A major new vulnerability called Heartbleed could let attackers gain access to users' passwords and fool people into using bogus versions of Web sites. Some already say they've found Yahoo passwords as a result.
The problem, disclosed Monday night, is in open-source software called OpenSSL that's widely used to encrypt Web communications. Heartbleed can reveal the contents of a server's memory, where the most sensitive of data is stored. That includes private data such as usernames, passwords, and credit card numbers. It also means an attacker can get copies of a server's digital keys then use that to impersonate servers or to decrypt communications from the past or potentially the future, too.
Security vulnerabilities come and go, but this one is extremely serious. Not only does it require significant change at Web sites, it could require anybody who's used them to change passwords too, because they could have been intercepted. That's a big problem as more and more of people's lives move online, with passwords recycled from one site to the next and people not always going through the hassles of changing them.
"We were able to scrape a Yahoo username & password via the Heartbleed bug," tweeted Ronald Prins of security firm Fox-IT, showing a censored example. Added developer Scott Galloway, "Ok, ran my heartbleed script for 5 minutes, now have a list of 200 usernames and passwords for yahoo mail...TRIVIAL!"
Yahoo said just after noon PT that it fixed the primary vulnerability on its main sites: "As soon as we became aware of the issue, we began working to fix it. Our team has successfully made the appropriate corrections across the main Yahoo properties (Yahoo Homepage, Yahoo Search, Yahoo Mail, Yahoo Finance, Yahoo Sports, Yahoo Food, Yahoo Tech, Flickr, and Tumblr) and we are working to implement the fix across the rest of our sites right now. We're focused on providing the most secure experience possible for our users worldwide and are continuously working to protect our users' data."
However, Yahoo didn't offer advice to users about what they should do or what the effect on them is.
Developer and cryptography consultant Filippo Valsorda published a tool that lets people check Web sites for Heartbleed vulnerability. That tool showed Google, Microsoft, Twitter, Facebook, Dropbox, and several other major Web sites to be unaffected -- but not Yahoo. Valsorda's test uses Heartbleed to detect the words "yellow submarine" in a Web server's memory after an interaction using those words.
Other Web sites shown as vulnerable by Valsorda's tool include Imgur, OKCupid, and Eventbrite. Imgur and OKCupid both say they've patched the problem, and tests show Eventbrite apparently also did.
The vulnerability is officially called CVE-2014-0160 but is known informally as Heartbleed, a more glamorous name supplied by security firm Codenomicon, which along with Google researcher Neel Mehta discovered the problem.
"This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users, and the actual content," Codenomicon said. "This allows attackers to eavesdrop communications, steal data directly from the services and users, and to impersonate services and users."
To test the vulnerability, Codenomicon used Heartbleed on its own servers. "We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, usernames and passwords, instant messages, emails and business critical documents and communication," the company said.
However, Adam Langley, a Google security expert who helped close the OpenSSL hole, said his testing didn't reveal information as sensitive as secret keys. "When testing the OpenSSL heartbeat fix I never got key material from servers, only old connection buffers. (That includes cookies though)," Langley said on Twitter.
One of the companies affected by the vulnerability was password manager LastPass, but the company upgraded its servers as of 5:47 a.m. PT Tuesday, spokesman Joe Siegrist said. "LastPass is quite unique in that nearly all your data is also encrypted with a key that LastPass servers never get -- so this bug could not have exposed customer's encrypted data," Siegrist added.
The bug afflicts version 1.0.1 and 1.0.2-beta releases of OpenSSL, server software that ships with many versions of Linux and is used in popular Web servers, according to the OpenSSL project's advisory on Monday night. OpenSSL has released version 1.0.1g to fix the bug, but many Web site operators will have to scramble to update the software. In addition, they'll have to revoke security certificates that now might be compromised.
"Heartbleed is massive. Check your OpenSSL!" tweeted Nginx in a warning Tuesday.
OpenSSL is one implementation of the encryption technology variously called SSL (Secure Sockets Layer) or TLS (Transport Layer Security). It's what keeps prying eyes out of communications between a Web browser and Web server, but it's also used in other online services such as email and instant messaging, Codenomicon said.
The severity of the problem is lower for Web sites and others that implemented a feature called perfect forward secrecy, which changes security keys so that past and future traffic can't be decrypted even when a particular security key is obtained. Although big Net companies are embracing perfect forward secrecy, it's far from common.
LastPass has used perfect forward secrecy for the last six months, but is assuming its certificates could have been compromised before that. "This bug has been out there a long time," Siegrist said. "We have to assume our private keys were compromised, and we will be reissuing a certificate today."