nanog mailing list archives
Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]
From: Scott Howard <scott () doc net au>
Date: Mon, 14 Apr 2014 23:54:38 -0700
On Mon, Apr 14, 2014 at 6:00 PM, Larry Sheldon <LarrySheldon () cox net> wrote:
Is the heartbleed bug not proof positive that it is not being done today?
On the contrary. Heartbleed is "proof" that memory IS cleared before being assigned to a *process*. The data available via the vulnerability is limited to data from the process itself, not from any other process on the system. ie, Heartbleed can give up your SSL keys, but not your /etc/shadow file. If memory wasn't cleared before being allocated to a process, every multi-user systems would be vulnerable to Heartbleed-style vulnerability - just allocate some memory, and go reading. Eventually you'd get something containing /etc/shadow or other data you shouldn't be seeing. Within a process (ie, memory being re-allocated to the same process) there are ways to achieve the same thing, however as there's generally no security reasons for doing so, and as there is a non-trivial overhead, it's not done by default. Scott
Current thread:
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years], (continued)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] TGLASSEY (Apr 16)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Scott Howard (Apr 16)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Barry Shein (Apr 16)
- Message not available
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Larry Sheldon (Apr 16)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Scott Howard (Apr 16)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Warren Bailey (Apr 11)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] William Herrin (Apr 11)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Scott Howard (Apr 15)