Feeds

World takes notice as SSL-chewing BEAST is unleashed

Google, Microsoft, Mozilla patch cracks in net's foundation of trust

Beginner's guide to SSL certificates

With the decrypting of a protected PayPal browser cookie at a security conference Friday, it became official: the internet's foundation of trust has suffered yet another serious fracture that will require the attention of the industry's best minds.

Within hours of the demonstration by researchers Juliano Rizzo and Thai Duong, Google researcher Adam Langley signaled his growing acceptance that secure sockets layer, the decade-old cryptographic standard that protects web addresses using the https prefix, was susceptible to an attack that previously was considered impractical. The result: by tampering with with an encryption algorithm's CBC – cipher block chaining – mode, hackers could secretly decrypt portions of the encrypted traffic.

“The CBC attacks were believed to be largely theoretical but, as Duong and Rizzo have pointed out today, that's no longer the case,” Langley wrote.

He went on say that, as previously reported, developers of Google's Chrome browser are experimenting with a work-around but are not yet sure if it will create incompatibilities with various websites. He also said Google SSL is highly resistant to the attack because it favors the RC4 cipher, which doesn't use CBC.

By Monday, both Microsoft and Mozilla acknowledged that their wares were also affected. An advisory issued by Redmond recommended that websites follow Google's lead to favor the RC4 cipher while Microsoft engineers develop a Windows update to patch the underlying weakness. Mozilla, meanwhile, made public a three-month old discussion of the underlying vulnerability and the best way to fix it without breaking huge numbers of websites.

To be fair, Duong and Rizzo's exploit isn't the easiest to pull off. Attackers must already control the network used by the intended victim, and they can only recover secret information that's transmitted repeatedly in a predictable location of the encrypted data stream. They must also have means to subvert a safety mechanism built into the web known as the same-origin policy, which dictates that data set by one domain name can't be read or modified by a different address.

To get around the SOP, the researchers used a Java applet, but they said there are other methods for achieving the same goal.

But as Duong and Rizzo showed, those constraints weren't enough to stop them from revealing the plaintext of an SSL-protected browser cookie transmitted with each request that a logged-in PayPal user makes on the payments website. Using what's presumed to be a super-fast connection somewhere in Mountain View, California, Duong was able to recover the authentication in about two minutes, giving him everything he needed to gain unauthorized access to someone else's account.

The researchers have published a post-presentation analysis and video here. For an excellent technical description of the attack, check out this analysis from Eric Rescorla. It's upshot is the mildly comforting conclusion that “no SSL/TLS is not completely broken.”

Moxie Marlinspike, a researcher who has repeatedly poked holes in the SSL protocol and its transport-layer security successor, put it this way:

“As it stands, given the number of difficult conditions necessary for deploying this attack, as well as the dependency on leveraging a Java applet for violating SOP, it seems extremely unlikely that individual browser users will be personally affected by this vulnerability.”

Fair enough. But keep in mind, too, that BEAST, short for Browser Exploit Against SSL/TLS, isn't the only reason to question the adequacy of the cryptographic system the entire internet uses to prevent eavesdroppers from accessing your private accounts. And remember that a patch introduced by OpenSSL in 2002 to fix this very vulnerability was turned off because it introduced incompatibilities in software from Microsoft.

SSL encryption may have dodged a bullet for now, but as the recent DigiNotar debacle demonstrated, the system itself isn't immune to real-world attacks that have very real consequences for those who depend on it. ®

Intelligent flash storage arrays

More from The Register

next story
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
Oi, Europe! Tell US feds to GTFO of our servers, say Microsoft and pals
By writing a really angry letter about how it's harming our cloud business, ta
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Protecting against web application threats using SSL
SSL encryption can protect server‐to‐server communications, client devices, cloud resources, and other endpoints in order to help prevent the risk of data loss and losing customer trust.