Facebook Twitter Instagram Pinterest YouTube Tumblr LinkedIn RSS
    • About
    • Advertise
    • Contribute
    • Donate
    • Forum
    • Contact
    Login
    InfoStride NewsInfoStride News
    • Home
    • Business
    • Celebrity
    • Crime
    • Nigeria
    • Politics
    • Sports
    • Technology
    • More
      • COVID-19
      • Editor’s Picks
      • Health
      • Opinions
      • Press Releases
      • World
    Subscribe
    InfoStride NewsInfoStride News
    Home»Business Matters»Wild at Heart: Were Intelligence Agencies Using Heartbleed in November 2013?

    Wild at Heart: Were Intelligence Agencies Using Heartbleed in November 2013?

    Business Matters By EFFSourceApr 10, 2014No Comments3 Mins Read
    Facebook Twitter WhatsApp Pinterest LinkedIn Tumblr Email Reddit VKontakte

    Yesterday afternoon, Ars Technica published a story reporting two possible logs of Heartbleed attacks occurring in the wild, months before Monday’s public disclosure of the vulnerability. It would be very bad news if these stories were true, indicating that blackhats and/or intelligence agencies may have had a long period when they knew about the attack and could use it at their leisure.

    In response to the story, EFF called for further evidence of Heartbleed attacks in the wild prior to Monday. The first thing we learned was that the SeaCat report was a possible false positive; the pattern in their logs looks like it could be caused by ErrataSec’s masscan software, and indeed one of the source IPs was ErrataSec.

    The second log seems much more troubling. We have spoken to Ars Technica’s second source, Terrence Koeman, who reports finding some inbound packets, immediately following the setup and termination of a normal handshake, containing another Client Hello message followed by the TCP payload bytes 18 03 02 00 03 01 40 00 in ingress packet logs from November 2013. These bytes are a TLS Heartbeat with contradictory length fields, and are the same as those in the widely circulated proof-of-concept exploit.

    See also  Ayasdi Named Best of Show and Best Practices Winner at Bio-IT World 2014

    Koeman’s logs had been stored on magnetic tape in a vault. The source IP addresses for the attack were 193.104.110.12 and 193.104.110.20. Interestingly, those two IP addresses appear to be part of a larger botnet that has been systematically attempting to record most or all of the conversations on Freenode and a number of other IRC networks. This is an activity that makes a little more sense for intelligence agencies than for commercial or lifestyle malware developers.

    To reach a firmer conclusion about Heartbleed’s history, it would be best for the networking community to try to replicate Koeman’s findings. Any network operators who have extensive TLS-layer traffic logs can check for malicious heartbeats, which most commonly have a TCP payload of 18 03 02 00 03 01 40 00 or 18 03 01 00 03 01 40 00, although the 0x4000 at the end may be replaced with lower numbers, particularly in implementations that try to read multiple malloc chunk bins.

    See also  Soludo halts all revenue collections, cash payments as Obiano’s wife, Bianca Ojukwu fight

    Network operators might also keep an eye out for other interesting log entries from 193.104.110.* and the other IPs in the related botnet. Who knows what they might find?

    A lot of the narratives around Heartbleed have viewed this bug through a worst-case lens, supposing that it might have been used for some time, and that there might be tricks to obtain private keys somewhat reliably with it. At least the first half of that scenario is starting to look likely.

    Related Issues: 
    Encrypting the Web
    Security
    Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora  ||  Join EFF

    Source: Electronic Frontier Foundation (EFF) – eff.org

    Support InfoStride News' Credible Journalism: Only credible journalism can guarantee a fair, accountable and transparent society, including democracy and government. It involves a lot of efforts and money. We need your support. Click here to Donate

    Digital Media EFF EFF News Electronic Frontier Foundation Press Release Technology News
    Share. Facebook Twitter WhatsApp Pinterest Reddit Tumblr VKontakte Email LinkedIn

    Related Posts

    The Case For Investments In Nigeria’s Renewable Energy By Collins Okeke

    Mar 8, 2023

    Moment First Aeroplane Touched Down at Ogun State’s Gateway International Agro-Cargo Airport [VIDEO]

    Feb 24, 2023

    Ogun State’s Gateway International Agro Cargo Airport records Maiden Flight

    Feb 24, 2023

    Naira Swap Crisis: Commercial Banks shutdown Operations in Ogun State

    Feb 21, 2023
    Add A Comment

    Comments are closed.

    Get Social with Us
    • Facebook
    • Twitter 6.5K
    • Pinterest 92
    • Instagram
    • YouTube
    Latest Posts

    Senate President Slot: It is Not Your Turn – Eze Tells Kalu

    Mar 29, 2023

    Foluke Daramola Once Insulted Me When We Worked Together – Yeni Kuti

    Mar 29, 2023

    I Can’t Stand Seeing Fati Get Very Little Minutes At Barcelona – Father

    Mar 29, 2023

    Don’t Risk Your Pregnancy All In The Name Of Faith – Toolz

    Mar 29, 2023

    Subscribe to Updates

    Get the latest breaking news straight into your inbox!

    Random News

    Kamaru Usman Wasn’t Fit For The Clash Vs Leon Edwards – Francis Ngannou

    Mar 26, 2023

    Atletico Madrid Set To Appeal Ban On Diego Costa

    Apr 14, 2019

    Liverpool Game Showed There Can Be Life For MUFC Without Ronaldo – Paul Ince

    Aug 24, 2022

    COVID-19 Update in Nigeria: 6 New Cases confirmed, Total Cases now 238 – 6th April

    Apr 6, 2020

    InfoStride News delivers the latest breaking news, Nigeria news, world news and top stories on business, celebrity, entertainment, politics, sports, technology and more. Experience the best of in-depth coverage, special reports, football highlights, political opinions, crime watch, celebrity gossips etc.

    GooglePlay Store Button

    Support InfoStride News' Credible Journalism

    Credible journalism involves a lot of efforts and money; and can guarantee a fair, accountable and transparent society, including democracy and government. We need your support to continue offering free access to our loyal readers and visitors like you.

    Click here to Donate

    Facebook Twitter Instagram Pinterest YouTube Tumblr LinkedIn RSS
    • Our Terms
    © 2023 InfoStride News. All Rights Reserved.

    Type above and press Enter to search. Press Esc to cancel.

    Sign In or Register

    Welcome Back!

    Login to your account below.

    Continue with Facebook
    Continue with Google
    Continue with Twitter
    Lost password?