homepage Welcome to WebmasterWorld Guest from 54.226.43.155
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque & physics

Webmaster General Forum

    
SSL Encryption Broken By Hackers
engine




msg:4364771
 2:00 pm on Sep 20, 2011 (gmt 0)

SSL Encryption Broken By Hackers [theregister.co.uk]
Researchers have discovered a serious weakness in virtually all websites protected by the secure sockets layer protocol that allows attackers to silently decrypt data that's passing between a webserver and an end-user browser.

The vulnerability resides in versions 1.0 and earlier of TLS, or transport layer security, the successor to the secure sockets layer technology that serves as the internet's foundation of trust. Although versions 1.1 and 1.2 of TLS aren't susceptible, they remain almost entirely unsupported in browsers and websites alike, making encrypted transactions on PayPal, GMail, and just about every other website vulnerable to eavesdropping by hackers who are able to control the connection between the end user and the website he's visiting.


 

Leosghost




msg:4364800
 3:00 pm on Sep 20, 2011 (gmt 0)

deja foo
[webmasterworld.com...]

Hester




msg:4364904
 5:58 pm on Sep 20, 2011 (gmt 0)

There appear to be two short term solutions - please correct me if I am wrong.

1. Turn off JavaScript.

"An attacker slips a bit of JavaScript into your browser, and the JavaScript collaborates with a network sniffer to undermine your HTTPS connection."


2. Switch to the Opera browser.

"Opera remains the only browser that deploys TLS 1.2 by default."


(3. Enable TLS 1.2 in Internet Explorer, which is off by default I read. I don't know how you do that.)

graeme_p




msg:4364926
 7:25 pm on Sep 20, 2011 (gmt 0)

Another way appears to be not using encrypted and unecrupted connections simultaneously.

Opera remains the only browser that deploys TLS 1.2 by default.


The only major browser, certainly.

GnuTLS supports TLS 1.2, so browsers that use it may support TLS 1.2, but a bit of searching reveals that some browsers have it disabled because of backward compatibility issues with some sites. I wonder how Opera deals with these?

Hester




msg:4364940
 7:46 pm on Sep 20, 2011 (gmt 0)

That's my worry, that Opera will only use TLS 1.2 if the website also uses it. Otherwise won't it drop down to TLS 1.0?

physics




msg:4364961
 8:40 pm on Sep 20, 2011 (gmt 0)

In opera, there are checkboxes for security for
SSL 3.0
TLS 1
TLS 1.1
TLS 1.2

If I uncheck everything except tls 1.2, then neither https://www.amazon.com nor https://www.paypal.com will load. However if I check both TLS 1.1 and TLS 1.2, both work. Though a large bank site doesn't.

physics




msg:4364962
 8:43 pm on Sep 20, 2011 (gmt 0)


However, if I check only TLS 1.1, neither amazon nor paypal will load. So I don't really trust that Opera is doing what it's supposed to do when I check TLS 1.1 and TLS 1.2

Hester




msg:4364977
 9:19 pm on Sep 20, 2011 (gmt 0)

They might be using a mix of 1.1 and 1.2 across different servers.

physics




msg:4365029
 11:02 pm on Sep 20, 2011 (gmt 0)

For the paranoid among us - something to consider is to just use a certain browser (for example, Opera) ONLY for very secure things like online banking. Never visit any other sites with it. Then your chances of being exposed to these sorts of exploits are reduced (though not eliminated).

incrediBILL




msg:4365053
 12:43 am on Sep 21, 2011 (gmt 0)

nothing new, typical man in the middle attack I've been bitching about for years and suddenly it's a problem?

Funny, when I pointed out how easy it was people scoffed, too bad

Dijkgraaf




msg:4365067
 1:41 am on Sep 21, 2011 (gmt 0)

(3. Enable TLS 1.2 in Internet Explorer, which is off by default I read. I don't know how you do that.)


Tools, Internet Options, Advanced, tick TLS 1.2


From what I've read so far about this exploit is that "This attack requires that the attacker be able to sniff the traffic and run code on the victims machine to inject the chosen-plaintext into the stream." If you can run code on the victims machine, why bother trying to crack the encryption? Just intercept the data before it is encrypted. I suppose we will have to await further details

Dijkgraaf




msg:4365068
 1:55 am on Sep 21, 2011 (gmt 0)

Firefox 6.0.2 only has TLS 1.0 & SSL 3.0 (Options, Options, Advanced, Encryption tab)

IanKelley




msg:4365106
 4:40 am on Sep 21, 2011 (gmt 0)

This is definitely interesting, but it's easy to over exaggerate the risk of this happening in reality.

Provided I understand how this works...

First, you need access to a point between the user's computer and the target site. Generally speaking this means either compromising a major internet node, or hacking a work network. I'm leaving out unsecured wi-fi because, well, it's unsecured wi-fi :-)

If you manage to accomplish this impressive feat you then need to wait for a user passing through the network to access a site that has value to you (i.e. PayPal).

Now... (from the original article)

That means authentication cookies of 1,000 to 2,000 characters long will still take a minimum of a half hour

You have a half hour or so to decrypt a cookie, assuming of course it's under 2k, which isn't guaranteed by any means. It could end up taking you a lot longer.

If the user logs out or the session expires before you've decrypted the cookie it's useless. Which is likely, I imagine only a small percentage of visits to financial websites last more than a half hour. At PayPal it would be even less time since the majority of transactions are 2 clicks.

But suppose you manage it, even then, if the cookie in question uses an extra layer of security (a hash of the user agent and IP for example), it's useless even if you decrypt it before they log out. Of course you could get around this if you were expecting it, I'm just picking one example of how easy it is to make this exploit more difficult.

So, it's a real threat, but the chances of it effecting any of us are virtually nil.

graeme_p




msg:4365119
 5:05 am on Sep 21, 2011 (gmt 0)

I have been using a separate browser for certain trusted and important sites for years.

@IanKelly reassuring, but there are probably also much shorter authentication cookies around as well.

IanKelley




msg:4365122
 5:28 am on Sep 21, 2011 (gmt 0)

At a financial site the cookie is going to be encrypted by the back end before SSL gets to it, and it's probably going to contain more than just a password, which pretty much guarantees that it will be long.

wildbest




msg:4365123
 5:33 am on Sep 21, 2011 (gmt 0)

Tools, Internet Options, Advanced, tick TLS 1.2

There is no TLS 1.2 box in IE9. There is only TLS 1.0 box.

bill




msg:4365171
 8:01 am on Sep 21, 2011 (gmt 0)

There is no TLS 1.2 box in IE9. There is only TLS 1.0 box.

My office workstation only has the TLS 1.0 option as well, but at home IE9 has TLS 1.1 & TLS 1.2 options as well. You may want to check with your system administrator about that.

However, checking TLS 1.1 & TLS 1.2 in IE has been known to make certain sites unreachable...

frontpage




msg:4365281
 11:28 am on Sep 21, 2011 (gmt 0)

It does not matter if you are using Opera, if the server you are connecting to is not using TLS 1.2 as well.

graeme_p




msg:4365290
 11:50 am on Sep 21, 2011 (gmt 0)

it's probably going to contain more than just a password


Why would a cookie contain a password, and why would contain anything more than a session identifier?

However, checking TLS 1.1 & TLS 1.2 in IE has been known to make certain sites unreachable


That sounds like the problem with GnuTLS, and its even more of a problem if you disable TLS1 (and, of course, all SSL versions as well).

DO you want complete security, or everything working? Tough choice.

IanKelley




msg:4365295
 12:12 pm on Sep 21, 2011 (gmt 0)

You're right I should have typed session identifier instead of password.

Dijkgraaf




msg:4365572
 8:49 pm on Sep 21, 2011 (gmt 0)


Tools, Internet Options, Advanced, tick TLS 1.2


There is no TLS 1.2 box in IE9. There is only TLS 1.0 box.


There is in mine, maybe it it dependent on the operating system you are running?
I see TLS 1.0, 1.1, 1.2

Dijkgraaf




msg:4365635
 10:54 pm on Sep 21, 2011 (gmt 0)

[theregister.co.uk...]
Google has prepared an update for its Chrome browser that protects users against an attack that decrypts data sent between browsers and many websites protected by the secure sockets layer protocol.

Hester




msg:4365643
 11:07 pm on Sep 21, 2011 (gmt 0)

@graeme p: "I have been using a separate browser for certain trusted and important sites for years."

Which browser is that?

IanKelley




msg:4365652
 11:29 pm on Sep 21, 2011 (gmt 0)

From the article:

I happen to know the details of this attack since I work on Chrome's SSL/TLS stack. The linked article is sensationalist nonsense, but one should give the authors the benefit of the doubt because the press can be like that.
Fundamentally there's nothing that people should worry about here. Certainly it's not the case that anything is 'broken'.

Hester




msg:4365660
 12:06 am on Sep 22, 2011 (gmt 0)

Remember the UK beef scare? When politicans said there was nothing to worry about when eating beef? Then mad cow disease took hold and they were proved wrong. I'm just saying...

Leosghost




msg:4365668
 12:12 am on Sep 22, 2011 (gmt 0)

"Mad Cow disease" took hold of the UK in '79 ..when she came to power.

wildbest




msg:4365731
 6:16 am on Sep 22, 2011 (gmt 0)

There is in mine, maybe it it dependent on the operating system you are running?
I see TLS 1.0, 1.1, 1.2

There is SSL 2.0, SSL 3.0 but only TLS 1.0. There are no options for TLS 1.1 or 1.2. It is IE9 on Vista Home Premium SP2. What is interesting, I've deselected the TLS 1.0 box but it is still able to load ssl pages. Obviously it is programmed to use only one TLS version irrespective of user choices but isn't clear which one?

graeme_p




msg:4365814
 12:23 pm on Sep 22, 2011 (gmt 0)

@Hester, its changed over the years: Opera, Chromium, Epiphany, Midori, and now back to Opera because of this issue.

My reasoning is that using a separate browser for important sites, makes a cross site attack much harder.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved