目录

. Heartbleed漏洞简介

. 漏洞造成的风险和影响

. 漏洞的测试、POC

. OpenSSL漏洞源代码分析

. 防御、修复方案

. 从漏洞中得到的攻防思考

1. Heartbleed漏洞简介

从本质上说,这个漏洞的起因是一个操作系统基础软件库OPENSSL在实现TLS/DTLS heartbeat extension (RFC6520) 时存在代码bug,导致越权信息泄漏

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL Cryptographic Software Library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet.
SSL/TLS provides communication security and privacy over the Internet for applications such as

. web

. email

. instant messaging (IM)

. some virtual private networks (VPNs).

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software.
This compromises the

. secret keys used to identify the service providers and to encrypt the traffic

. names and passwords of the users and the actual content.

. allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

0x1: What makes the Heartbleed Bug unique?

Bugs in single software or library come and go and are fixed by new versions. However this bug has left large amount of private keys and other secrets exposed to the Internet. Considering the long exposure, ease of exploitation and attacks leaving no trace this exposure should be taken seriously.

这种敏感信息类型的漏洞造成的影响并不仅仅在于漏洞爆发后到修复这个期间互联网遭受到的黑客攻击,而更重要的是我们需要评估在这个期间应用系统遭受到的"不可逆的损失",这类安全漏洞也有很多,例如

. drupal注入漏洞导致黑客在数据库中插入管理员帐号:

从爆发到最后官方给出修复方案的8个小时中,目标系统就遭受到了大量的攻击,大量数据库遭受到了污染

. heartbleed漏洞造成的secret key、username/passwd泄漏

这种漏洞对应用系统造成的危害是长时间的,要做到彻底修复这个漏洞,需要进行密码大规模重置、密钥重置、脏数据回滚等操作

0x2: Is this a design flaw in SSL/TLS protocol specification?

要注意的是,Heartbleed不是一个协议设计漏洞,而是一个代码实现的bug导致的漏洞

0x3: What is being leaked?

当应用系统使用存在漏洞的openssl库的时候,就有可能造成一下的敏感信息外泄

. primary key material

. secondary key material

. protected content

. collateral

Relevant Link:

http://heartbleed.com/

2. 漏洞造成的风险和影响

0x1: What is leaked primary key material
These are the crown jewels, the encryption keys themselves. Leaked secret keys allow the attacker

. to decrypt any past and future traffic to the protected services

. to impersonate the service at will.

. Any protection given by the encryption and the signatures in the X. certificates can be bypassed.

0x2: What is leaked secondary key material

These are for example the user credentials (user names and passwords) used in the vulnerable services.

0x3: What is leaked protected content

This is the actual content handled by the vulnerable services. It may be personal or financial details, private communication such as emails or instant messages, documents or anything seen worth protecting by encryption. Only owners of the services will be able to estimate the likelihood what has been leaked and they should notify their users accordingly

0x4: What is leaked collateral

Leaked collateral are other details that have been exposed to the attacker in the leaked memory content. These may contain technical details such as memory addresses and security measures such as canaries used to protect against overflow attacks

0x5: How widespread is this 

. Apache

. nginx.

//Furthermore OpenSSL is used to protect for example

. email servers (SMTP, POP and IMAP protocols)

. chat servers (XMPP protocol)

. virtual private networks (SSL VPNs)

. network appliances

. wide variety of client side software.

//Fortunately

. many large consumer sites are saved by their conservative choice of SSL/TLS termination equipment and software.

OpenSSL is very popular in client software and somewhat popular in networked appliances which have most inertia in getting updates.

0x6: 存在漏洞的OpenSSL版本

OpenSSL 1.0.-beta

OpenSSL 1.0. - OpenSSL 1.0.1f

openssl-1.0.1e

引用知乎上的一张图进行形象地描述

Relevant Link:

http://baike.baidu.com/view/12769298.htm

http://www.zhihu.com/question/23328658

http://www.infoq.com/cn/news/2014/04/openssl-heartbleed

https://www.trustasia.com/about/news/openssl-heartbleed.html

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

3. 漏洞的测试、POC

0x1: 本机测试是否存在漏洞的方法

这个漏洞的本质是代码级的漏洞,所以检测本机是否存在漏洞的最简单方式就是检查本机的openssl版本

openssl version

aaarticlea/png;base64,iVBORw0KGgoAAAANSUhEUgAAAYEAAAApCAIAAABcAwJEAAAQEElEQVR4nO2de1CU1RvHDy5xB5VLFOhIch1uglwjuTWglibJYIiQNWlZ+YeFlFCLDZVG3EJgEEFugziRMMVARs6SS2wOxWUoCXFCmIC4XxbYhdVdeH9/nPm9s79933N2l5ZLv87nr32fffec533OOV/OOe/7PgBAIBAIBAKBQCAQCAQCgUAgEAgEAoFAIBAIBAJhbZDJZBRFCQSC9XYEiEQiiqIoinJyclrL8nk8XmJi4mrUuJYkJibyeLz19mKF8Pl82DTa2trr7YvGWO3+vDI2Yj+RyWTe3t6rVLi3tzdFUUx7bGxse3u7SCTq7e09duwYbdfT01vVNmMtX4MahLreNeDAgQPvvffe3ylh06ZNmZmZ09PTMzMz2dnZHA4Hb0eRmpr64MEDqVQ6NjaWlZWlq6uLt0M8PDxYNai+vj46Onrr1q0ikegfp1Cr3Z9XwN/vJ5pn7TUoISGhs7PT399fW1vbx8dneHjYx8cHfkU0aB2Jj4+fnJwMCQkJDAwcGxt7//338XYU77777uHDh729vY8ePTo+Pp6Wloa3Q1AaNDk5uWPHjueee66pqUlDF7p2bEAN2oiwatC1a9dyc3MzMjJmZmZEItFbb70FADAwMCguLhYKhXNzc+Xl5YaGhvBkVrudnR31vzQ0NAAAnnrqqeHhYQsLC7quM2fOZGdnw8+sbYaqFwDg6+vb1NS0uLg4MTGRlZUFjUeOHOno6JBIJNPT08XFxUZGRvT5KA367LPPamtrFxcX29vbt23bhq9XX1+/rKxMKBQ+fPiwo6PD09MTc70YUH5yOJwLFy6MjIxIJJLvv/9++/bt0G5qavrtt99KJJJffvklPT29paUF2qOiomCNCnNsVj8x9PT0fPTRR/BzYmLiH3/8gberQkZGRnNzsyp2Vg2yt7cfHh4GAKSkpKSmpuLrQrWXQCAoKSlpb2+fnJxsaGig+x4qzjweLycnp7GxcXZ2Vr4/oOKJibPqGrRr1y6pVLplyxZ4aGJi8vDhQ19fX4yfADFOUf6g+gkqbqg4aB6UBo2PjycnJxsZGVlbWwcEBAAA8vLyenp6vLy8PD09u7u7L1++DE9G2QHbvOD8+fMXLlwAAAQGBra2tnZ3d+fl5VVVVcFvWdsMVb6Njc38/HxmZqadnZ27u/vnn38O7SdOnIiKirKxsXFzc2tubi4oKKCLQmnQxMREZGSku7t7R0fHlStX8PUmJCT09vZ6enpaW1tHRkZ6eXlhrhcDys/U1NTOzk5fX197e/vy8nJaa7788suWlhZnZ+f9+/fPzs7SdghznY/xk4mhoSFFUfv27YOHISEhFEUZGxuj7EqvTktLy8HB4e7du7C5ldoVNMjf318oFIpEIplMBofTwsKCUCjE1IhqL4FAMD09bWtrq62tXVlZWVNTA+2oOPN4vNHRUXt7ex0dnYaGBro/oOKJibNa86De3t64uDj4OSYmZmBgQEtLC+MnQIxTfLsz+wkqbqg4aB6UBrW3t8tbtLS0hEIhvXcTHR09Nze3adMmlB0eMsfkzZs3w8LCjIyMJicnY2JiHB0dW1tbq6ur4bfMNsOUf/HixdbWVvzVHT169N69e/QhSoOuXr0KP58+fRpeOKbezMxM1BxnxWsx2k9dXV2xWLxnzx5oNzY2Xl5e3rlzp6GhoVQqDQ0NhfarV68q1SCMn0x27NhBUZSXl9eNGzdqampcXV0pitq5cyfKji/t7bffXlpaoiiquLiY7gwYO2BokK6uro2NTXV19Ycffujg4LCwsODm5mZjY4OqEdNeAoGAHle7d++WSqVGRkaoOAMAeDxebm4utL/xxhv0QEDFExNntTQoLS2N1seqqiq4OMD4CdjGKd4fwOgnmLih4qB5UBokP30AAFhYWFAU5e7uDg9dXFwoinriiSdQdnjIHJPt7e3Ozs5hYWF37tyBlpdeegmjQZjy6+rqLl26xLwib29vPp8vFovhzHNwcJD+CqVBH3zwAfwcFxcHtQBTr4+Pj0gkam1tzcjICA4OVqhadQ1i9RNWpEBAQAAc/I8//jj8bXx8vFINwvjJhNaa3Nzc3NxcpgYp2PGlmZqa7tq1KzY2dnBw8J133lFqB4i12ODgoJ2dXWhoqMLFMsG0l0AgSEhIgPYtW7ZQFOXq6oqKMwCAx+MlJSXB8+n+ANDxxMRZLQ3y8/MTi8X6+vq6urpzc3OBgYEA3R/gT5jjFO8PYPQTTNxQcdA8KA2i92jwvqqrQW1tba6uruHh4T/88AO0HDp0aMUapOAkAIDD4QwPD2dlZZmamgIAoqKihoaG6G+V7knHxcX19PTg6wUAmJubHz9+vLKyUiaTvfzyy3RRqmsQyk9Ykfx+GWQFGoTxkwnrmsvExARlV+UaAQDHjx+fnp5Wxa6gQZOTk0KhkKIooVC4sLDw6NEjoVBITweY4DXo3Llz0G5mZkZRlJubGyrOANEfIKh4ouxqaZCWltbg4GBERMTzzz8/OjoKJyMYPwHbOMX7A9TUIFQcNIyKGsScs83Pz7OuxaAdHnp6elIUJT/rrq2tPXjwoImJyfj4uIeHh46OTl1dHa1BHA5neXlZflcPUz7rWgz+3abFgsvlymsQs3yAiDX+umjy8/O/+uor+pB5vShQfurq6i4sLLz44osK58O12LPPPgsPi4qKVNEglJ+s9PT0nD9/Hn4+d+6c/J40q10VXn31VYlEoopdQYN27NiRnJxcXV1tY2PT3t4eFxdnY2Ojp6eHqgjTXgKB4Nq1a9AeFBQkk8mMjY1RcQaqjT1UPBXsrP0NQ05OTllZWWFhIb14xPgJ0BqE8VPpWoyO24bTIABAfn5+T0/P7t27PT09f//998LCQrwdAGBubr60tHTkyBEDA4PHHnsMABAfHw9nj+Hh4Xfv3r1//35paWl5eTn9k19//TU3N9fKymrr1q348uk9aVtbWxcXl48//hgAoKenNzs7C/f2HBwc/vrrL3kNYi0fFWtUva+//npkZOS2bds8PT27urrk91aZ14sC42d6evrg4OD+/fu3b9++b9++69evQzvck3Z0dAwLC5uamlKqQRg/WTl79uzExERwcPCePXtGRkboe/AoOyuWlpYFBQUHDhzw8vKKiYkZGhqCYwBlp2GuxSoqKk6dOqWjoyMWi1WZeaHaSyAQiMXiiIgIR0fHpqamr7/+GtpRcUb1B1Q88XFm9jcMISEhU1NTo6OjYWFhtBHlJ0CMU7w/zH6CittG1CBDQ8PS0tK5ubn5+fmKigr6XjLKDklKSpqamqL+e6/a3Nx8bGzMzc0N5c8zzzzT19dHyd1BxJRP35ufnp6m94YOHTrU398/MDDQ3NyclJSkoEHM8lGxRtX7yiuvdHV1PXr0aGZmprS0VP5ZAeb1YkD5yeFwUlJSBgcHZTJZf38//cyBmZnZzZs3JRJJa2trWloa/Wh7T0+Pwn4BvI2K95MJfBZxZmZGKBQyn1Fk2lkxMTGpqakZGRmRyWTj4+NXrlyB8oGy0zA1qK+vz9nZOSAgoKOjA+85BNVeAoEgOzu7ra0N3tum17OoOKP6Ayqe+Dgz+xsGDoczPj4+NTUlHweUnwAxTlH+oPoJKm7rrEGryuHDh4eGhuLi4jZv3qyvr29lZbWWtf9/8Mknn9y4cWO9vdAkqGcU/z4CgUBh/5uwsZBIJBKJpLGxcS0r9fHx+eabb8bHx8ViMeu9LQITPz+/8PBwQ0NDFxeXP//8Mzo6er090hi3bt2SSCQymUzpiyArgGgQgaAZwsLCent7pVLp6Ogol8tdb3f+MRANIhA2EBkI1F0EaaocAoFAIBAIBAKBQFhV3Nzcurq6lpaWJicn5e0bMafU34PP59PvRhAIOPT09AoLC4VC4ezsbElJib6+vmbLt7S0rKqqEgqFEomkra0tKioKby8oKFD9HUsAgL+/f319/fT0NP2kAx51c3GpWz6eqqqqyspKCwsLhediVi+nFMp/da+Ly+UqPFeCeWcCqK9BXC733r17Uql0eHj44sWL9I4Sqr1Q/uNzpBE2Il988cXAwEBoaGhQUFB/f39eXp5my//xxx/5fH5QUJCrq+uJEyfOnDmDt6urQXv37v3000/Pnj2r4lhSNxeXuuXjuXPnDkzvsmag/Ff3urhcbn9/v4cc+Mcd1dWg27dvnzp1ys/P77XXXhOLxSkpKdCOai+U//gcaYQNB4fDmZmZOX36NDw8efLk/Pw8fL1AIzmfTExMKIpi5qxB2YH6GgSBr4mqMpZWlouLWT4mpxQrPB5PfhJBr8VQOaVQ8Vc3JxnKf7ydCZfLZX1GFhUHPp+fk5PT0tIikUh4PN6TTz6pip+Qy5cv0+8A4tsL7z8qdxphA2Fra0tR1NNPPw0P4cuWzs7OQEM5n+C7dsy5BsoOVlmDVpyLi1k+JqcUhpaWljfffJNpZ+4HoeKvVk4yjP94OxOUBqHiABOSREREODg4NDY2fvfdd6r4CSkrK6utrQUqtBfKf1SONMKGw8/Pj6IoR0dHeAhf4w4KCgKay/l08uTJxcXFBw8eFBUV0Z0JY19VDVpZLi5m+ficUhjU0iBm/IGaOclQ/iu1M1HYD+rq6gLYOPD5fPo9dT8/v+XlZTMzM1VcdXR0FIvFMOWN0vZi9R+TI42w4cBrkEZyPgEAzM3NY2Nji4qKRCKR/DsZrPa10SC1cnExy8fnlKqpqZHJZDKZDP4xl0ctDWLGH6iZkwzlv1I7E4X9INhnMHHg8/l0Tji49Kb/ZwEGU1PT7u7u5ORkeKi0vVj9x+RII2w4YA521FpMUzmfaA4ePLi0tLR582aMfe3XYqpkhGDVIFROKWtraycnJycnJ6Y/amkQM/7wUPWcZCj/ldqZsK7FMHFgapDSZaORkVFLS0t+fj5tUdpeeP9RudMIGwgOhyMUClF70hrP+eTs7ExRlLW1NcauWQ2ysrJSeCMfn4uLeT5r+ficUhjU0iBm/BV+pUpOMlb/ldqZsGoQJg58Pr+iogJ+9vPzW1pawqfO0dPTa2xsvH79usLqCd9eeP9RudMIG4tLly4NDAyEhIQEBQX19fXR9+Y1lfPp9u3bsbGxLi4uwcHBfD6fXqOh7AUFBT/99JP8PWD8PoKRkZGHh8exY8coitq7dy/Mykh/29nZCXcuaPC5uJjno8rH5JTCoJYGscZf3ZxkKP/xcWOC2pNGxYHP54tEohdeeMHe3r6xsZG5LFWgrq7ut99+8/b2ho0OJ+MA3V6s/ivNkUbYiOjr6xcXF8/Ozs7NzZWUlBgYGEC7pnI+paen379/XyqVzs3N1dfX29nZ4e0FBQUK+wusg5YGzs/lkf+/C0xNwefiYp6PKh+TUwoDU4NQOaVQ8Vc3JxnKf3zcmGDuzbPGAd6b//nnnyUSya1btywtLTGFa2trKzhD53JDtRer/0pzpBH+SZBcB+sLiT/h3w4ZA+sLiT/h3w4ZA+sLiT+BQCAQCAQCQWUoBOvtF4FA+HdANOgfx38ACFuLBJqxByEAAAAASUVORK5CYII=" alt="" />

结果显示openssl 1.0.1e,为存在漏洞的openssl版本,因此判断本机存在heartbleed漏洞

0x2: 在线漏洞测试的网站

https://filippo.io/Heartbleed/

https://www.trustasia.com/tools/bleed-checker/

4. OpenSSL漏洞源代码分析

0x1: SSL协议格式分析

在开始从源码级别了解Heartbleed漏洞的原理之前,我们需要对SSL协议的格式有一个详细的了解,从黑客角度上来说,要发送这种攻击,需要借助"协议数据包篡改技术",通过构造"畸形"的SSL数据包向引入了存在漏洞的openssl代码库的web server发起请求,从而获取目标web server的TLS Stack上和当前数据报相邻的64KB的数据(之所以是64kb,也和SSL协议本身有关系,协议中可供黑客修改的这个字段的最大长度是3bytes)

关于SSL/TLS协议格式的相关知识请参阅另一篇文章

http://www.cnblogs.com/LittleHann/p/3733469.html

0x2: 漏洞细节分析

下载openssl-1.0.1f.tar.gz源代码

https://www.openssl.org/source/

\openssl-1.0.1f\ssl\d1_both.c

int dtls1_process_heartbeat(SSL *s)

{

    /*

    So, first we get a pointer to the data within an SSLv3 record. That looks like this:

    typedef struct ssl3_record_st

    {

        int type;               // type of record

        unsigned int length;    // How many bytes available

        unsigned int off;       // read/write offset into 'buf'

        unsigned char *data;    // pointer to the record data

        unsigned char *input;   // where the decode bytes are

        unsigned char *comp;    // only used with decompression - malloc()ed

        unsigned long epoch;    // epoch number, needed by DTLS1

        unsigned char seq_num[8]; // sequence number, needed by DTLS1

    } SSL3_RECORD;

    */

    unsigned char *p = &s->s3->rrec.data[], *pl;

    unsigned short hbtype;

    unsigned int payload;

    unsigned int padding = ; /* Use minimum padding */

    /* Read type and payload length first */

    /*

    The first byte of the SSLv3 record is the heartbeat type.

    The macro n2s takes two bytes from p, and puts them in payload. This is actually the length of the payload.

    这里要重点注意,代码并没有对SSLv3记录数据的"实际长度"进行判断,而是选择"信任用户发送的数据包中的字段"

    */

    hbtype = *p++;

    n2s(p, payload);

    //The variable pl is then the resulting heartbeat data, supplied by the requester.

    pl = p;

    if (s->msg_callback)

        s->msg_callback(, s->version, TLS1_RT_HEARTBEAT,

            &s->s3->rrec.data[], s->s3->rrec.length,

            s, s->msg_callback_arg);

    if (hbtype == TLS1_HB_REQUEST)

        {

        unsigned char *buffer, *bp;

        int r;

        /* Allocate memory for the response, size is 1 byte

         * message type, plus 2 bytes payload length, plus

         * payload, plus padding

         */

        buffer = OPENSSL_malloc( +  + payload + padding);

        /*

        So we're allocating as much memory as the requester asked for: up to 65535+1+2+16, to be precise. The variable bp is going to be the pointer used for accessing this memory.

        */

        bp = buffer;

        /* Enter response type, length and copy payload */

        *bp++ = TLS1_HB_RESPONSE;

        s2n(payload, bp);

        memcpy(bp, pl, payload);

        /*

        The macro s2n does the inverse of n2s: it takes a 16-bit value and puts it into two bytes. So it puts the same payload length requested.

        Then it copies payload bytes from pl, the user supplied data, to the newly allocated bp array. After this, it sends this all back to the user

        */

        bp += payload;

        /* Random padding */

        RAND_pseudo_bytes(bp, padding);

        r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer,  + payload + padding);

        if (r >=  && s->msg_callback)

            s->msg_callback(, s->version, TLS1_RT_HEARTBEAT,

                buffer,  + payload + padding,

                s, s->msg_callback_arg);

        OPENSSL_free(buffer);

        if (r < )

            return r;

        }

    else if (hbtype == TLS1_HB_RESPONSE)

        {

        unsigned int seq;

        /* We only send sequence numbers (2 bytes unsigned int),

         * and 16 random bytes, so we just try to read the

         * sequence number */

        n2s(pl, seq);

        if (payload ==  && seq == s->tlsext_hb_seq)

            {

            dtls1_stop_timer(s);

            s->tlsext_hb_seq++;

            s->tlsext_hb_pending = ;

            }

        }

    return ;

    }

对这段代码的逻辑进行一下梳理

. 函数接收用户发送到服务端的SSLv3数据包,并对其中的字段进行解析

. 代码无条件"信任"数据包头中的length字段,作为此次SSL数据包的总长度

. 在从内存申请和填充响应数据包的时候,使用了"受污染"的长度字段

. 从而导致"内存越界数据获取",将当前TLS Stack中的、和当前SSL Record指针相邻的、最大长度64KB的内存数据全部返回给了数据请求方

黑客只需要将原始正常发送的SSLv3数据包中的length字段改为0xFFFF,就可以非法获取目标web server的64kb泄漏数据
需要注意的是,虽然长度2字节理论上最大是64KB,但是RFC文档规定heartbeat最大长度不能超过2^14B,也就是16KB,出去type和payload_length、padding这三部分,所以最大数据会略小于16KB的,即16KB-19B

\openssl-1.0.1e\ssl\d1_pkt.c
int dtls1_write_bytes(SSL *s, int type, const void *buf, int len)

/* Call this to write data in records of type 'type'

 * It will return <= 0 if not all data has been sent or non-blocking IO.

 */

int dtls1_write_bytes(SSL *s, int type, const void *buf, int len)

{

    int i;

    /*

    \openssl-1.0.1e\ssl\ssl3.h

    Maximum plaintext length: defined by SSL/TLS standards

    #define SSL3_RT_MAX_PLAIN_LENGTH        16384

    */

    OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH);

    s->rwstate=SSL_NOTHING;

    i=do_dtls1_write(s, type, buf, len, );

    return i;

}

snort的入侵检测规则也是基于此建立的

alert tcp $EXTERNAL_NET any -> $HOME_NET  (msg:"openssl Heartbleed attack";flow:to_server,established; content:"|18 03|"; depth: ; byte_test:, >, , , big; byte_test:, <, , , big; threshold:type limit, track by_src, count , seconds ; reference:cve,-; classtype:bad-unknown; sid:; rev:;)

Relevant Link:

http://blog.existentialize.com/diagnosis-of-the-openssl-heartbleed-bug.html

http://drops.wooyun.org/papers/1381

5. 防御、修复方案

0x1: 代码patch方案

The most important part of the fix was this:

/* Read type and payload length first */

if ( +  +  > s->s3->rrec.length)

    return ; /* silently discard */

hbtype = *p++;

n2s(p, payload);

if ( +  + payload +  > s->s3->rrec.length)

    return ; /* silently discard per RFC 6520 sec. 4 */

pl = p;

防御代码做了2件事

. 检查zero-length heartbeats

. 数据包的实际长度和数据包头中指示的长度是否一致

Relevant Link:

http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=96db9023b881d7cd9f379b0c154650d6c108e9a3

0x2: 升级软件库版本方案

将openssl升级到OpenSSL 1.0.1g及其以上

6. 从漏洞中得到的攻防思考

. 代码层面的安全

    ) 任何时候都不能信任用户发送的数据,所有的处理逻辑都必须放在服务端动态的完成

    ) any input from users is evil

. 操作系统基础软件库的代码安全审计

    ) 使用基于JAVA这样的高级安全语言编写的基础软件库

    ) 定期对底层基础软件库进行单元测试和安全综合测试

Copyright (c) 2014 LittleHann All rights reserved

CVE-2014-0160 Heartbleed Vul Analysis && OpenSSL Cryptographic Software Library Bug的更多相关文章

  1. 使用openSSL开源工具进行SSL/TLS 安全测试

    本文介绍了使用半自动化工具执行SSL&TLS安全性评估的过程,以及如何使用手动及工具的测试方法验证并发现问题.目的是优化TLS和SSL安全测试流程,帮助信息安全顾问在渗透测试时在TLS / S ...

  2. SSL/TLS 安全测试

    本文介绍了使用半自动化工具执行SSL&TLS安全性评估的过程,以及如何使用手动及工具的测试方法验证并发现问题.目的是优化TLS和SSL安全测试流程,帮助信息安全顾问在渗透测试时在TLS / S ...

  3. 心脏滴血(CVE-2014-0160)检测与防御

    用Nmap检测 nmap -sV --script=ssl-heartbleed [your ip] -p 443 有心脏滴血漏洞的报告: ➜ ~ nmap -sV --script=ssl-hear ...

  4. 升级OpenSSL修复高危漏洞Heartbleed

    升级OpenSSL修复高危漏洞Heartbleed 背景:          OpenSSL全称为Secure Socket Layer.是Netscape所研发.利用数据加密(Encryption) ...

  5. CVE: 2014-6271、CVE: 2014-7169 Bash Specially-crafted Environment Variables Code Injection Vulnerability Analysis

    目录 . 漏洞的起因 . 漏洞原理分析 . 漏洞的影响范围 . 漏洞的利用场景 . 漏洞的POC.测试方法 . 漏洞的修复Patch情况 . 如何避免此类漏洞继续出现 1. 漏洞的起因 为了理解这个漏 ...

  6. IEEE/ACM International Conference on Advances in Social Network Analysis and Mining (ASONAM) 2014 Industry Track Call for Papers

    IEEE/ACM International Conference on Advances in Social Network Analysis and Mining (ASONAM) 2014 In ...

  7. Web 安全 之 OpenSSL

    什么是OpenSSL协议? SSL(Secure SocketLayer,安全套接层)协议是使用最为普遍网站加密技术,用以保障在Internet上数据传输之安全,利用数据加密(Encryption)技 ...

  8. 2014年:Linux和开源的福祸之年

    (1)Heartbleed漏洞 Heartbleed漏洞,是今年开源软件曝出的最大糗事.Heartbleed漏洞是OpenSSL的重大漏洞,这项严重缺陷(CVE-2014-0160)的产生是由于未能在 ...

  9. IEEE/ACM ASONAM 2014 Industry Track Call for Papers

    IEEE/ACM International Conference on Advances in Social Network Analysis and Mining (ASONAM) 2014 In ...

随机推荐

  1. Lua笔记(1)

    今天开始学习Lua,下面把一些重点记下来: 单行注释-- ,多行注释 --[[  .......  --]] Lua中false和nil表示条件判断的假,其余的,包括空字符串,0,都表示真. Lua没 ...

  2. emberjs重写补充类之reopen方法和reopenClass方法

    无需一次性将类定义完全,你可以使用reopen方法来重新打开(reopen)一个类并为其定义新的属性. Person.reopen({ isPerson: true }); Person.create ...

  3. Android View.onMeasure方法的理解

    View在屏幕上显示出来要先经过measure(计算)和layout(布局).1.什么时候调用onMeasure方法? 当控件的父元素正要放置该控件时调用.父元素会问子控件一个问题,“你想要用多大地方 ...

  4. Ant 执行 YUICompressor

    Ant 执行 YUICompressor 任务压缩 JavaScript 和 CSS 文件,解决中文乱码问题,增加源文件字符编码集设定 标签: javascriptantcss任务encodingnu ...

  5. ultraEdit32 /uedit32 自定义快捷键/自定义注释快捷键

    编辑器一直用vim,但同事写VHDL 用的是utraledit32 ,为了更好的沟通,我也下载了最新破解版本:http://pan.baidu.com/s/1qWCYP2W 刚开始用找不到注释的快捷键 ...

  6. 学习Shell脚本编程(第2期)_编写修改权限及执行Shell程序的步骤

    编写Shell程序 执行Shell程序 Shell程序有很多类似C语言和其他程序设计语言的特征,但是又没有程序语言那样复杂.Shell程序是指放在一个文件中的一系列Linux命令和实用程序.在执行的时 ...

  7. mysql命令行

    mysql -u root -p create database bookstore; drop database bookstore; use bookstore create table user ...

  8. 小白学习mysql之索引初步

    导语 索引在数据库中的地位是及其的重要,同时要想完全的掌握索引并不是一件容易的事,需要对数据的查询原理以及计算机操作系统有深刻的认识,当然相关的算法和数据结构也是必须的.因此,这篇文章感到了一些压力, ...

  9. javascript中的闭包,超简单论述,保证小学生必懂

    js中的闭包已经有很多论断了,大家伙有没有听懂了,先引用一片比较高端 的 ”汤姆大叔“  深入理解JavaScript系列(16):闭包(Closures) 好了,为了引起大家的兴趣,先来小诗一首 v ...

  10. grootJs的属性绑定指令

    index6.html 绑定文本text gt-text="{属性名}" 绑定标签属性attr gt-attr="vm属性名称(标签属性,value表达式)" ...