{"id":5311,"date":"2014-04-10T13:23:52","date_gmt":"2014-04-10T17:23:52","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=5311"},"modified":"2014-04-10T13:23:52","modified_gmt":"2014-04-10T17:23:52","slug":"researchers-find-thousands-of-potential-targets-for-heartbleed-openssl-bug","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2014\/04\/10\/researchers-find-thousands-of-potential-targets-for-heartbleed-openssl-bug\/","title":{"rendered":"Researchers find thousands of potential targets for Heartbleed OpenSSL bug"},"content":{"rendered":"<p style=\"text-align:center;\"><a href=\"http:\/\/arstechnica.com\/security\/2014\/04\/researchers-find-thousands-of-potential-targets-for-heartbleed-openssl-bug\/\"><img data-recalc-dims=\"1\" height=\"427\" width=\"640\" src=\"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/04\/bullseye-640x427.jpg?resize=640%2C427\" alt='' \/><\/a><\/p>\n<p>A team of security researchers at the University of Michigan has used an open source network scanner called ZMap to search the Internet for servers still vulnerable to the &#8220;Heartbleed&#8221; exploit, which can be used to retrieve user names, passwords, and possibly even private encryption keys from servers that use the popular OpenSSL 1.0.1 cryptographic library. OpenSSL patched the vulnerability earlier this week, but hundreds of thousands of Web servers and other network-connected devices that use the affected libraries are still vulnerable.<\/p>\n<p>ZMap, developed at the University of Michigan by Assistant Professor J. Alex Halderman and computer science graduate students Zakir Durumeric and Eric Wusterow, can perform a complete scan of the Internet&#8217;s address space in less than 45 minutes if run on a machine with a gigabit network connection. Durumeric, Halderman, undergraduate computer science student David Adrian, and Research Associate Professor Michael Bailey configured a ZMap scan for the Heartbleed vulnerability, seeded with Alexa&#8217;s list of the 1 million most popular domains on the Internet.<\/p>\n<p>&#8220;As of 4:00 PM on April 9, 2014,&#8221; the researchers reported in their results, &#8220;we found that 34 percent of the Alexa Top 1 Million websites support TLS. Of the websites that support HTTPS, 11 percent are vulnerable, 27 percent safely support the heartbeat extension, and 61 percent do not support the heartbeat extension (and are therefore safe). While we are still completing full scans of the Internet, initial results show that approximately 6% of all hosts that support HTTPS remain vulnerable. We will be updating these numbers as more scan results become available. We are not releasing full Internet-wide scans at this time.&#8221;<\/p>\n<p>The top domain vulnerable to the Heartbleed bug is Kaskus, an Indonesian social media site, which uses SSL-based connections for user-authenticated sessions. Also showing up in the report (at least as of yesterday) are some sites that may not use SSL in a way that exposes user credentials, such as cloud-based file sharing provider ZeoNet, which uses SSL and TLS to encrypt uploads. It does not use username and password authentication, though the contents of files being sent to service might be at risk through a Heartbleed attack. Twitter photo sharing service Twitpic.com uses OAuth tokens for authentication, not usernames, and is also vulnerable. And some sites that show up on the report may not use HTTPS for anything at all. (One such site, Clickey.com, doesn&#8217;t properly authenticate itself over a secure connection.)<\/p>\n<p>Perhaps the most attractive target for malicious hackers at the top of the list is Avazu Network, an online advertising network. And a large number of of e-commerce sites are still exposed, including a Russian Android phone store and a number of alternative Android app stores.<\/p>\n<p>via <a href=\"http:\/\/arstechnica.com\/security\/2014\/04\/researchers-find-thousands-of-potential-targets-for-heartbleed-openssl-bug\/\" target=\"_blank\">Researchers find thousands of potential targets for Heartbleed OpenSSL bug | Ars Technica<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A team of security researchers at the University of Michigan has used an open source network scanner called ZMap to [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[7,10],"tags":[342,475,1024,1177],"class_list":["post-5311","post","type-post","status-publish","format-standard","hentry","category-security","category-technology","tag-exploits","tag-heartbleed","tag-ssl","tag-vulnerabilities"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-1nF","jetpack-related-posts":[{"id":5681,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/06\/03\/meet-cupid-the-heartbleed-attack-that-spawns-evil-wi-fi-networks\/","url_meta":{"origin":5311,"position":0},"title":"Meet \u201cCupid,\u201d the Heartbleed attack that spawns \u201cevil\u201d Wi-Fi networks","author":"NCCT","date":"June 3, 2014","format":false,"excerpt":"Enlarge \/ A packet capture showing Cupid attacking a wireless network. SysValue \u00a0 \u00a0 It just got easier to exploit the catastrophic Heartbleed vulnerability against wireless networks and the devices that connect to them thanks to the release last week of open source code that streamlines the process of plucking\u2026","rel":"","context":"In &quot;Networking&quot;","block_context":{"text":"Networking","link":"https:\/\/nccomputertech.com\/techtalk\/category\/networking\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/cdn.arstechnica.net\/wp-content\/uploads\/2014\/06\/heartbleed_cupid_img1-640x356.png?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/cdn.arstechnica.net\/wp-content\/uploads\/2014\/06\/heartbleed_cupid_img1-640x356.png?resize=350%2C200 1x, https:\/\/i0.wp.com\/cdn.arstechnica.net\/wp-content\/uploads\/2014\/06\/heartbleed_cupid_img1-640x356.png?resize=525%2C300 1.5x"},"classes":[]},{"id":8278,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/05\/13\/venom-vulnerability-more-dangerous-than-heartbleed-targets-most-virtual-machines\/","url_meta":{"origin":5311,"position":1},"title":"Venom vulnerability more dangerous than Heartbleed, targets most virtual machines","author":"NCCT","date":"May 13, 2015","format":false,"excerpt":"Researchers have uncovered a new bug that\u2019s much more dangerous than last year\u2019s Heartbleed vulnerability. Venom, short for Virtualized Environment Neglected Operations Manipulation, could allow an attacker to infiltrate a datacenter and take over its entire network. As ZDNet notes, most datacenters use virtual machines to segregate customers, allowing the\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.techspot.com\/images2\/news\/bigimage\/2015-05-13-image-3.jpg?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.techspot.com\/images2\/news\/bigimage\/2015-05-13-image-3.jpg?resize=350%2C200 1x, https:\/\/i0.wp.com\/www.techspot.com\/images2\/news\/bigimage\/2015-05-13-image-3.jpg?resize=525%2C300 1.5x"},"classes":[]},{"id":6634,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/10\/15\/google-discovers-vulnerability-in-ssl-3-0-dubbed-poodle\/","url_meta":{"origin":5311,"position":2},"title":"Google discovers vulnerability in SSL 3.0 dubbed &#8216;Poodle&#8217;","author":"NCCT","date":"October 15, 2014","format":false,"excerpt":"Google has published details of a vulnerability in the design of SSL version 3.0. The attack, referred to as POODLE (Padding Oracle On Downgraded Legacy Encryption), allows the plaintext of secure connections to be calculated by a network attacker according to a Google blog post on the matter. Despite the\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5958,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/07\/10\/crypto-certificates-impersonating-google-and-yahoo-pose-threat-to-windows-users\/","url_meta":{"origin":5311,"position":3},"title":"Crypto certificates impersonating Google and Yahoo pose threat to Windows users","author":"NCCT","date":"July 10, 2014","format":false,"excerpt":"People using Internet Explorer and possibly other Windows applications could be at risk of attacks that abuse counterfeit encryption certificates recently discovered masquerading as legitimate credentials for Google, Yahoo, and possibly an unlimited number of other Internet properties. A blog post published Tuesday by Google security engineer Adam Langley said\u2026","rel":"","context":"In &quot;Microsoft&quot;","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/07\/disguise-kit-640x728.jpg?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/07\/disguise-kit-640x728.jpg?resize=350%2C200 1x, https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/07\/disguise-kit-640x728.jpg?resize=525%2C300 1.5x"},"classes":[]},{"id":7112,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/12\/10\/researchers-say-poodle-can-be-repurposed-to-attack-tls-10-percent-of-the-servers-vulnerable\/","url_meta":{"origin":5311,"position":4},"title":"Researchers say Poodle can be repurposed to attack TLS, 10 percent of the servers vulnerable","author":"NCCT","date":"December 10, 2014","format":false,"excerpt":"A couple of months after researchers at Google uncovered POODLE (Padding Oracle On Downgraded Legacy Encryption), a vulnerability in a specific version of the SSL protocol, security firm Qualys has announced that the issue also affects implementations of the TLS protocol. Poodle allows attackers to compromise the secure connection between\u2026","rel":"","context":"In &quot;Networking&quot;","block_context":{"text":"Networking","link":"https:\/\/nccomputertech.com\/techtalk\/category\/networking\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":7586,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/02\/06\/sneaky-linux-malware-comes-with-sophisticated-custom-built-rootkit\/","url_meta":{"origin":5311,"position":5},"title":"Sneaky Linux malware comes with sophisticated custom-built rootkit","author":"NCCT","date":"February 6, 2015","format":false,"excerpt":"A malware program designed for Linux systems, including embedded devices with ARM architecture, uses a sophisticated kernel rootkit that\u2019s custom built for each infection. The malware, known as XOR.DDoS, was first spotted in September by security research outfit Malware Must Die. However, it has since evolved and new versions were\u2026","rel":"","context":"In &quot;Linux&quot;","block_context":{"text":"Linux","link":"https:\/\/nccomputertech.com\/techtalk\/category\/linux\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/5311","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=5311"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/5311\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=5311"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=5311"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=5311"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}