现的bug导致的漏洞

0x3: What is being leaked?

当应用系统使用存在漏洞的openssl库的时候,就有可能造成一下的敏感信息外泄

. primary key material

. secondary key material

. protected content

. collateral

Relevant Link:

http://heartbleed.com/

2. 漏洞造成的风险和影响

0x1: What is leaked primary key material
These are the crown jewels, the encryption keys themselves. Leaked secret keys allow the attacker

. to decrypt any past and future traffic to the protected services

. to impersonate the service at will.

. Any protection given by the encryption and the signatures in the X. certificates can be bypassed.

0x2: What is leaked secondary key material

These are for example the user credentials (user names and passwords) used in the vulnerable services.

0x3: What is leaked protected content

This is the actual content handled by the vulnerable services. It may be personal or financial details, private communication such as emails or instant messages, documents or anything seen worth protecting by encryption. Only owners of the services will be able to estimate the likelihood what has been leaked and they should notify their users accordingly

0x4: What is leaked collateral

Leaked collateral are other details that have been exposed to the attacker in the leaked memory content. These may contain technical details such as memory addresses and security measures such as canaries used to protect against overflow attacks

0x5: How widespread is this 

. Apache

. nginx.

//Furthermore OpenSSL is used to protect for example

. email servers (SMTP, POP and IMAP protocols)

. chat servers (XMPP protocol)

. virtual private networks (SSL VPNs)

. network appliances

. wide variety of client side software.

//Fortunately

. many large consumer sites are saved by their conservative choice of SSL/TLS termination equipment and software.

OpenSSL is very popular in client software and somewhat popular in networked appliances which have most inertia in getting updates.

0x6: 存在漏洞的OpenSSL版本

OpenSSL 1.0.-beta

OpenSSL 1.0. - OpenSSL 1.0.1f

openssl-1.0.1e

引用知乎上的一张图进行形象地描述

Relevant Link:

http://baike.baidu.com/view/12769298.htm

http://www.zhihu.com/question/23328658

http://www.infoq.com/cn/news/2014/04/openssl-heartbleed

https://www.trustasia.com/about/news/openssl-heartbleed.html

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

3. 漏洞的测试、POC

0x1: 本机测试是否存在漏洞的方法

这个漏洞的本质是代码级的漏洞,所以检测本机是否存在漏洞的最简单方式就是检查本机的openssl版本

openssl version

aaarticlea/png;base64,iVBORw0KGgoAAAANSUhEUgAAAYEAAAApCAIAAABcAwJEAAAQEElEQVR4nO2de1CU1RvHDy5xB5VLFOhIch1uglwjuTWglibJYIiQNWlZ+YeFlFCLDZVG3EJgEEFugziRMMVARs6SS2wOxWUoCXFCmIC4XxbYhdVdeH9/nPm9s79933N2l5ZLv87nr32fffec533OOV/OOe/7PgBAIBAIBAKBQCAQCAQCgUAgEAgEAoFAIBAIBAJhbZDJZBRFCQSC9XYEiEQiiqIoinJyclrL8nk8XmJi4mrUuJYkJibyeLz19mKF8Pl82DTa2trr7YvGWO3+vDI2Yj+RyWTe3t6rVLi3tzdFUUx7bGxse3u7SCTq7e09duwYbdfT01vVNmMtX4MahLreNeDAgQPvvffe3ylh06ZNmZmZ09PTMzMz2dnZHA4Hb0eRmpr64MEDqVQ6NjaWlZWlq6uLt0M8PDxYNai+vj46Onrr1q0ikegfp1Cr3Z9XwN/vJ5pn7TUoISGhs7PT399fW1vbx8dneHjYx8cHfkU0aB2Jj4+fnJwMCQkJDAwcGxt7//338XYU77777uHDh729vY8ePTo+Pp6Wloa3Q1AaNDk5uWPHjueee66pqUlDF7p2bEAN2oiwatC1a9dyc3MzMjJmZmZEItFbb70FADAwMCguLhYKhXNzc+Xl5YaGhvBkVrudnR31vzQ0NAAAnnrqqeHhYQsLC7quM2fOZGdnw8+sbYaqFwDg6+vb1NS0uLg4MTGRlZUFjUeOHOno6JBIJNPT08XFxUZGRvT5KA367LPPamtrFxcX29vbt23bhq9XX1+/rKxMKBQ+fPiwo6PD09MTc70YUH5yOJwLFy6MjIxIJJLvv/9++/bt0G5qavrtt99KJJJffvklPT29paUF2qOiomCNCnNsVj8x9PT0fPTRR/BzYmLiH3/8gberQkZGRnNzsyp2Vg2yt7cfHh4GAKSkpKSmpuLrQrWXQCAoKSlpb2+fnJxsaGig+x4qzjweLycnp7GxcXZ2Vr4/oOKJibPqGrRr1y6pVLplyxZ4aGJi8vDhQ19fX4yfADFOUf6g+gkqbqg4aB6UBo2PjycnJxsZGVlbWwcEBAAA8vLyenp6vLy8PD09u7u7L1++DE9G2QHbvOD8+fMXLlwAAAQGBra2tnZ3d+fl5VVVVcFvWdsMVb6Njc38/HxmZqadnZ27u/vnn38O7SdOnIiKirKxsXFzc2tubi4oKKCLQmnQxMREZGSku7t7R0fHlStX8PUmJCT09vZ6enpaW1tHRkZ6eXlhrhcDys/U1NTOzk5fX197e/vy8nJaa7788suWlhZnZ+f9+/fPzs7SdghznY/xk4mhoSFFUfv27YOHISEhFEUZGxuj7EqvTktLy8HB4e7du7C5ldoVNMjf318oFIpEIplMBofTwsKCUCjE1IhqL4FAMD09bWtrq62tXVlZWVNTA+2oOPN4vNHRUXt7ex0dnYaGBro/oOKJibNa86De3t64uDj4OSYmZmBgQEtLC+MnQIxTfLsz+wkqbqg4aB6UBrW3t8tbtLS0hEIhvXcTHR09Nze3adMmlB0eMsfkzZs3w8LCjIyMJicnY2JiHB0dW1tbq6ur4bfMNsOUf/HixdbWVvzVHT169N69e/QhSoOuXr0KP58+fRpeOKbezMxM1BxnxWsx2k9dXV2xWLxnzx5oNzY2Xl5e3rlzp6GhoVQqDQ0NhfarV68q1SCMn0x27NhBUZSXl9eNGzdqampcXV0pitq5cyfKji/t7bffXlpaoiiquLiY7gwYO2BokK6uro2NTXV19Ycffujg4LCwsODm5mZjY4OqEdNeAoGAHle7d++WSqVGRkaoOAMAeDxebm4utL/xxhv0QEDFExNntTQoLS2N1seqqiq4OMD4CdjGKd4fwOgnmLih4qB5UBokP30AAFhYWFAU5e7uDg9dXFwoinriiSdQdnjIHJPt7e3Ozs5hYWF37tyBlpdeegmjQZjy6+rqLl26xLwib29vPp8vFovhzHNwcJD+CqVBH3zwAfwcFxcHtQBTr4+Pj0gkam1tzcjICA4OVqhadQ1i9RNWpEBAQAAc/I8//jj8bXx8vFINwvjJhNaa3Nzc3NxcpgYp2PGlmZqa7tq1KzY2dnBw8J133lFqB4i12ODgoJ2dXWhoqMLFMsG0l0AgSEhIgPYtW7ZQFOXq6oqKMwCAx+MlJSXB8+n+ANDxxMRZLQ3y8/MTi8X6+vq6urpzc3OBgYEA3R/gT5jjFO8PYPQTTNxQcdA8KA2i92jwvqqrQW1tba6uruHh4T/88AO0HDp0aMUapOAkAIDD4QwPD2dlZZmamgIAoqKihoaG6G+V7knHxcX19PTg6wUAmJubHz9+vLKyUiaTvfzyy3RRqmsQyk9Ykfx+GWQFGoTxkwnrmsvExARlV+UaAQDHjx+fnp5Wxa6gQZOTk0KhkKIooVC4sLDw6NEjoVBITweY4DXo3Llz0G5mZkZRlJubGyrOANEfIKh4ouxqaZCWltbg4GBERMTzzz8/OjoKJyMYPwHbOMX7A9TUIFQcNIyKGsScs83Pz7OuxaAdHnp6elIUJT/rrq2tPXjwoImJyfj4uIeHh46OTl1dHa1BHA5neXlZflcPUz7rWgz+3abFgsvlymsQs3yAiDX+umjy8/O/+uor+pB5vShQfurq6i4sLLz44osK58O12LPPPgsPi4qKVNEglJ+s9PT0nD9/Hn4+d+6c/J40q10VXn31VYlEoopdQYN27NiRnJxcXV1tY2PT3t4eFxdnY2Ojp6eHqgjTXgKB4Nq1a9AeFBQkk8mMjY1RcQaqjT1UPBXsrP0NQ05OTllZWWFhIb14xPgJ0BqE8VPpWoyO24bTIABAfn5+T0/P7t27PT09f//998LCQrwdAGBubr60tHTkyBEDA4PHHnsMABAfHw9nj+Hh4Xfv3r1//35paWl5eTn9k19//TU3N9fKymrr1q348uk9aVtbWxcXl48//hgAoKenNzs7C/f2HBwc/vrrL3kNYi0fFWtUva+//npkZOS2bds8PT27urrk91aZ14sC42d6evrg4OD+/fu3b9++b9++69evQzvck3Z0dAwLC5uamlKqQRg/WTl79uzExERwcPCePXtGRkboe/AoOyuWlpYFBQUHDhzw8vKKiYkZGhqCYwBlp2GuxSoqKk6dOqWjoyMWi1WZeaHaSyAQiMXiiIgIR0fHpqamr7/+GtpRcUb1B1Q88XFm9jcMISEhU1NTo6OjYWFhtBHlJ0CMU7w/zH6CittG1CBDQ8PS0tK5ubn5+fmKigr6XjLKDklKSpqamqL+e6/a3Nx8bGzMzc0N5c8zzzzT19dHyd1BxJRP35ufnp6m94YOHTrU398/MDDQ3NyclJSkoEHM8lGxRtX7yiuvdHV1PXr0aGZmprS0VP5ZAeb1YkD5yeFwUlJSBgcHZTJZf38//cyBmZnZzZs3JRJJa2trWloa/Wh7T0+Pwn4BvI2K95MJfBZxZmZGKBQyn1Fk2lkxMTGpqakZGRmRyWTj4+NXrlyB8oGy0zA1qK+vz9nZOSAgoKOjA+85BNVeAoEgOzu7ra0N3tum17OoOKP6Ayqe+Dgz+xsGDoczPj4+NTUlHweUnwAxTlH+oPoJKm7rrEGryuHDh4eGhuLi4jZv3qyvr29lZbWWtf9/8Mknn9y4cWO9vdAkqGcU/z4CgUBh/5uwsZBIJBKJpLGxcS0r9fHx+eabb8bHx8ViMeu9LQITPz+/8PBwQ0NDFxeXP//8Mzo6er090hi3bt2SSCQymUzpiyArgGgQgaAZwsLCent7pVLp6Ogol8tdb3f+MRANIhA2EBkI1F0EaaocAoFAIBAIBAKBQFhV3Nzcurq6lpaWJicn5e0bMafU34PP59PvRhAIOPT09AoLC4VC4ezsbElJib6+vmbLt7S0rKqqEgqFEomkra0tKioKby8oKFD9HUsAgL+/f319/fT0NP2kAx51c3GpWz6eqqqqyspKCwsLhediVi+nFMp/da+Ly+UqPFeCeWcCqK9BXC733r17Uql0eHj44sWL9I4Sqr1Q/uNzpBE2Il988cXAwEBoaGhQUFB/f39eXp5my//xxx/5fH5QUJCrq+uJEyfOnDmDt6urQXv37v3000/Pnj2r4lhSNxeXuuXjuXPnDkzvsmag/Ff3urhcbn9/v4cc+Mcd1dWg27dvnzp1ys/P77XXXhOLxSkpKdCOai+U//gcaYQNB4fDmZmZOX36NDw8efLk/Pw8fL1AIzmfTExMKIpi5qxB2YH6GgSBr4mqMpZWlouLWT4mpxQrPB5PfhJBr8VQOaVQ8Vc3JxnKf7ydCZfLZX1GFhUHPp+fk5PT0tIikUh4PN6TTz6pip+Qy5cv0+8A4tsL7z8qdxphA2Fra0tR1NNPPw0P4cuWzs7OQEM5n+C7dsy5BsoOVlmDVpyLi1k+JqcUhpaWljfffJNpZ+4HoeKvVk4yjP94OxOUBqHiABOSREREODg4NDY2fvfdd6r4CSkrK6utrQUqtBfKf1SONMKGw8/Pj6IoR0dHeAhf4w4KCgKay/l08uTJxcXFBw8eFBUV0Z0JY19VDVpZLi5m+ficUhjU0iBm/IGaOclQ/iu1M1HYD+rq6gLYOPD5fPo9dT8/v+XlZTMzM1VcdXR0FIvFMOWN0vZi9R+TI42w4cBrkEZyPgEAzM3NY2Nji4qKRCKR/DsZrPa10SC1cnExy8fnlKqpqZHJZDKZDP4xl0ctDWLGH6iZkwzlv1I7E4X9INhnMHHg8/l0Tji49Kb/ZwEGU1PT7u7u5ORkeKi0vVj9x+RII2w4YA521FpMUzmfaA4ePLi0tLR582aMfe3XYqpkhGDVIFROKWtraycnJycnJ6Y/amkQM/7wUPWcZCj/ldqZsK7FMHFgapDSZaORkVFLS0t+fj5tUdpeeP9RudMIGwgOhyMUClF70hrP+eTs7ExRlLW1NcauWQ2ysrJSeCMfn4uLeT5r+ficUhjU0iBm/BV+pUpOMlb/ldqZsGoQJg58Pr+iogJ+9vPzW1pawqfO0dPTa2xsvH79usLqCd9eeP9RudMIG4tLly4NDAyEhIQEBQX19fXR9+Y1lfPp9u3bsbGxLi4uwcHBfD6fXqOh7AUFBT/99JP8PWD8PoKRkZGHh8exY8coitq7dy/Mykh/29nZCXcuaPC5uJjno8rH5JTCoJYGscZf3ZxkKP/xcWOC2pNGxYHP54tEohdeeMHe3r6xsZG5LFWgrq7ut99+8/b2ho0OJ+MA3V6s/ivNkUbYiOjr6xcXF8/Ozs7NzZWUlBgYGEC7pnI+paen379/XyqVzs3N1dfX29nZ4e0FBQUK+wusg5YGzs/lkf+/C0xNwefiYp6PKh+TUwoDU4NQOaVQ8Vc3JxnKf3zcmGDuzbPGAd6b//nnnyUSya1btywtLTGFa2trKzhD53JDtRer/0pzpBH+SZBcB+sLiT/h3w4ZA+sLiT/h3w4ZA+sLiT+BQCAQCAQCQWUoBOvtF4FA+HdANOgfx38ACFuLBJqxByEAAAAASUVORK5CYII=" alt="" />

结果显示openssl 1.0.1e,为存在漏洞的openssl版本,因此判断本机存在heartbleed漏洞

0x2: 在线漏洞测试的网站

https://filippo.io/Heartbleed/

https://www.trustasia.com/tools/bleed-checker/

4. OpenSSL漏洞源代码分析

0x1: SSL协议格式分析

在开始从源码级别了解Heartbleed漏洞的原理之前,我们需要对SSL协议的格式有一个详细的了解,从黑客角度上来说,要发送这种攻击,需要借助"协议数据包篡改技术",通过构造"畸形"的SSL数据包向引入了存在漏洞的openssl代码库的web server发起请求,从而获取目标web server的TLS Stack上和当前数据报相邻的64KB的数据(之所以是64kb,也和SSL协议本身有关系,协议中可供黑客修改的这个字段的最大长度是3bytes)

关于SSL/TLS协议格式的相关知识请参阅另一篇文章

http://www.cnblogs.com/LittleHann/p/3733469.html

0x2: 漏洞细节分析

下载openssl-1.0.1f.tar.gz源代码

https://www.openssl.org/source/

\openssl-1.0.1f\ssl\d1_both.c

int dtls1_process_heartbeat(SSL *s)

{

    /*

    So, first we get a pointer to the data within an SSLv3 record. That looks like this:

    typedef struct ssl3_record_st

    {

        int type;               // type of record

        unsigned int length;    // How many bytes available

        unsigned int off;       // read/write offset into 'buf'

        unsigned char *data;    // pointer to the record data

        unsigned char *input;   // where the decode bytes are

        unsigned char *comp;    // only used with decompression - malloc()ed

        unsigned long epoch;    // epoch number, needed by DTLS1

        unsigned char seq_num[8]; // sequence number, needed by DTLS1

    } SSL3_RECORD;

    */

    unsigned char *p = &s->s3->rrec.data[], *pl;

    unsigned short hbtype;

    unsigned int payload;

    unsigned int padding = ; /* Use minimum padding */

    /* Read type and payload length first */

    /*

    The first byte of the SSLv3 record is the heartbeat type.

    The macro n2s takes two bytes from p, and puts them in payload. This is actually the length of the payload.

    这里要重点注意,代码并没有对SSLv3记录数据的"实际长度"进行判断,而是选择"信任用户发送的数据包中的字段"

    */

    hbtype = *p++;

    n2s(p, payload);

    //The variable pl is then the resulting heartbeat data, supplied by the requester.

    pl = p;

    if (s->msg_callback)

        s->msg_callback(, s->version, TLS1_RT_HEARTBEAT,

            &s->s3->rrec.data[], s->s3->rrec.length,

            s, s->msg_callback_arg);

    if (hbtype == TLS1_HB_REQUEST)

        {

        unsigned char *buffer, *bp;

        int r;

        /* Allocate memory for the response, size is 1 byte

         * message type, plus 2 bytes payload length, plus

         * payload, plus padding

         */

        buffer = OPENSSL_malloc( +  + payload + padding);

        /*

        So we're allocating as much memory as the requester asked for: up to 65535+1+2+16, to be precise. The variable bp is going to be the pointer used for accessing this memory.

        */

        bp = buffer;

        /* Enter response type, length and copy payload */

        *bp++ = TLS1_HB_RESPONSE;

        s2n(payload, bp);

        memcpy(bp, pl, payload);

        /*

        The macro s2n does the inverse of n2s: it takes a 16-bit value and puts it into two bytes. So it puts the same payload length requested.

        Then it copies payload bytes from pl, the user supplied data, to the newly allocated bp array. After this, it sends this all back to the user

        */

        bp += payload;

        /* Random padding */

        RAND_pseudo_bytes(bp, padding);

        r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer,  + payload + padding);

        if (r >=  && s->msg_callback)

            s->msg_callback(, s->version, TLS1_RT_HEARTBEAT,

                buffer,  + payload + padding,

                s, s->msg_callback_arg);

        OPENSSL_free(buffer);

        if (r < )

            return r;

        }

    else if (hbtype == TLS1_HB_RESPONSE)

        {

        unsigned int seq;

        /* We only send sequence numbers (2 bytes unsigned int),

         * and 16 random bytes, so we just try to read the

         * sequence number */

        n2s(pl, seq);

        if (payload ==  && seq == s->tlsext_hb_seq)

            {

            dtls1_stop_timer(s);

            s->tlsext_hb_seq++;

            s->tlsext_hb_pending = ;

            }

        }

    return ;

    }

对这段代码的逻辑进行一下梳理

. 函数接收用户发送到服务端的SSLv3数据包,并对其中的字段进行解析

. 代码无条件"信任"数据包头中的length字段,作为此次SSL数据包的总长度

. 在从内存申请和填充响应数据包的时候,使用了"受污染"的长度字段

. 从而导致"内存越界数据获取",将当前TLS Stack中的、和当前SSL Record指针相邻的、最大长度64KB的内存数据全部返回给了数据请求方

黑客只需要将原始正常发送的SSLv3数据包中的length字段改为0xFFFF,就可以非法获取目标web server的64kb泄漏数据
需要注意的是,虽然长度2字节理论上最大是64KB,但是RFC文档规定heartbeat最大长度不能超过2^14B,也就是16KB,出去type和payload_length、padding这三部分,所以最大数据会略小于16KB的,即16KB-19B

\openssl-1.0.1e\ssl\d1_pkt.c
int dtls1_write_bytes(SSL *s, int type, const void *buf, int len)

/* Call this to write data in records of type 'type'

 * It will return <= 0 if not all data has been sent or non-blocking IO.

 */

int dtls1_write_bytes(SSL *s, int type, const void *buf, int len)

{

    int i;

    /*

    \openssl-1.0.1e\ssl\ssl3.h

    Maximum plaintext length: defined by SSL/TLS standards

    #define SSL3_RT_MAX_PLAIN_LENGTH        16384

    */

    OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH);

    s->rwstate=SSL_NOTHING;

    i=do_dtls1_write(s, type, buf, len, );

    return i;

}

snort的入侵检测规则也是基于此建立的

alert tcp $EXTERNAL_NET any -> $HOME_NET  (msg:"openssl Heartbleed attack";flow:to_server,established; content:"|18 03|"; depth: ; byte_test:, >, , , big; byte_test:, <, , , big; threshold:type limit, track by_src, count , seconds ; reference:cve,-; classtype:bad-unknown; sid:; rev:;)

Relevant Link:

http://blog.existentialize.com/diagnosis-of-the-openssl-heartbleed-bug.html

http://drops.wooyun.org/papers/1381

5. 防御、修复方案

0x1: 代码patch方案

The most important part of the fix was this:

/* Read type and payload length first */

if ( +  +  > s->s3->rrec.length)

    return ; /* silently discard */

hbtype = *p++;

n2s(p, payload);

if ( +  + payload +  > s->s3->rrec.length)

    return ; /* silently discard per RFC 6520 sec. 4 */

pl = p;

防御代码做了2件事

. 检查zero-length heartbeats

. 数据包的实际长度和数据包头中指示的长度是否一致

Relevant Link:

http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=96db9023b881d7cd9f379b0c154650d6c108e9a3

0x2: 升级软件库版本方案

将openssl升级到OpenSSL 1.0.1g及其以上

6. 从漏洞中得到的攻防思考

. 代码层面的安全

    ) 任何时候都不能信任用户发送的数据,所有的处理逻辑都必须放在服务端动态的完成

    ) any input from users is evil

. 操作系统基础软件库的代码安全审计

    ) 使用基于JAVA这样的高级安全语言编写的基础软件库

    ) 定期对底层基础软件库进行单元测试和安全综合测试

Copyright (c) 2014 LittleHann All rights reserved

CVE-2014-0160 Heartbleed Vul Analysis && OpenSSL Cryptographic Software Library Bug的更多相关文章

  1. 使用openSSL开源工具进行SSL/TLS 安全测试

    本文介绍了使用半自动化工具执行SSL&TLS安全性评估的过程,以及如何使用手动及工具的测试方法验证并发现问题.目的是优化TLS和SSL安全测试流程,帮助信息安全顾问在渗透测试时在TLS / S ...

  2. SSL/TLS 安全测试

    本文介绍了使用半自动化工具执行SSL&TLS安全性评估的过程,以及如何使用手动及工具的测试方法验证并发现问题.目的是优化TLS和SSL安全测试流程,帮助信息安全顾问在渗透测试时在TLS / S ...

  3. 心脏滴血(CVE-2014-0160)检测与防御

    用Nmap检测 nmap -sV --script=ssl-heartbleed [your ip] -p 443 有心脏滴血漏洞的报告: ➜ ~ nmap -sV --script=ssl-hear ...

  4. 升级OpenSSL修复高危漏洞Heartbleed

    升级OpenSSL修复高危漏洞Heartbleed 背景:          OpenSSL全称为Secure Socket Layer.是Netscape所研发.利用数据加密(Encryption) ...

  5. CVE: 2014-6271、CVE: 2014-7169 Bash Specially-crafted Environment Variables Code Injection Vulnerability Analysis

    目录 . 漏洞的起因 . 漏洞原理分析 . 漏洞的影响范围 . 漏洞的利用场景 . 漏洞的POC.测试方法 . 漏洞的修复Patch情况 . 如何避免此类漏洞继续出现 1. 漏洞的起因 为了理解这个漏 ...

  6. IEEE/ACM International Conference on Advances in Social Network Analysis and Mining (ASONAM) 2014 Industry Track Call for Papers

    IEEE/ACM International Conference on Advances in Social Network Analysis and Mining (ASONAM) 2014 In ...

  7. Web 安全 之 OpenSSL

    什么是OpenSSL协议? SSL(Secure SocketLayer,安全套接层)协议是使用最为普遍网站加密技术,用以保障在Internet上数据传输之安全,利用数据加密(Encryption)技 ...

  8. 2014年:Linux和开源的福祸之年

    (1)Heartbleed漏洞 Heartbleed漏洞,是今年开源软件曝出的最大糗事.Heartbleed漏洞是OpenSSL的重大漏洞,这项严重缺陷(CVE-2014-0160)的产生是由于未能在 ...

  9. IEEE/ACM ASONAM 2014 Industry Track Call for Papers

    IEEE/ACM International Conference on Advances in Social Network Analysis and Mining (ASONAM) 2014 In ...

随机推荐

  1. TP快捷函数

    U();创建URL地址 C();获取或设置系统变量信息 A();实例化控制器对象 R():实例化控制器对象且同时调用控制器里的某个方法 I();过滤表单提交的数据,代替$_POST

  2. extjs ajax请求与struts2进行交互

    sencha extjs 5 增加一个struts2的配置,这样可以在设置好前台布局之后,与后台交互获取数据显示.现在有一个问题是struts2对于url的跳转action支 持比较良好,但是对于像E ...

  3. 013医疗项目-模块一:加入工具类ResultUtil

    这篇文章要做的就是优化,封装.把之前的代码尽量封装进类,并且不要硬编码. 在UserServiceimpl中的insertSysuser()函数之前是这么写的: ResultInfo resultIn ...

  4. 03SpringMvc_自定义的spring.xml配置文件和逻辑视图名

    这篇文章的目的是实现Struts2中一种形式(封装视图的逻辑名称),在Struts2中Action处理后会返回"SUCCESS"这样,然后根据"SUCCESS" ...

  5. [6]Telerik TreeView 复选框

    参考连接:http://demos.telerik.com/aspnet-mvc/razor/treeview/clientsideapi 问题: Telerik TreeView 选择或取消 父选项 ...

  6. IIS mime类型

    参考网站:http://www.iwms.net/n1381c2.aspx 以下例子为iis6.0 下载安卓.苹果安装包时候,需要添加mime类型才可以下载,否则访问不到 安卓 .apk  appli ...

  7. 域策略禁用usb

    文档及模板可在 http://pan.baidu.com/s/1qYTcjTy  下载 pro_usb_users.adm  此模板可禁用到 指定盘符,针对用户策略 pro_usb_computers ...

  8. heartbeat初探

    1,概念及原理 http://www.mingxiao.info/tag/heartbeat/

  9. mousedos网络批量部署xp

    小时候对这个东西很好奇,不知道什么原理.一直觉得很好玩.现在研究了下,总结如下 软件的操作步骤很讲究,稍微不慎,则就需要重新来过 知识点: 1,掌握诺顿ghost分区为gh文件 2,学会清理至一个干净 ...

  10. 20145215《Java程序设计》第5周学习总结

    20145215<Java程序设计>第五周学习总结 教材学习内容总结 异常处理 语法与继承架构 异常就是程序在运行时出现不正常情况,异常的由来是因为Java把出现的问题封装成了对象,换句话 ...