After this week's massive Heartbleed bug, one of the biggest concerns was that the bug might leak a website's private SSL keys, the key to the green lock that secures data sent to users. It's especially dangerous because, if an attacker did access the keys, they could be used even after the server was patched, allowing attacks months or even years in the future.
"If it is possible, it is at a minimum very hard."
But today, the content distribution network CloudFlare has announced Heartbleed may not allow access to those private keys after all. In two weeks of testing, the company has been unable to successfully access private keys with Heartbleed, suggesting the attack may not be possible at all. "If it is possible, it is at a minimum very hard," researcher Nick Sullivan writes. "And we have reason to believe... that it may in fact be impossible." If true, it makes Heartbleed much less dangerous than many had feared, offering a saving grace for compromised sites. Sullivan acknowledged that, in security tests, some private keys had been revealed by first requests to Apache servers, but he linked this to the process of restarting the server, which would severely limit the exposure to outside actors. Methods have also surfaced to help services tell if attackers have hit their servers using the bug. "Heartbleed still is extremely dangerous," says CEO Matthew Prince, "but some of the worst fears about it having been used by organizations like the NSA to hoover up everyone's private SSL keys look pretty unlikely to us based on this testing."
It's a gamble with real stakes
Robert David Graham of Errata Security had come to a similar conclusion earlier this week, writing a post titled, "Why Heartbleed Doesn't Leak the Private Key," but he publicly retracted the claim after facing disagreement from the security community. Researchers have been understandably wary of ruling out the line of attack, since a false negative might lull service operators into a dangerous sense of security. Still, two weeks after they first came into contact with the bug, CloudFlare is ready to call off at least some of the alarms.
To prove it, CloudFlare has set up an intentionally vulnerable page and challenged hackers to use Heartbleed to pull the site's private key. It's a gamble with real stakes: if the company is wrong, it will be revealed quickly and publicly, and as with Errata, many may call out the claims as irresponsible. At the same time, if the research holds up, it would mean the real damage from Heartbleed is much more limited than we thought. It's too early to say for sure, but after a brutal week, the news should give battered admins some cause for hope.
Update April 11, 12:08PM EST: Updated to acknowledge that private keys have been revealed by Apache servers on first request.
Update April 11, 9:39PM EST: Cloudflare now states that the Heartbleed bug has been successfully used to retrieve SSL keys, despite its earlier claim.