New OpenSSL Security Advisory Announced 95
A user writes: It's time to patch OpenSSL again. The OpenSSL project has patched several moderate- and low-severity security vulnerabilities and also has added protection against the Logjam attack in new releases of the software. Personally I wish that OpenSSL released these in a predictable cadence. Patch Tuesday maybe?
Re: (Score:2, Insightful)
Would you like to discuss all the vulnerabilities in Windows various versions, that has led to MILLIONS of different Malware???
No, I dont use Windows so those dont affect me. The problems with OpenSSL affect me. Also since this a story about the vulnerabilities in OpenSSL why would we change the topic to Windows?
I sleep very well at night using Linux, and NOT using Windows software as much as humanly possible.
Good for you but this is nothing to do with Linux or Windows, this is about OpenSSL (or do you think OpenSSL is a Linux thing?).
Re: (Score:3)
Can one miss a point that isn't there?
Re: And I wish... (Score:1)
Re: (Score:1)
Because if you aren't using OpenSSL, you must be using Windows. I must have imagined GnuTLS, MatrixSSL, MbedTLS, LibreSSL, NSS, Botan, Bouncy castle, wolfSSL, Boring SSL, cryptlib, etc.
Re: And I wish... (Score:1)
Plus I use openSSL on Windows.
Re:And I wish... (Score:5, Interesting)
Would you like to discuss all the vulnerabilities in Windows various versions, that has led to MILLIONS of different Malware??? Why doesn't Mickey$oft fix most of these??? They simply refuse!!!
I will take Linux, Open Source and Free Software any day of the week, and will deal with any flaws that come up. They are usually corrected quite quickly, and in this case, I am sure they spent a lot of time testing to inure all is fixed.
I sleep very well at night using Linux, and NOT using Windows software as much as humanly possible.
Who, the hell, said anything about Windows OR Linux besides you? OpenSSL runs on everything.
Do you really think we shouldn't hold OpenSSL, or any open source software to a higher standard, "because Microsoft"?
. ... are your parents OK with you using the Internet all by yourself?
Re: (Score:3)
Who, the hell, said anything about Windows OR Linux besides you? OpenSSL runs on everything.
Not just that, but Microsoft is about to incorporate OpenSSH into Windows [slashdot.org].
Re: (Score:3, Interesting)
Your are invited to submit your patches to fix the problems you have found in OpenSSL
Re: (Score:2)
Thank you for your deep insight into this problem. Now that you have tossed OpenSSL what are you going to be replacing it with.
Re: (Score:3)
LibreSSL for drop-in compatibility? Or gnutls?
Re: (Score:2)
Re: (Score:2)
Thank you for your deep insight into this problem. Now that you have tossed OpenSSL what are you going to be replacing it with.
Nothing. We'll overload the fuckers. They are probably throwing away petabytes of encrypted data because, given its context, decrypting it to find out if it happens to be valuable is too much work. If we send everything in the plain they will have to devote billions of man hours of human intelligence to everyones blathering! The NSA etc would be overwhelmed! Genius!
Re: (Score:3)
Dear butt-weasel,
People can point out issues even if they are not capable of providing fixes for them.
They can. Indeed they can. Only the other day I saw a bloke in a dressing gown giving similar suggestions to emergency workers fixing power lines. No doubt they appreciated the insights he offered.Just because a particular field of endeavor requires practitioners years of study and experience shouldn't prohibit the intuitively enhanced from giving directions. I bet the computer repair shop appreciate your directions on how to fix problems - that you don't know how to fix.
Not everyone is a coder, you elitist asshat.
Forgive me for not
Re:And I wish... (Score:5, Insightful)
Complaining about open source software is like voting, you're letting your voice be heard but letting the other run the show. Submitting patches is like being a politician, you're the only actually doing the work.
Re: (Score:2)
I bet you don't like some things the government does. You are invited to run for Senate or President. Because obviously if you don't, you should just shut up and gtfo.
Comprehension eludes you. There's a difference between having the capacity for the moral depravity and incompetence needed to be a politician - and the actual desire to be one. The ability to code, and active participation in OpenSSL seems similar - but what would I know. You certainly have my vote.
Complaining about open source software is like voting, you're letting your voice be heard but letting the other run the show.
A novel analogy. In what country to do you vote on random web forums? Which Open Source projects use any old web forum for bug tracking?
Submitting patches is like being a politician, you're the only actually doing the work.
If you'd only mentioned earlier that you were a politician it would have sav
Re: And I wish... (Score:2)
Which Open Source projects use any old web forum for bug tracking?
Discourse is open source fourm software that self-hosts its bug tracker. And by "self-hosts," I mean they literally use a Discourse fourm to track bugs and cudgel fourm features into bugtracking features. For example, each bug is supposed to be the OP of a topic, and they prioritize bugs by counting the number of users that "like" the post describing the bug.
It works about as well as you'd expect.
Re: (Score:2)
It works about as well as you'd expect.
Better than bitching on Slashdot? Noooooo
with regards to meaningless slogans (Score:2)
There's a difference between having the capacity for the moral depravity and incompetence needed to be a politician
What a load of meaningless crock. I'm sure it makes up for one hell of a slogan. Meaningless, but certainly attention-grabbing for the purpose of rhetorical posturing. Congratulations.
Re: (Score:2)
There's a difference between having the capacity for the moral depravity and incompetence needed to be a politician
I'm sure it makes up for one hell of a slogan.
Touchy much?
Predictable cadence? (Score:5, Insightful)
What's the use of a predictable cadence for security updates? Security vulnerabilities are not found on a schedule. Personally I want my updates ASAP. You can update when you want (but sooner is better for everyone).
Re: (Score:2)
Unfortunately in this world with change control, number of systems affected, testers that need to be lined up, business stakeholder notified of outage if any etc means that unless a security issue is out in the wild your are not going to deploy it. By having regular predictable releases you can organise regular pre-approved changes etc.
Hans
And how do you schedule predicable zero-day security patches, for instance?
Re: (Score:2)
"Security vulnerabilities are not found on a schedule."
Agreed. Still, at least we get silly names for OpenSSL vulns rather than simply just CVEs and KB numbers with descriptions that usually say something like "A vulnerability in stuff can cause your cat to spontaneously combust on wednesdays when the full moon is in venus. You may have to reboot your computer after applying this update."
Oh well, it's time to:
$sudo apt-get update && sudo apt-get upgrade
$sudo pacman -Syu
#emerge -uva --deep --newuse
Re: (Score:2)
... My laptop is starting to cook my bollocks, compiling LibreOffice.
Sure, it's called a "laptop" in the user manual, but that doesn't constitute a How-to now, does it?
Re: (Score:2)
Oh well, it's time to:
$sudo apt-get update && sudo apt-get upgrade
$sudo pacman -Syu
#emerge -uva --deep --newuse --keep-going @world
$sudo yum up
The third one above is my patch tuesday, wednesday and probably thursday 8) My laptop is starting to cook my bollocks, compiling LibreOffice.
I run Sabayon, you insensitive clod! :P
Re: (Score:2)
Re: (Score:2)
Or they could release a patch and companies can install it 3 days later. I don't understand why you would want to hold the patch back? It was a retarded concept when MS introduced it, but even now you can control the distribution of windows updates in a controlled manner throughout an organisation so even that has run its course.
Re:Predictable cadence? (Score:4, Insightful)
You're obviously patching your own machine, not thousands of other people's machines, for whom any patch carries the risk of breaking mission-critical software and potentially costing your company millions of dollars in lots productivity per day. A predictable cadence is extremely useful for non-zero-day exploits, and even zero-day exploits if the risk is deemed acceptable or can otherwise be mitigated temporarily. The whole notion of a once-a-month patch schedule is entirely for the benefit of corporate customers, to make it easier to test and deploy those patches on a regular schedule.
Re: (Score:2)
Personally, I've got four machines to patch (two Windows, one Mac, one Linux), and didn't mean to imply otherwise. It's rather common knowledge that "patch Tuesday" was started by MS in order to make things more convenient for corporate customers, instead of releasing patches on an ad hoc schedule.
Re: (Score:3)
Personally, I've got four machines to patch (two Windows, one Mac, one Linux), and didn't mean to imply otherwise. It's rather common knowledge that "patch Tuesday" was started by MS in order to make things more convenient for corporate customers, instead of releasing patches on an ad hoc schedule.
As someone who deals with many of their corporate customers let me assure you it ain't convenient - we want the patches as soon as possible, and we'll deploy them as soon as we've tested them. Despite not knowing the personal motivations behind all the M$ executives who decided it's a monthly thing (and ignoring that I remember when it wasn't even monthly) I have a hard time believing they do because it's best for their corporate clients.
Re:Predictable cadence? (Score:5, Interesting)
You're obviously patching your own machine, not thousands of other people's machines, for whom any patch carries the risk of breaking mission-critical software and potentially costing your company millions of dollars in lots productivity per day.
Not quite *any* patch.
Debian has a good reputation for not changing anything in a security patch other than the security vulnerability itself. Ie if the version of the software in the distribution is, say 1.0 then patching security updates will never change the version to 2.0. The patched version has exactly the same behaviors as the version its updating minus the security vulnerabilities. If you were somehow taking advantage of those vulnerabilities then, well, thats your problem. Also if you are mixing 3rd party non-Debian packaged software in, you are on your own there too. But a pure Debian server should be able to be apt-get upgraded with no problems.
(There was one time when the package maintainer of sudo _decided_ that the defaults for handling environment variables were 'unsecure' and changed them as a security update, which broke a lot of peoples shit. But that was a long time ago).
Re: (Score:2)
What stops you from patching your machine in your own time?
Re: (Score:2)
What stops you from patching your machine in your own time?
Budgets, schedules, coordination with other 24/7 services that depend on it, etc, etc. If it is a single isolated system, then yeah, it's trivial. When we are talking about production and test environments with dozens (or even more) systems, then it is not just a matter of working "own your own time." This gets worse when there are systems that heavily utilize SSL.
Any such upgrade requires some type of basic regression testing of said systems outside of the typical testing schedules associated to develo
Re: (Score:2)
The point is, why should patches be held back from everyone else just so your organization has time to plan and test. Your organization can wait until it is ready to apply the patch while some other, more nimble, organization can apply it sooner. There is absolutely no reason for the patch to be held back to give you time to get your duck in a row.
Re: (Score:2)
Well, I can give you at least one reason:
Assuming we're talking about non-zero-day exploits (stuff that white hats reported in confidence), part of the issue is that actually releasing a patch tells black hats a lot about how to create an exploit, and this applies to both open source and non-open source, but with slightly different methodologies. It's fairly easy for black hats to reverse engineer a patch to determine exactly how you can now exploit unpatched systems. So, the clock starts ticking the mome
Re: (Score:2)
So telling you that the patch will come out on a Tuesday will alleviate your budget, schedule and co-ordination problems, but simply releasing the patch and letting you install it on a Tuesday doesn't?
Why should I wait for my patch because you have a co-ordination issue?
Re: (Score:2)
I think it's a sign that there's something seriously wrong when people are requesting a regular release cadence to fix all the security holes in the software that's supposed to be protecting them from security problems...
ObXKCD [xkcd.com].
Re: (Score:2)
How about you pay them for the software and they may do something to benefit you more.
OpenSSL has been replaced... (Score:2)
Re: (Score:3)
Re: (Score:2)
About 80% of the known OpenSSL bugs that have been fixed, were inadvertently fixed in LibreSSL during the refactoring. Many of OpenSSL's bugs are entirely do to horrible coding practices. Of the remaining 20%, a sizable portion were actually found by LibreSSL during the clean up.
You should immediately contact OpenSSL and have them correct attributions in the change log to reflect this reality.
Re: (Score:2)
OS X and iOS already picked SecureTransport years ago, which had it's own problems BTW (though with 10.11 it is finally getting better).
Re:OpenSSL has been replaced... (Score:4, Informative)
LibreSSL patches today:
Avoid an infinite loop that can occur when verifying a message with an unknown hash function OID.
Diff based on OpenSSL.
Fixes CVE-2015-1792 (however, this code is not enabled/built in LibreSSL).
ok doug@ miod@
Avoid a potential out-of-bounds read in X509_cmp_time(), due to missing length checks.
Diff based on changes in OpenSSL.
Fixes CVE-2015-1789.
ok doug@
Avoid an infinite loop that can be triggered by parsing an ASN.1
ECParameters structure that has a specially malformed binary polynomial field.
Issue reported by Joseph Barr-Pixton and fix based on OpenSSL.
Fixes CVE-2015-1788.
ok doug@ miod@
Re: (Score:1)
FreeBSD has not replaced OpenSSL with LibreSSL; OpenSSL is still used in the base system, while LibreSSL (like newer versions of OpenSSL, or WolfSSL, or anything else) are available via ports:
stable/8: http://svnweb.freebsd.org/base/stable/8/crypto/openssl/?view=log [freebsd.org]
stable/9: http://svnweb.freebsd.org/base/stable/9/crypto/openssl/?view=log [freebsd.org]
stable/10: http://svnweb.freebsd.org/base/stable/10/crypto/openssl/?view=log [freebsd.org]
head (FreeBSD 11.x): http://svnweb.freebsd.org/base/head/crypto/openssl/?view=log [freebsd.org]
It sure looks l
Re: (Score:2)
It sure looks like there's a lot of work to be done (API/ABI incompatibilities with ports) before LibreSSL could replace OpenSSL in the base system
I'm curious as to why: LibreSSL isn't a rewrite from scratch. I thought they were explicitly doing an audit and clean up, which means keepint the external interfaces the same. Or is it just a question of actually testing things to make sure nothing has broken for obscure reasons?
Re: (Score:2)
Re: (Score:2)
Logjam / Diffie Hellman attacks (Score:5, Insightful)
OpenSSL has added protection for TLS clients by rejecting handshakes with DH parameters shorter than 768 bits. This limit will be increased to 1024 bits in a future release.
Good. But it doesn't go far enough. How about some kind of deprecation warning if DH is using any well known prime number?
Re: (Score:2)
OpenSSL has added protection for TLS clients by rejecting handshakes with DH parameters shorter than 768 bits. This limit will be increased to 1024 bits in a future release.
Good. But it doesn't go far enough. How about some kind of deprecation warning if DH is using any well known prime number?
What prime number that is known or effectively computable for DH is not well known? Maybe I'm missing something here.
Re: (Score:2)
In the logjam paper, they speculate that the NSA has the funds to run the first part of a number field sieve on a small number of 1024bit primes. So long as we keep using software implementations with these well known primes hard coded in their source code, HTTPS SSH & VPN connections may be vulnerable.
Not putting all of our eggs in one basket reduces this risk considerably. In response to this threat, we should periodically publish and use a new set of primes that are appropriate for DH exchanges. Tho
OpenBSD (Score:2)
So Did OpenBSD's much vaunted refactor of OpenSSL turn up this bug before the OpenSSL team found it?
Re: (Score:2)
LibreSSL seems to have been immune to somewhere between half and two thirds of OpenSSL vulnerabilities recently. Not perfect, but a significant improvement.
Early on this was mostly due to the amount of outdated crap they deleted (less attack surface area), but as time goes on more and more will hopefully be due to improving the code that was left behind.
There's still a long way to go though.
Re: (Score:3)
B..b..but... it's not perfect!!!
Yeah, fuck the whiners. It's a huge step forward, and the whiners don't have the technical chops to know what's going on or why they should shut up and care--or just shut up and accept that something useful is being done and will likely benefit them in the future.
Re: (Score:3)
From http://www.openbsd.org/errata5... [openbsd.org] (emphasis mine)
009: SECURITY FIX: June 11, 2015 All architectures
Fix several defects from OpenSSL:
CVE-2015-1788 - Malformed ECParameters causes infinite loop
CVE-2015-1789 - Exploitable out-of-bounds read in X509_cmp_time
CVE-2015-1792 - CMS verify infinite loop with unknown hash function
Note that CMS was already disabled in LibreSSL. Several other issues did not apply or were alread
mbed TLS (Score:2)
I can advice every software developer to take a look at mbed TLS (former PolarSSL). It has everything a modern SSL-enabled application needs. It's API is easier that OpenSSL's, it has very good documentation (example programs included) and last but not least: it's secure!
No, I'm not the mbed TLS developer or in any way connected or related to mbed TLS. I'm just a very happy developer who replaced OpenSSL with mbed TLS in my project many years ago and never had any reason to look back. Even the users of my p