From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00, REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 Path: eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!news.eternal-september.org!news.eternal-september.org!news.eternal-september.org!feeder.eternal-september.org!aioe.org!.POSTED!not-for-mail From: "Dmitry A. Kazakov" Newsgroups: comp.lang.ada Subject: Re: OpenSSL development (Heartbleed) Date: Wed, 23 Apr 2014 10:04:09 +0200 Organization: cbb software GmbH Message-ID: <1vxwm495minb6$.wm25x1fswshx.dlg@40tude.net> References: <-OGdnezdYpRWFc_OnZ2dnUVZ_vednZ2d@giganews.com> <535297f1$0$6715$9b4e6d93@newsspool3.arcor-online.net> <5352a585$0$6707$9b4e6d93@newsspool3.arcor-online.net> <535688a0$0$6721$9b4e6d93@newsspool3.arcor-online.net> <19mxjybev4fc9.1fkxznem326v8$.dlg@40tude.net> <1ottu3pw9hxl1.i1h7v3r51vk0.dlg@40tude.net> <6xpjk44lobfz.fctt93m75u47$.dlg@40tude.net> Reply-To: mailbox@dmitry-kazakov.de NNTP-Posting-Host: G+aXx1XI67D34t54ibhUPQ.user.speranza.aioe.org Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Complaints-To: abuse@aioe.org User-Agent: 40tude_Dialog/2.0.15.1 X-Notice: Filtered by postfilter v. 0.8.2 Xref: news.eternal-september.org comp.lang.ada:19516 Date: 2014-04-23T10:04:09+02:00 List-Id: On Wed, 23 Apr 2014 07:40:44 +0000 (UTC), Natasha Kerensikova wrote: > On 2014-04-23, Dmitry A. Kazakov wrote: >> On Wed, 23 Apr 2014 05:38:21 +0000 (UTC), Natasha Kerensikova wrote: >> >>> On 2014-04-22, Dmitry A. Kazakov wrote: >>>> Boundary checks or not, the transport layer shall have no access to the >>>> server data. >>>> >>>> A tightly coupled system is vulnerable. If compromising just one component >>>> opens all gates wide, that is a bad standard and bad design. The effects of >>>> errors and faults must be bounded per design. >>> >>> How would you design a transport layer that has no access to whatever is >>> supposed to be transported? >>> >>> "Heartbleed" didn't leak any data that ins't legitimataly needed by >>> OpenSSL (i.e. transported data and/or transport parameters (like keys)) >> >> I heard it leaked user data, I didn't go into details. I hope user data are >> not transported, because otherwise that would be even an greater design >> fault. > > Actually it leaked session cookies, that are legitimately part of any > HTTP payload, and login/passwords, that are legitimately part of the > HTTP payload of the authentication request. > > At that point the remaining of the user data is considered compromised > as well, because of the possibility of session/credential hijacking, > but that's only an indirect result of heartbleed, and requires a > separate attack. To my limited knowledge it sent some dumps of the server's memory. Again, a silly Boy Scout's question, how a *transport* layer could even come to this? To me this looks a protocol layer encapsulation fault. (Not a big wonder considering the huge mess web protocols represent.) -- Regards, Dmitry A. Kazakov http://www.dmitry-kazakov.de