CVE-2014-0160 (Heartbleed)

Intro
Heartbleed is regarded as one of the most severe security flaws in IT history. The flaw lies within the OpenSSL cryptography library which has become a standard implementation in the Transport Layer Security (TLS) protocol. What made it such a severe vulnerability is that it allowed attackers to steal information passing through, what was meant to be, a secure internet connection. Sensitive information such as usernames and passwords, banking details and other private information (for both individuals and organizations) was at risk of being compromised. Another factor that added to the severity of the Heartbleed was that a vast majority of highly reputable and frequently used websites were vulnerable to this flaw.

How it Works
OpenSSL is a protocol that essentially encrypts the data between a server and computer (or other devices) over the internet, thereby creating a secure connection and protecting the data. When the data leaves its source, it gets encrypted and when it reaches its destination it gets decrypted for the recipient to access or view undefined. The flaw lies within OpenSSL's source code, specifically how the protocol handles payload sizes. When the user connects to a website's server, their computer will periodically send a message known as a heartbeat to the server to determine if it's still connected and responding undefined.

There are three parameters that need to be fulfilled when a heartbeat takes place. The first parameter is the data sent by the client (the web user's machine), the second parameter is the space allocated for the user's heartbeat data to be sent to, and the third parameter is the payload that tells the server's data space how large the user's heartbeat is. The allocated space on the server's side needs to match the size of the user's heartbeat (basically a 1:1 ratio) undefined. However the server's space can never be empty otherwise this method would not work, so there is always data residing in that space but it's marked to be overwritten by the next heartbeat.

When the user's computer sends a heartbeat to the server, that message is x amount of bytes in size, and therefore the server's allocated space replaces the data inside it with the user's message by matching its size as indicated by the payload parameter, and then the server will send that same message back to the user. When the next heartbeat is sent, the user's previous message sent to the server is overwritten by the next message received by the server.

For example (see Figure 1) the user sends the server a string "hello" and let's say it's 5 bytes in size (point 1). In point 2 the server will allocate 5 bytes of space to the message and overwrite 5 bytes of the last message it received, however some previous data may still reside in the space (marked in grey). It will then proceed to send that 5 byte message back to the user as indicated in point 3, and point 4 illustrates that only the message the user sent is all that was sent back.

The attack itself is very simple, because all the attacker would have to do is falsify the payload size of the heartbeat and the server will respond accordingly and thereby send more information in its response than what its suppose to, and this can be private information that was sent over the OpenSSL and also the private keys necessary to decrypt data passing through the secure connection undefined.

Referring to Figure 2 below, the attacker can send a message, "hello", which is 5 bytes in size, but crafts a special packet to make the payload tell the server that the size is 1000 bytes (point 1). The flaw then comes into play here as the OpenSSL will not verify the size the payload is claiming and the server will just accept any payload size without question and respond accordingly (point 3). So even though the message the attacker sent was actually only 5 bytes in size, the payload told the server it's 1000 bytes and therefore the server will send 1000 bytes of data back to the attacker as it reads beyond the allocated space and this data is the old data residing in that space that should have been overwritten but wasn't.

Outcome
The data captured by an attacker is completely random, so there may be some cases where nothing valuable is captured. However it's been noted that highly skilled individuals may be able to specifically target the information they want by crafting highly specialized packets.

The attacker can steal banking information such as account details, bank card information, web account credentials, contact information, private messages, server private keys which can be used to discreetly capture and decrypt data over secure connections, and they can capture valid web sessions which can allow the attacker to access and impersonate individuals and organisations (depending on the session captured) undefined.

Affected Sites
Below is a list of some major websites that were affected by the vulnerability, however the complete list contains over half a million websites. After the discovery of Heartbleed it was advised that users change their account passwords if they belonged to any affected sites.
 * Amazon Web Services
 * Bitbucket
 * GitHub
 * Mojang
 * Pinterest
 * Prezi
 * Reddit
 * SoundCloud
 * SourceForge
 * Tumblr
 * Wikipedia

Additional Facts

 * OpenSSL was launched in 2012 but the vulnerability was only reported in 2014, meaning it went unnoticed for two years, given that the code flaw itself was considered to be a fundamental one.
 * There have been theories the vulnerability were discovered shortly after the launch of OpenSSL but it was never reported.
 * Some believed the vulnerability has been used by intelligence agencies worldwide to discreetly capture internet traffic. But it's believed some security companies used it as well to monitor cyber criminal activity and some organizations used it for corporate espionage. However, no conclusive evidence to support these theories has been found.