Contenido principal

FREAK on Colombian domain names and Heartbleed one year later

Marzo 4, 2015

I am here writing again about some statistics, this time is for the new vulnerability found on SSL/TLS (FREAK Attack) against critical Colombian domain names. Same methogolody of Overview of OpenSSL security bug (CVE-2014-0160) on critical Colombian domain names is used in this post.



FREAK Attack on restricted colombian domain names

Identifying vulnerable domains

A python script was used to identify in a non-intrusive way the affected Colombian domain names (gov.co, edu.co, mil.co, and org.co):

    for domain in domains:
        result = ''
        IP = domain_exists(domain)
        if IP != False:
            if check_connectivity(IP):
                if check_FREAK(IP):
                    result = 'VULNERABLE'
                else:
                    result = 'NOT-VULNERABLE'
            else:
                result = 'SECURE-CHANNEL-UNSUPPORTED'
        else:
            result = 'NON-EXISTENT'

Results

2975 domain names were tested against the vulnerability, the results are impressive, from 1815 domains that support HTTPS only 46 are affected (it is possible to make a man in the middle attack while the domains is using SSL/TLS):



This is the detail of the results classified by each Third-level domain:

:arrow: gov.co, 662 not vulnerable, 18 vulnerable.
:arrow: edu.co, 689 not vulnerable, 15 vulnerable.
:arrow: mil.co, 58 not vulnerable, 1 vulnerable.
:arrow: org.co, 360 not vulnerable, 12 vulnerable.



Finally, we got the distribution of the vulnerable Colombian third-level domains:



Heartbleed a year later

One year later the same script and data were used to test the heartbleed vulnerability (Overview of OpenSSL security bug (CVE-2014-0160) on critical Colombian domain names), this is what I found:

:arrow: Only 2 domain names were found to be free of the Heartbleed vulnerability, 16 are still vulnerable.
:arrow: 177 domain names have implemented HTTPS.
:arrow: 115 domain names were deleted (or DNS A record does not exist).
:arrow: 86 domain names dropped HTTPS support.

Archivado en: Seguridad |

Deja un comentario