infp
msg:3711616 | 9:45 pm on Jul 30, 2008 (gmt 0) |
| you only need to dnsspoof the destination and issue a fake SSL cert as a response |
|
In other words, if the user uses the browser as they should, the attack fails. If you visit a site with a SSL certificate that fails verification (based on root certificates) then IE7 displays a page saying something like "Warning: This server may not be secure and you should not view pages from it" (in IE6 the warning is not a dead-end whole screen, but a Yes/No dialog box -- but IE6 is fortunately dying). In conclusion, if you use SSL and do not ignore warnings like "This site has an invalid certificate", then you don't have to worry about man-in-the-middle attacks even if you use open wifi. The rest is FUD.
|
incrediBILL
msg:3711637 | 10:10 pm on Jul 30, 2008 (gmt 0) |
OK, you want me to really scare the crowd, right? I didn't want to bring up ettercap [ettercap.sourceforge.net], which is completely transparent and doesn't impact your certficate whatsoever. You won't see an invalid cert, nothing, because all ettercap does is sniff and dissect. FWIW, you can even find software that will crack a WEP key on a wifi, login in and let ettercap do the sniffing. No FUD there, no certificate warning either. [edited by: incrediBILL at 10:12 pm (utc) on July 30, 2008]
|
incrediBILL
msg:3711649 | 10:18 pm on Jul 30, 2008 (gmt 0) |
Here's some further Wifi and SSL fun from an Insecurity article on Infoworld [infoworld.com]: | Another interesting issue my friend noticed was how many HTTPS-enabled Web sites did not implement SSL correctly -- users' log-in names and passwords were being sent in clear text. This included communications to remotely accessed security devices, portals, and firewalls. |
|
This article is a couple of years old and I would like to hope much of this insecurity has been fixed since it was written but I wouldn't risk it because there is no patch for stupidity. [edited by: incrediBILL at 10:26 pm (utc) on July 30, 2008]
|
incrediBILL
msg:3711687 | 11:34 pm on Jul 30, 2008 (gmt 0) |
I've been doing a little more research to find some insightful articles that will open people's eyes to the threats of wifi and also bust some more of the FUD surrounding the topic. Here's a nice article from the NYT's about the sniffing software and wifi hotspots [pogue.blogs.nytimes.com]: | He turned his laptop around to reveal all of this: * Every copy of every e-mail message I sent *and* received. * A list of the Web sites I visited. * Even, incredibly, the graphics that had appeared on the Web sites I had visited. None of this took any particular effort, hacker skill or fancy software. Anyone could do it. You could do it. All Jon needed was a “packet sniffing” program; such software is free and widely available. (He used a Mac program called Eavesdrop.) It sniffs the airwaves and displays whatever data it finds being transmitted in the public hot spot. |
|
How fun is that? The wifi doesn't even need to be compromised, no man-in-the-middle. It's so easy you too can do it so why not assume everyone else in the wifi hotspot is sniffing YOUR traffic just like your could sniff theirs! Can you say wireless broadband card? Here's a nice article on Tech Republic explaining why EV-DO is more secure [articles.techrepublic.com.com]. | But EV-DO doesn't use WEP. Instead, encrypted CDMA transmissions use a 42-bit pseudo-noise (PN) sequence called a long code. The long code scrambles transmissions through the standardized Cellular Authentication and Voice Encryption (CAVE) algorithm to generate a 128-bit subkey called Shared Secret Data (SSD). This key then feeds into an Advanced Encryption Standard (AES) algorithm to encrypt the transmissions. AES is a symmetric encryption algorithm used by governments to protect sensitive information. If governments use AES to encrypt their data, it should be good enough to protect your data as well. |
|
Bottom line, if you can't afford wireless broadband or it's not available in your area then using the TOR proxy [torproject.org] is definitely your best bet to being secure on a public wifi network or even your HOME wifi network for that matter since WEP can be hacked. [edited by: incrediBILL at 12:04 am (utc) on July 31, 2008]
|
the_nerd
msg:3711903 | 9:19 am on Jul 31, 2008 (gmt 0) |
all the former posts focus on wifi. Does this mean we don't have any MITM problems on e.g. DSL lines? In other words, does Mallory have a chance to squeeze in between Alice and Bob also on normal internet connections?
|
webdoctor
msg:3711939 | 10:34 am on Jul 31, 2008 (gmt 0) |
| the TOR proxy is definitely your best bet to being secure on a public wifi network |
|
Errr... I would never route MY sensitive traffic through a TOR proxy. Bruce Schneier's opinion appears to be that that anonymity and privacy aren't the same [wired.com], and I'd agree with him.
|
himalayaswater
msg:3712082 | 2:27 pm on Jul 31, 2008 (gmt 0) |
@the_nerd, Yes, ISP staff can do that but they are too busy, IMHO..
|
infp
msg:3712141 | 3:28 pm on Jul 31, 2008 (gmt 0) |
| I didn't want to bring up ettercap, which is completely transparent and doesn't impact your certficate whatsoever. |
|
That software is again useless in this context. There is no way for a man in the middle to impersonate the remote server, unless he has a valid certificate (or the user ignores the warning screen displayed by the browser). Otherwise, believe me, e-commerce would not exist by now. If the attack works, then either your computer has been compromised or the remote server has been compromised.
|
incrediBILL
msg:3712295 | 5:42 pm on Jul 31, 2008 (gmt 0) |
| There is no way for a man in the middle to impersonate the remote server, unless he has a valid certificate |
|
I originally stated I didn't want to spell out how to completely pull off a flawless MITM attack but if you must challenge the SSL cert issue again let me explain how it works without the error... To pull off a true MITM attack without giving away the certificate error, you have to start with an HTTP page, which many people start with such as the bank home page and then login to HTTPS from there. If the MITM proxy replaces the HTTPS address of the bank with https://www.examplebank.com, such as how I described it above, then you connect to https://www.examplebank.com instead of your bank, no error given. So if you don't notice the domain name change then you're running via the proxy which has a valid cert. As a matter of fact, any server that has a valid SSL cert which has been compromised by hackers can be used for this process just like the phishing scams. Besides, most people wouldn't think twice and would click OK even with the cert warning which is why most MITM attacks don't go to much extreme. If you think people aren't that stupid then try to explain why there are hundreds of thousands of compromised machines from people opening emails from sources they don't know, accepting downloads from rogue sites, etc.. People just aren't that savvy and bypass simple security to get where they want to go, simple as that. [edited by: incrediBILL at 5:50 pm (utc) on July 31, 2008]
|
infp
msg:3712470 | 9:13 pm on Jul 31, 2008 (gmt 0) |
| If the MITM proxy replaces the HTTPS address of the bank with https://www.examplebank.com, such as how I described it above, then you connect to https://www.examplebank.com instead of your bank, no error given. |
|
That is not a man-in-the-middle attack as such. That is a user visiting an incorrect URL (the desired SSL connection does not exist so there is nothing to attack). If you bookmark your blog admin page, you can avoid making such a mistake. Besides, you must start with a non-SSL page, which is forbidden if you want to discuss MITM attacks on SSL (https is required). | Besides, most people wouldn't think twice and would click OK |
|
That should mean that SSL cannot prevent MITM attacks? Doesn't it rather mean that some users cannot use SSL? | As a matter of fact, any server that has a valid SSL cert which has been compromised by hackers can be used for this process just like the phishing scams. |
|
Yes, that's why I wrote: "If the attack works, then either your computer has been compromised or the remote server has been compromised." [edited by: infp at 9:35 pm (utc) on July 31, 2008]
|
infp
msg:3712486 | 9:32 pm on Jul 31, 2008 (gmt 0) |
It should also be pointed out that SSL encryption is not the same thing as 'wifi' encryption. In the past, 'wifi' encryption was quite insecure and easy to break. This has nothing to do with SSL though (and is again a good source of repeated SSL-related FUD :-) [edited by: infp at 9:48 pm (utc) on July 31, 2008]
|
incrediBILL
msg:3712490 | 9:34 pm on Jul 31, 2008 (gmt 0) |
| That is not a man-in-the-middle attack as such. |
|
You're being way to literal because the MITM attack just means that man is just in the middle of your conversation. If you can't sniff the conversation you can simply redirect it through your own proxy which doesn't make it any less of a MITM because someone's server is between you and the intended destination. | That means that SSL cannot prevent MITM attacks? Or, rather, that some users cannot use SSL? |
|
SSL doesn't prevent anything except stopping you from decoding the conversation which is why you need to intercept and reroute it through your own SSL proxy. Also some users cannot use SSL properly, or email, or any other thing and overlook subtle things like domain changes or why they had to click OK to continue. | the remote server has been compromised |
|
Not the intended remote server, for instance the bank, they don't have to be compromised for the MITM to inject a proxy server hosted on some other compromised machine that is an intermediate between the wifi user and the bank.
|
infp
msg:3712495 | 9:44 pm on Jul 31, 2008 (gmt 0) |
I thought the topic was "How Safe is SSL from MITM (Man In The Middle) Attacks". The attacks you mentioned, however, are not attacks on SSL connections. The first attack assumes that the user starts browsing a non-SSL URL that takes him to an incorrect URL. This is not an attack on SSL. The desired SSL connection does not exist (with respect to our topic, you have nothing to attack). The other attacks are not attacks on SSL but exploitation of ignorance of users and their inability to use SSL. This does not mean that SSL cannot protect against MITM attacks (it means that not all people can use SSL). | SSL doesn't prevent anything except stopping you from decoding the conversation |
|
SSL protects: - The authenticity of the data (you know where/who it came from). - Confidentiality of the data (nobody knows what you are receiving/sending). - Integrity (alteration of data by MITM produces random garbage instead of meaningful changes and the alteration is detected).
|
infp
msg:3712500 | 9:52 pm on Jul 31, 2008 (gmt 0) |
Also, if a hacker steals or otherwise acquires the certificate of the remote server, we can consider the server compromised.
|
incrediBILL
msg:3712513 | 10:21 pm on Jul 31, 2008 (gmt 0) |
Yes, we know what SSL protects, that wasn't my point. SSL doesn't stop you from being conned with a MITM using his own (or acquired) server to perpetrate a fraud assuming he redirected you to his server as outlined previously. | hacker steals or otherwise acquires the certificate of the remote server |
|
The hacker doesn't need to steal a cert, he could actually have a legit cert on his own server. Who said the bad guys can't buy certs? It's not that hard to obtain one.
|
blaze
msg:3712627 | 2:47 am on Aug 1, 2008 (gmt 0) |
INFP is technically right, however I think he's using his technical knowledge to incorrectly dismiss an important problem. SSL, when used correctly, is generally safe. There are some attacks against the random private key generation that is used in each protocol setup, but they are usually defeated by better hardware/software these days. However, there are many ways to ensure that SSL is not used properly, especially with older browsers that have poor communication with the user. Also, if the wifi connection is compromised, it's usually pretty easy to insert a keylogger virus that will install and compromise your client.
|
infp
msg:3712895 | 12:47 pm on Aug 1, 2008 (gmt 0) |
| However, there are many ways to ensure that SSL is not used properly |
|
Again, the fact that some users can't use SSL properly (due to their ignorance) does not mean that SSL cannot prevent MITM attacks. It can, but you need to actually use it (and use it as intended). | Also, if the wifi connection is compromised, it's usually pretty easy to insert a keylogger virus that will install and compromise your client. |
|
If you connect only via SSL and do not ignore browser warnings, then you will remain secure even if the wifi connection is compromised. Otherwise, your computer has been compromised and is insecure (not SSL).
|
infp
msg:3712905 | 12:50 pm on Aug 1, 2008 (gmt 0) |
| The hacker doesn't need to steal a cert, he could actually have a legit cert on his own server. |
|
We are analyzing a scenario where a valid SSL connection is established to a secure server, not to a hacker's server. If there's no such connection, there's nothing to attack and nothing to discuss.
|
incrediBILL
msg:3713346 | 6:35 pm on Aug 1, 2008 (gmt 0) |
| We are analyzing a scenario where a valid SSL connection is established to a secure server |
|
Actually, I wasn't because the real fun starts WHEN the connection is initially established on WIFI, not if it already exists. The potential for SSL mayhem in a compromised wifi situation means you have control over the DNS which allows you to redirect the conversation through a proxy in the first place. That's what was being discussed from the first post.
|
infp
msg:3713832 | 2:33 pm on Aug 2, 2008 (gmt 0) |
To conclude this thread: SSL will prevent MITM attacks even on insecure wifi connections (that are fully controlled by an attacker) provided that: - SSL is used as intended (the user must not ignore warning screens). - Neither your computer nor the remote server has been compromised. - The remote server has a certificate issued by a public trustworthy certificate authority. - The user makes sure he or she visits the correct URL (use bookmarks to access your blog admin page) starting with https:// Happy browsing.
|
pageoneresults
msg:3713850 | 3:31 pm on Aug 2, 2008 (gmt 0) |
^ That's quite a bit to ask of the average consumer of these types services, don't you think? By the way, I am in no way an expert or even qualified to discuss SSL from this perspective. But, as a new user in this area, I'm clueless! How do "I", the clueless consumer, do all of the above? I just got my laptop too. Help me out here. Don't forget, I've been online since 1995 so I'm not "too" clueless. ;) Also, what are all these "unsecured networks" appearing in my wireless networks? Should I connect to those? They are free right? Well, that's what I want. A "free" connection. :) Heh! It would be if that darn red warning would stop coming up! I just click the link that reads continue to website anyway. ;)
|
infp
msg:3713870 | 3:53 pm on Aug 2, 2008 (gmt 0) |
| That's quite a bit to ask of the average consumer of these types services, don't you think? |
|
Why is this irrelevant argument repeated again? Whether the average user can use SSL is a completely different topic and not my problem. The topic is: "Can SSL prevent MITM attacks?" The answer is: Yes.
|
pageoneresults
msg:3713874 | 4:04 pm on Aug 2, 2008 (gmt 0) |
| The topic is: "Can SSL prevent MITM attacks?" The answer is: Yes. |
|
Hmmm, the <title> reads... | How Safe is SSL from MITM (Man In The Middle) Attacks? |
|
You guys are talking way over my head so I'm trying to understand what's going on. Bear with me here. You say Yes. Bill says No. Which is it? I am really confused at this point. Can we get some clarification? | (in IE6 the warning is not a dead-end whole screen, but a Yes/No dialog box -- but IE6 is fortunately dying) |
|
I wish you would tell that to a large corporate here in So Cal who refuses to upgrade to IE7. Their IT department only allows one IE7 install per office. Go figure...
|
incrediBILL
msg:3713980 | 7:21 pm on Aug 2, 2008 (gmt 0) |
| The topic is: "Can SSL prevent MITM attacks?" The answer is: Yes. |
|
The answer has been overwhelmingly NO if you can steer the SSL connection to your server. You keep assuming MITM is there during an existing conversation but the MITM can be there from the start and direct the data flow to his own server which I've covered a couple of times, which was the initial premise. As a matter of fact, just so the surfer doesn't know the MITM is even there, the initial request is usually a LOGIN starting from an HTTP page, not an SSL page, which is where the problem starts. The MITM using dnspoof and an SSL proxy can quickly collect your login information and then execute a redirect to the REAL destination so you've just compromised your password without even a change of the URL in the status bar. Not sure if MSIE or FF alerts when one SSL server redirects to a different SSL server, probably not. It would appear totally seamless and the MITM could go back at his leisure and login to your bank account and wire transfer all your money offshore. [edited by: incrediBILL at 7:23 pm (utc) on Aug. 2, 2008]
|
incrediBILL
msg:3713984 | 7:33 pm on Aug 2, 2008 (gmt 0) |
I'll give most banks credit these days that when you type in examplebank.com they redirect to https://examplebank.com so the entire conversation is theoretically in SSL. The problem is that unless the initial request from the visitor is made directly to just examplebank.com it gives the MITM an opportunity to serve up a phish page instead of letting the bank perform it's initial 301 redirect to https://examplebank.com. So you're safest if you physically type in the https:// yourself and don't let the server do the redirect. [edited by: incrediBILL at 7:33 pm (utc) on Aug. 2, 2008]
|
infp
msg:3714243 | 12:59 pm on Aug 3, 2008 (gmt 0) |
This is my last try to undo the immense amount of FUD this thread contains: SSL will prevent MITM attacks even on insecure wifi connections (that are fully controlled by an attacker) even if DNS is spoofed or whatever, provided that: - SSL is used as intended (the user must not ignore warning screens). - Neither your computer nor the remote server has been compromised. - The remote server has a certificate issued by a public trustworthy certificate authority. - The user makes sure he or she visits the correct URL (use bookmarks to access your blog admin page) starting with https:// I will not post any other message to this thread, because it obviously leads nowhere and I don't have that much energy to waste.
|
incrediBILL
msg:3714408 | 9:50 pm on Aug 3, 2008 (gmt 0) |
| use bookmarks to access your blog admin page) starting with https:// |
|
Yes, I'll agree if you use bookmarks starting with HTTPS and don't click OK on a cert warning you'll probably be safe. However, the odds of more than a handful of people reading this thread and heading that warning are slim which is why the MITM will still be successful. At least a few people now might know what to look out for. Sadly, most ISPs don't provide secure POP or webmail services, except gmail, so most people will compromise their email accounts at a minimum if they check them. Like I've said before, I'll stick with wireless broadband which is the most secure option at the moment and others can roll the dice with wifi as they wish and hope there's nobody sniffing.
|
|
