Current Internet Threat Level


Increased vigilance. Vulnerabilities or threats to computer networks require vulnerability assessment and corrective action due to the Heartbleed (CVE-2014-0160) issue.

Current AlertCon


Increased vigilance. Vulnerabilities or threats to computer networks require vulnerability assessment and corrective action.

Threats

Earlier this week, reports appeared regarding an issue with the OpenSSL library and the way it handles TLS/DTLS heartbeats between server and client. An attacker could exploit this vulnerability with code based on publicly available proof-of-concept code. Successful exploitation provides the attacker with up to 64K of the server's memory. The contents of this memory dump could include the server's private keys, user names, passwords, and other content that would normally be encrypted. Vulnerable systems would not only need to be patched with the appropriate version of OpenSSL (1.0.1g), but would also need to revoke their existing server keys and request a new certificate as well as requiring end users to reset their passwords. Public news article indicate that a large number of public sites are vulnerable to this attack. IBM is therefore raising the Threat Level to !AlertCon 2 to bring awareness to this issue. We will continue to monitor the situation and re-evaluate the Threat Level in the near future.

Recommendations

Update to OpenSSL 1.0.1g or later, revoke existing server certificates, recreate server certificate, reset user passowrds

Threat Forecast

We will continue to monitor the situation and re-evaluate the Threat Level in the near future.


X-Force Threat Analysis Service