Feeds

Akamai scoffs humble pie: Heartbleed defence crumbles, new SSL keys for customers

We got this covered ... er, maybe not

The Power of One eBook: Top reasons to choose HP BladeSystem

Akamai has issued new SSL certificates to some of its customers after realising its customized OpenSSL was not immune to the Heartbleed bug as first thought.

Some time ago, the web distribution giant modified the code to the open-source OpenSSL library and rolled the tweaked version out to just its servers: that adjustment changed the way the library allocates memory so that any particularly sensitive data, such as private crypto-keys, is kept well away from general-purpose allocations that can be mined from afar using the Heartbleed bug.

Akamai thus claimed its customers' private SSL keys were never vulnerable to any Heartbleed attacks: the bug is exploited by sifting through a remote machine's memory for secret goodies like passwords and keys, but the replacement memory allocator, implemented before the bug's discovery, should have thwarted that.

Even so, Akamai still applied the Heartbleed fix to its flavour of OpenSSL just to be safe, as the people who found the bug warned the biz before going public on Monday, 7 April. Crucially, Akamai didn't feel the need to issue more than a very small number of new SSL private keys.

On Friday, 11 April, five days after the Heartbleed vulnerable was revealed, Akamai staff wrote on their blog:

Akamai patched the announced Heartbleed vulnerability prior to its public announcement. We, like all users of OpenSSL, could have exposed passwords or session cookies transiting our network from August 2012 through 4 April 2014. Our custom memory allocator protected against nearly every circumstance by which Heartbleed could have leaked SSL keys. There is one very narrow window through which 4 Akamai server clusters had a vulnerable release for 9 days in March 2013. For the small number of customers potentially affected, we are pro-actively rotating certificates.

Akamai then shared the source code to its OpenSSL modifications with the world, which, while appreciated, is where the wheels started to fall off.

Independent infosec bod Willem Pinckaers looked over the code and was able to poke holes in Akamai's "secure" memory allocator, derailing its defence against the Heartbleed flaw.

By Monday, 14 April, the firm had reversed its position: it admitted it will change-up customers' private cryptographic keys after all – because there's a chance they could have been compromised by anyone who knew of the OpenSSL bug:

Over the weekend, an independent security researcher contacted Akamai about some defects in the software we use for memory allocation around SSL keys. We discussed Friday how we believed this had provided our SSL keys with protection against Heartbleed and had contributed the code back to the community. The code that we had contributed back was, as we noted, not a full patch, but would be a starting point for improving the openssl codebase.

In short: we had a bug. An RSA key has 6 critical values; our code would only attempt to protect 3 parts of the secret key, but does not protect 3 others. In particular, we only try to protect d, p, and q, but not d mod (p-1), d mod (q-1), or q^{-1} mod p. These intermediate extra values (the Chinese Remainder Theorem, or CRT, values) are calculated at key-generation time as a performance improvement. As the CRT values were not stored in the secure memory area, the possibility exists that these critical values for the SSL keys could have been exposed to an adversary exploiting the Heartbleed vulnerability. Given any CRT value, it is possible to calculate all 6 critical values.

As a result, we have begun the process of rotating all customer SSL keys/certificates. Some of these certificates will quickly rotate; some require extra validation with the certificate authorities and may take longer.

Akamai charges its customers extra for serving media over HTTPS from its distribution network, so not that many Akamai users opted for SSL and thus not that many stored private keys on the company's servers. Therefore not that many were affected by the Heartbleed flaw, as some security watchers have already pointed out.

Akaami acted promptly when it realised there was a problem, but crypto-experts still faulted the biz for placing too much confidence in safeguards that turned out to be flawed.

"Nothing against Akamai, but seriously: they held off replacing certs because they thought they were secure? Ugh," said Matthew Green, a professor of computer science at Johns Hopkins University. "I'd really like to hear the case that Akamai didn't play Russian Roulette with their customers' security."

Akamai is not the only tech giant getting it in the neck for its handling of Heartbleed. Dropbox has been faulted for failing to warn customers it was affected by dangerous bug until Saturday, and even then only mentioning it in an easily overlooked forum post rather than through its corporate blog.

The Australian went big on the issue instead of reporting on the opening of a Sydney office by the cloudy sync and share outfit, already under attack earlier this week for its appointment of former US Secretary of State (and surveillance advocate) Condoleezza Rice to its board of director as a privacy adviser. ®

The Power of One eBook: Top reasons to choose HP BladeSystem

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.