Time to change passwords

Today, at Yandex, we will show all users a link to a page with our tips on how important it is to keep track of your passwords and change them regularly.

You probably guess why we do that. CVE-2014-0160 is one of the most serious vulnerabilities found in recent years. It cannot be said that it concerns only individual services and sites - the vulnerability has affected almost the entire Internet. OpenSSL is one of the most common crypto libraries. According to various estimates, up to two thirds of all HTTPS connections on the Internet are organized using this library.

In this post I will tell you how we reacted to information about vulnerability, what, when and why we did it.

HeartBleed has affected OpenSSL versions from 1.0.1 to 1.0.1g. We started using this branch of OpenSSL in December 2013, since previous versions did not support the new strong cryptographic protocols TLS 1.1 and TLS 1.2 (you can check how strong the protocols are supported by the service, for example, here ).
')
We learned about the vulnerability on the night of Tuesday, April 8, as soon as information about it appeared in public sources. It took us a little time to analyze and assess the degree of criticality of the problem.

It is important to note here that in services for which a high degree of accessibility is of paramount importance - and these are almost all Yandex services with a multimillion audience - no update can be installed “hot” or automatically. The slightest discrepancy - and a large number of users may experience difficulties in working with services.

In Yandex, as you know, a huge number of servers, and checking for the presence of vulnerability in them could be a big problem. Fortunately, we have long since implemented automation mechanisms for security checks. We talked about them in detail at the YaC 2011 conference . All we needed was to make the corresponding module for the system that scans our services for vulnerabilities out of publicly available PoC. Within an hour, we already had a full picture, and all the responsible system administrators were automatically notified and set to work. Testing, which must necessarily be conducted, in this case was done in the shortest possible time. Already by lunchtime, the largest Yandex services were updated. Our monitoring mechanism will also help eliminate in the future the likelihood that some system will end up with a problematic version of OpenSSL.

Updating the version of OpenSSL has eliminated the most serious problem that can be exploited practically: the theft of request and response headers to the web server. Theft of the private key of the web server is theoretically possible, but it is practically associated with some technical difficulties. We, like the researchers who discovered the vulnerability, believe that theft of private SSL-keys using this attack is unlikely. Although you can attach a small essay about password security to 64 kb of data from the memory of a web server, the appearance of SSL keys in it requires the coincidence of many factors. However, we decided to gradually replace the SSL certificates on our services. By the way, in critical Yandex services (Mail, Passport, client and partner Yandex.Direct interfaces) we use HTTPS with PFS support. Therefore, even if we assume that in the future, for some reason, the private keys of the SSL servers will be compromised, the traffic of already completed user sessions will remain protected.

The most difficult thing in this unpleasant story was to decide what to do with potentially affected users. The problem was that the exploitation of this vulnerability leaves no trace in the logs of the web server. Therefore, we could not have direct evidence that the problem was exploited en masse. We decided to build on the time interval that began with the publication of the vulnerability and ended with the moment of update rollout to our servers. The authentication data of millions of users could potentially be affected. Mass razlogin and the more so force a change of password in the absence of accurate information about the fact of compromising users could do much more harm than good.

Fortunately, we have on hand a list of users who could theoretically suffer. And using the mechanisms of automatic detection of malicious activity within the user session, we will direct these users to log in and change the password.

In addition, as I mentioned, today on the Yandex main page there will be links to the security.yandex.ru page. We believe that passwords should be changed regularly and the events of recent days are a good reason to remember this.