Welcome to WebmasterWorld Guest from 50.17.114.227

Forum Moderators: phranque

Message Too Old, No Replies

SSL Encryption Broken By Hackers

     
2:00 pm on Sep 20, 2011 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:22287
votes: 236


SSL Encryption Broken By Hackers [theregister.co.uk]
Researchers have discovered a serious weakness in virtually all websites protected by the secure sockets layer protocol that allows attackers to silently decrypt data that's passing between a webserver and an end-user browser.

The vulnerability resides in versions 1.0 and earlier of TLS, or transport layer security, the successor to the secure sockets layer technology that serves as the internet's foundation of trust. Although versions 1.1 and 1.2 of TLS aren't susceptible, they remain almost entirely unsupported in browsers and websites alike, making encrypted transactions on PayPal, GMail, and just about every other website vulnerable to eavesdropping by hackers who are able to control the connection between the end user and the website he's visiting.

3:00 pm on Sept 20, 2011 (gmt 0)

Senior Member from FR 

WebmasterWorld Senior Member leosghost is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Feb 15, 2004
posts:6717
votes: 230


deja foo
[webmasterworld.com...]
5:58 pm on Sept 20, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Dec 5, 2002
posts: 1318
votes: 0


There appear to be two short term solutions - please correct me if I am wrong.

1. Turn off JavaScript.

"An attacker slips a bit of JavaScript into your browser, and the JavaScript collaborates with a network sniffer to undermine your HTTPS connection."


2. Switch to the Opera browser.

"Opera remains the only browser that deploys TLS 1.2 by default."


(3. Enable TLS 1.2 in Internet Explorer, which is off by default I read. I don't know how you do that.)
7:25 pm on Sept 20, 2011 (gmt 0)

Senior Member from LK 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 16, 2005
posts:2417
votes: 17


Another way appears to be not using encrypted and unecrupted connections simultaneously.

Opera remains the only browser that deploys TLS 1.2 by default.


The only major browser, certainly.

GnuTLS supports TLS 1.2, so browsers that use it may support TLS 1.2, but a bit of searching reveals that some browsers have it disabled because of backward compatibility issues with some sites. I wonder how Opera deals with these?
7:46 pm on Sept 20, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Dec 5, 2002
posts: 1318
votes: 0


That's my worry, that Opera will only use TLS 1.2 if the website also uses it. Otherwise won't it drop down to TLS 1.0?
8:40 pm on Sept 20, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 27, 2001
posts:2547
votes: 0


In opera, there are checkboxes for security for
SSL 3.0
TLS 1
TLS 1.1
TLS 1.2

If I uncheck everything except tls 1.2, then neither [amazon.com...] nor [paypal.com...] will load. However if I check both TLS 1.1 and TLS 1.2, both work. Though a large bank site doesn't.
8:43 pm on Sept 20, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 27, 2001
posts:2547
votes: 0



However, if I check only TLS 1.1, neither amazon nor paypal will load. So I don't really trust that Opera is doing what it's supposed to do when I check TLS 1.1 and TLS 1.2
9:19 pm on Sept 20, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Dec 5, 2002
posts: 1318
votes: 0


They might be using a mix of 1.1 and 1.2 across different servers.
11:02 pm on Sept 20, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 27, 2001
posts:2547
votes: 0


For the paranoid among us - something to consider is to just use a certain browser (for example, Opera) ONLY for very secure things like online banking. Never visit any other sites with it. Then your chances of being exposed to these sorts of exploits are reduced (though not eliminated).
12:43 am on Sept 21, 2011 (gmt 0)

Administrator from US 

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 25, 2005
posts:14622
votes: 87


nothing new, typical man in the middle attack I've been bitching about for years and suddenly it's a problem?

Funny, when I pointed out how easy it was people scoffed, too bad
1:41 am on Sept 21, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:May 31, 2005
posts:1108
votes: 0


(3. Enable TLS 1.2 in Internet Explorer, which is off by default I read. I don't know how you do that.)


Tools, Internet Options, Advanced, tick TLS 1.2


From what I've read so far about this exploit is that "This attack requires that the attacker be able to sniff the traffic and run code on the victims machine to inject the chosen-plaintext into the stream." If you can run code on the victims machine, why bother trying to crack the encryption? Just intercept the data before it is encrypted. I suppose we will have to await further details
1:55 am on Sept 21, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:May 31, 2005
posts:1108
votes: 0


Firefox 6.0.2 only has TLS 1.0 & SSL 3.0 (Options, Options, Advanced, Encryption tab)
4:40 am on Sept 21, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Oct 4, 2001
posts: 1259
votes: 11


This is definitely interesting, but it's easy to over exaggerate the risk of this happening in reality.

Provided I understand how this works...

First, you need access to a point between the user's computer and the target site. Generally speaking this means either compromising a major internet node, or hacking a work network. I'm leaving out unsecured wi-fi because, well, it's unsecured wi-fi :-)

If you manage to accomplish this impressive feat you then need to wait for a user passing through the network to access a site that has value to you (i.e. PayPal).

Now... (from the original article)

That means authentication cookies of 1,000 to 2,000 characters long will still take a minimum of a half hour

You have a half hour or so to decrypt a cookie, assuming of course it's under 2k, which isn't guaranteed by any means. It could end up taking you a lot longer.

If the user logs out or the session expires before you've decrypted the cookie it's useless. Which is likely, I imagine only a small percentage of visits to financial websites last more than a half hour. At PayPal it would be even less time since the majority of transactions are 2 clicks.

But suppose you manage it, even then, if the cookie in question uses an extra layer of security (a hash of the user agent and IP for example), it's useless even if you decrypt it before they log out. Of course you could get around this if you were expecting it, I'm just picking one example of how easy it is to make this exploit more difficult.

So, it's a real threat, but the chances of it effecting any of us are virtually nil.
5:05 am on Sept 21, 2011 (gmt 0)

Senior Member from LK 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 16, 2005
posts:2417
votes: 17


I have been using a separate browser for certain trusted and important sites for years.

@IanKelly reassuring, but there are probably also much shorter authentication cookies around as well.
5:28 am on Sept 21, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Oct 4, 2001
posts: 1259
votes: 11


At a financial site the cookie is going to be encrypted by the back end before SSL gets to it, and it's probably going to contain more than just a password, which pretty much guarantees that it will be long.
5:33 am on Sept 21, 2011 (gmt 0)

Preferred Member

10+ Year Member

joined:Jan 19, 2006
posts:508
votes: 0


Tools, Internet Options, Advanced, tick TLS 1.2

There is no TLS 1.2 box in IE9. There is only TLS 1.0 box.
8:01 am on Sept 21, 2011 (gmt 0)

Administrator from JP 

WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:Oct 12, 2000
posts: 14478
votes: 49


There is no TLS 1.2 box in IE9. There is only TLS 1.0 box.

My office workstation only has the TLS 1.0 option as well, but at home IE9 has TLS 1.1 & TLS 1.2 options as well. You may want to check with your system administrator about that.

However, checking TLS 1.1 & TLS 1.2 in IE has been known to make certain sites unreachable...
11:28 am on Sept 21, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 23, 2002
posts:659
votes: 0


It does not matter if you are using Opera, if the server you are connecting to is not using TLS 1.2 as well.
11:50 am on Sept 21, 2011 (gmt 0)

Senior Member from LK 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 16, 2005
posts:2417
votes: 17


it's probably going to contain more than just a password


Why would a cookie contain a password, and why would contain anything more than a session identifier?

However, checking TLS 1.1 & TLS 1.2 in IE has been known to make certain sites unreachable


That sounds like the problem with GnuTLS, and its even more of a problem if you disable TLS1 (and, of course, all SSL versions as well).

DO you want complete security, or everything working? Tough choice.
12:12 pm on Sept 21, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Oct 4, 2001
posts: 1259
votes: 11


You're right I should have typed session identifier instead of password.
8:49 pm on Sept 21, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:May 31, 2005
posts:1108
votes: 0



Tools, Internet Options, Advanced, tick TLS 1.2


There is no TLS 1.2 box in IE9. There is only TLS 1.0 box.


There is in mine, maybe it it dependent on the operating system you are running?
I see TLS 1.0, 1.1, 1.2
10:54 pm on Sept 21, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:May 31, 2005
posts:1108
votes: 0


[theregister.co.uk...]
Google has prepared an update for its Chrome browser that protects users against an attack that decrypts data sent between browsers and many websites protected by the secure sockets layer protocol.
11:07 pm on Sept 21, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Dec 5, 2002
posts: 1318
votes: 0


@graeme p: "I have been using a separate browser for certain trusted and important sites for years."

Which browser is that?
11:29 pm on Sept 21, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Oct 4, 2001
posts: 1259
votes: 11


From the article:

I happen to know the details of this attack since I work on Chrome's SSL/TLS stack. The linked article is sensationalist nonsense, but one should give the authors the benefit of the doubt because the press can be like that.
Fundamentally there's nothing that people should worry about here. Certainly it's not the case that anything is 'broken'.
12:06 am on Sept 22, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Dec 5, 2002
posts: 1318
votes: 0


Remember the UK beef scare? When politicans said there was nothing to worry about when eating beef? Then mad cow disease took hold and they were proved wrong. I'm just saying...
12:12 am on Sept 22, 2011 (gmt 0)

Senior Member from FR 

WebmasterWorld Senior Member leosghost is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Feb 15, 2004
posts:6717
votes: 230


"Mad Cow disease" took hold of the UK in '79 ..when she came to power.
6:16 am on Sept 22, 2011 (gmt 0)

Preferred Member

10+ Year Member

joined:Jan 19, 2006
posts:508
votes: 0


There is in mine, maybe it it dependent on the operating system you are running?
I see TLS 1.0, 1.1, 1.2

There is SSL 2.0, SSL 3.0 but only TLS 1.0. There are no options for TLS 1.1 or 1.2. It is IE9 on Vista Home Premium SP2. What is interesting, I've deselected the TLS 1.0 box but it is still able to load ssl pages. Obviously it is programmed to use only one TLS version irrespective of user choices but isn't clear which one?
12:23 pm on Sept 22, 2011 (gmt 0)

Senior Member from LK 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 16, 2005
posts:2417
votes: 17


@Hester, its changed over the years: Opera, Chromium, Epiphany, Midori, and now back to Opera because of this issue.

My reasoning is that using a separate browser for important sites, makes a cross site attack much harder.