General question: the leaked data in the heartbeat packets is encrypted, correct? If the service doesn't use perfect forward secrecy they would definitely be able to decrypt those packets to see what was leaked. What if they did use PFS?
Depending on how the exploit is written it can be encrypted or unencrypted. If the heartbeat is sent before the TLS handshake is finished, then the memory contents will be sent in the clear. If it is sent after the handshake is finished (meaning all crypto stuff has been agreed on by both sides) then the data will be encrypted. This also makes Heartbleed very hard to detect on the wire in general.
That is a really good question! I would only be guessing at whether or not they have PFS or not. On the one hand, it leaves the past vulnerable in case a breach happened, but on the other it makes diagnosing what much harder in cases like this.
Actually now I'm not sure if heartbeats are encrypted:
"It is irrelevant whether your system can even support some of the cipher suites in the list, because the Heartbeat request that triggers the vulnerability is sent before any encryption takes place."
Heartbleed doesn't just leak keys. It leaks random bits of memory, which can contain anything - private keys, encrypted data, unencrypted data, whatever happens to pop out. Problem is you can repeat the attack very quickly until the data you want - say, unencrypted SINs - comes out.
I know, and I'm not sure how this is relevant to my question.
I was specifically wondering if a) the heartbeat messages which leak data (keys or whatever) are encrypted or not, and b) if they are, and PFS was used, is it even possible for someone to audit a full packet capture for heartbeat attacks.
