1 / 7

Heartbleed and its consequences

This article discusses the Heartbleed vulnerability in OpenSSL, its impact on CERN and other sites, and the steps taken to mitigate risks and protect user accounts.

jimmyt
Download Presentation

Heartbleed and its consequences

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Heartbleed and itsconsequences Stefan LüdersCERN Computer Security Officer ACCU 20140603

  2. The OpenSSL vulnerability • “On a scale of 1 to 10, this is an 11” (Bruce Schneier) • (2014/04/08) Extracting first 64kB from memory including secrets: https://www.openssl.org/news/secadv_20140407.txt • Affected: OpenSSL v1.0.2-beta[1], 1.0.1[a-f], SLC6 • Many sites outside CERN are affected: http://mashable.com/2014/04/09/heartbleed-bug-websites-affected • Some clients are affected (NOT: Windows, OSX, iOS, FF, Chrome) • 1266+ servers at CERN (64% splunkd, 24% web servers) • 73 with firewall openings to the Internet • Not affected: CERN SSO, Mail, LXPLUS, SLC5, most CERN web sites, CERN Eduroam

  3. Balancing Risks and Consequences • Exploits of Heartbleed haven’t been seen yet. • Still, we cannot exclude that CERN password (hashes) were not exposed. • Thus, all passwords of CERN primary and secondary had to be changed as a preventive measure. • CERN lightweight accounts, the EDH signature password, DB accounts acceptably safe. No further action needed. • Service account passwords recommended to be changed(66% did). • Time window: April 14th to May 26th

  4. Password Reset Campaign • All affected account owners notified once or twice per e-mail. • Additional announcements in the Bulletin, ITUM, DHs, entrance panels, Windows PC screens, SSB, SSO portal: • ~1000 accounts of CERN staff & students blocked (May 13th-20th) • ~2000 passwords to be changed at next login(CERN SSO portal, Windows PC, WTS or LXPLUS) (May 26th-27th)

  5. Thank you! …for helping keeping CERN save & secure.

More Related