Leosghost
msg:4364800 | 3:00 pm on Sep 20, 2011 (gmt 0) |
deja foo
[webmasterworld.com...]
|
Hester
msg:4364904 | 5:58 pm on Sep 20, 2011 (gmt 0) |
There appear to be two short term solutions - please correct me if I am wrong.
1. Turn off JavaScript.
| "An attacker slips a bit of JavaScript into your browser, and the JavaScript collaborates with a network sniffer to undermine your HTTPS connection." |
|
2. Switch to the Opera browser.
| "Opera remains the only browser that deploys TLS 1.2 by default." |
|
(3. Enable TLS 1.2 in Internet Explorer, which is off by default I read. I don't know how you do that.)
|
graeme_p
msg:4364926 | 7:25 pm on Sep 20, 2011 (gmt 0) |
Another way appears to be not using encrypted and unecrupted connections simultaneously.
| Opera remains the only browser that deploys TLS 1.2 by default. |
|
The only major browser, certainly.
GnuTLS supports TLS 1.2, so browsers that use it may support TLS 1.2, but a bit of searching reveals that some browsers have it disabled because of backward compatibility issues with some sites. I wonder how Opera deals with these?
|
Hester
msg:4364940 | 7:46 pm on Sep 20, 2011 (gmt 0) |
That's my worry, that Opera will only use TLS 1.2 if the website also uses it. Otherwise won't it drop down to TLS 1.0?
|
physics
msg:4364961 | 8:40 pm on Sep 20, 2011 (gmt 0) |
In opera, there are checkboxes for security for
SSL 3.0
TLS 1
TLS 1.1
TLS 1.2
If I uncheck everything except tls 1.2, then neither https://www.amazon.com nor https://www.paypal.com will load. However if I check both TLS 1.1 and TLS 1.2, both work. Though a large bank site doesn't.
|
physics
msg:4364962 | 8:43 pm on Sep 20, 2011 (gmt 0) |
However, if I check only TLS 1.1, neither amazon nor paypal will load. So I don't really trust that Opera is doing what it's supposed to do when I check TLS 1.1 and TLS 1.2
|
Hester
msg:4364977 | 9:19 pm on Sep 20, 2011 (gmt 0) |
They might be using a mix of 1.1 and 1.2 across different servers.
|
physics
msg:4365029 | 11:02 pm on Sep 20, 2011 (gmt 0) |
For the paranoid among us - something to consider is to just use a certain browser (for example, Opera) ONLY for very secure things like online banking. Never visit any other sites with it. Then your chances of being exposed to these sorts of exploits are reduced (though not eliminated).
|
incrediBILL
msg:4365053 | 12:43 am on Sep 21, 2011 (gmt 0) |
nothing new, typical man in the middle attack I've been bitching about for years and suddenly it's a problem?
Funny, when I pointed out how easy it was people scoffed, too bad
|
Dijkgraaf
msg:4365067 | 1:41 am on Sep 21, 2011 (gmt 0) |
| (3. Enable TLS 1.2 in Internet Explorer, which is off by default I read. I don't know how you do that.) |
|
Tools, Internet Options, Advanced, tick TLS 1.2
From what I've read so far about this exploit is that "This attack requires that the attacker be able to sniff the traffic and run code on the victims machine to inject the chosen-plaintext into the stream." If you can run code on the victims machine, why bother trying to crack the encryption? Just intercept the data before it is encrypted. I suppose we will have to await further details
|
Dijkgraaf
msg:4365068 | 1:55 am on Sep 21, 2011 (gmt 0) |
Firefox 6.0.2 only has TLS 1.0 & SSL 3.0 (Options, Options, Advanced, Encryption tab)
|
IanKelley
msg:4365106 | 4:40 am on Sep 21, 2011 (gmt 0) |
This is definitely interesting, but it's easy to over exaggerate the risk of this happening in reality.
Provided I understand how this works...
First, you need access to a point between the user's computer and the target site. Generally speaking this means either compromising a major internet node, or hacking a work network. I'm leaving out unsecured wi-fi because, well, it's unsecured wi-fi :-)
If you manage to accomplish this impressive feat you then need to wait for a user passing through the network to access a site that has value to you (i.e. PayPal).
Now... (from the original article)
| That means authentication cookies of 1,000 to 2,000 characters long will still take a minimum of a half hour |
|
You have a half hour or so to decrypt a cookie, assuming of course it's under 2k, which isn't guaranteed by any means. It could end up taking you a lot longer.
If the user logs out or the session expires before you've decrypted the cookie it's useless. Which is likely, I imagine only a small percentage of visits to financial websites last more than a half hour. At PayPal it would be even less time since the majority of transactions are 2 clicks.
But suppose you manage it, even then, if the cookie in question uses an extra layer of security (a hash of the user agent and IP for example), it's useless even if you decrypt it before they log out. Of course you could get around this if you were expecting it, I'm just picking one example of how easy it is to make this exploit more difficult.
So, it's a real threat, but the chances of it effecting any of us are virtually nil.
|
graeme_p
msg:4365119 | 5:05 am on Sep 21, 2011 (gmt 0) |
I have been using a separate browser for certain trusted and important sites for years.
@IanKelly reassuring, but there are probably also much shorter authentication cookies around as well.
|
IanKelley
msg:4365122 | 5:28 am on Sep 21, 2011 (gmt 0) |
At a financial site the cookie is going to be encrypted by the back end before SSL gets to it, and it's probably going to contain more than just a password, which pretty much guarantees that it will be long.
|
wildbest
msg:4365123 | 5:33 am on Sep 21, 2011 (gmt 0) |
| Tools, Internet Options, Advanced, tick TLS 1.2 |
|
There is no TLS 1.2 box in IE9. There is only TLS 1.0 box.
|
bill
msg:4365171 | 8:01 am on Sep 21, 2011 (gmt 0) |
| There is no TLS 1.2 box in IE9. There is only TLS 1.0 box. |
|
My office workstation only has the TLS 1.0 option as well, but at home IE9 has TLS 1.1 & TLS 1.2 options as well. You may want to check with your system administrator about that.
However, checking TLS 1.1 & TLS 1.2 in IE has been known to make certain sites unreachable...
|
frontpage
msg:4365281 | 11:28 am on Sep 21, 2011 (gmt 0) |
It does not matter if you are using Opera, if the server you are connecting to is not using TLS 1.2 as well.
|
graeme_p
msg:4365290 | 11:50 am on Sep 21, 2011 (gmt 0) |
| it's probably going to contain more than just a password |
|
Why would a cookie contain a password, and why would contain anything more than a session identifier?
| However, checking TLS 1.1 & TLS 1.2 in IE has been known to make certain sites unreachable |
|
That sounds like the problem with GnuTLS, and its even more of a problem if you disable TLS1 (and, of course, all SSL versions as well).
DO you want complete security, or everything working? Tough choice.
|
IanKelley
msg:4365295 | 12:12 pm on Sep 21, 2011 (gmt 0) |
You're right I should have typed session identifier instead of password.
|
Dijkgraaf
msg:4365572 | 8:49 pm on Sep 21, 2011 (gmt 0) |
Tools, Internet Options, Advanced, tick TLS 1.2 |
|
There is no TLS 1.2 box in IE9. There is only TLS 1.0 box. |
|
There is in mine, maybe it it dependent on the operating system you are running?
I see TLS 1.0, 1.1, 1.2
|
Dijkgraaf
msg:4365635 | 10:54 pm on Sep 21, 2011 (gmt 0) |
[theregister.co.uk...]
| Google has prepared an update for its Chrome browser that protects users against an attack that decrypts data sent between browsers and many websites protected by the secure sockets layer protocol. |
|
|
Hester
msg:4365643 | 11:07 pm on Sep 21, 2011 (gmt 0) |
@graeme p: "I have been using a separate browser for certain trusted and important sites for years."
Which browser is that?
|
IanKelley
msg:4365652 | 11:29 pm on Sep 21, 2011 (gmt 0) |
From the article:
I happen to know the details of this attack since I work on Chrome's SSL/TLS stack. The linked article is sensationalist nonsense, but one should give the authors the benefit of the doubt because the press can be like that.
Fundamentally there's nothing that people should worry about here. Certainly it's not the case that anything is 'broken'. |
|
|
Hester
msg:4365660 | 12:06 am on Sep 22, 2011 (gmt 0) |
Remember the UK beef scare? When politicans said there was nothing to worry about when eating beef? Then mad cow disease took hold and they were proved wrong. I'm just saying...
|
Leosghost
msg:4365668 | 12:12 am on Sep 22, 2011 (gmt 0) |
"Mad Cow disease" took hold of the UK in '79 ..when she came to power.
|
wildbest
msg:4365731 | 6:16 am on Sep 22, 2011 (gmt 0) |
There is in mine, maybe it it dependent on the operating system you are running?
I see TLS 1.0, 1.1, 1.2 |
|
There is SSL 2.0, SSL 3.0 but only TLS 1.0. There are no options for TLS 1.1 or 1.2. It is IE9 on Vista Home Premium SP2. What is interesting, I've deselected the TLS 1.0 box but it is still able to load ssl pages. Obviously it is programmed to use only one TLS version irrespective of user choices but isn't clear which one?
|
graeme_p
msg:4365814 | 12:23 pm on Sep 22, 2011 (gmt 0) |
@Hester, its changed over the years: Opera, Chromium, Epiphany, Midori, and now back to Opera because of this issue.
My reasoning is that using a separate browser for important sites, makes a cross site attack much harder.
|
|
