Feeds

World takes notice as SSL-chewing BEAST is unleashed

Google, Microsoft, Mozilla patch cracks in net's foundation of trust

Choosing a cloud hosting partner with confidence

With the decrypting of a protected PayPal browser cookie at a security conference Friday, it became official: the internet's foundation of trust has suffered yet another serious fracture that will require the attention of the industry's best minds.

Within hours of the demonstration by researchers Juliano Rizzo and Thai Duong, Google researcher Adam Langley signaled his growing acceptance that secure sockets layer, the decade-old cryptographic standard that protects web addresses using the https prefix, was susceptible to an attack that previously was considered impractical. The result: by tampering with with an encryption algorithm's CBC – cipher block chaining – mode, hackers could secretly decrypt portions of the encrypted traffic.

“The CBC attacks were believed to be largely theoretical but, as Duong and Rizzo have pointed out today, that's no longer the case,” Langley wrote.

He went on say that, as previously reported, developers of Google's Chrome browser are experimenting with a work-around but are not yet sure if it will create incompatibilities with various websites. He also said Google SSL is highly resistant to the attack because it favors the RC4 cipher, which doesn't use CBC.

By Monday, both Microsoft and Mozilla acknowledged that their wares were also affected. An advisory issued by Redmond recommended that websites follow Google's lead to favor the RC4 cipher while Microsoft engineers develop a Windows update to patch the underlying weakness. Mozilla, meanwhile, made public a three-month old discussion of the underlying vulnerability and the best way to fix it without breaking huge numbers of websites.

To be fair, Duong and Rizzo's exploit isn't the easiest to pull off. Attackers must already control the network used by the intended victim, and they can only recover secret information that's transmitted repeatedly in a predictable location of the encrypted data stream. They must also have means to subvert a safety mechanism built into the web known as the same-origin policy, which dictates that data set by one domain name can't be read or modified by a different address.

To get around the SOP, the researchers used a Java applet, but they said there are other methods for achieving the same goal.

But as Duong and Rizzo showed, those constraints weren't enough to stop them from revealing the plaintext of an SSL-protected browser cookie transmitted with each request that a logged-in PayPal user makes on the payments website. Using what's presumed to be a super-fast connection somewhere in Mountain View, California, Duong was able to recover the authentication in about two minutes, giving him everything he needed to gain unauthorized access to someone else's account.

The researchers have published a post-presentation analysis and video here. For an excellent technical description of the attack, check out this analysis from Eric Rescorla. It's upshot is the mildly comforting conclusion that “no SSL/TLS is not completely broken.”

Moxie Marlinspike, a researcher who has repeatedly poked holes in the SSL protocol and its transport-layer security successor, put it this way:

“As it stands, given the number of difficult conditions necessary for deploying this attack, as well as the dependency on leveraging a Java applet for violating SOP, it seems extremely unlikely that individual browser users will be personally affected by this vulnerability.”

Fair enough. But keep in mind, too, that BEAST, short for Browser Exploit Against SSL/TLS, isn't the only reason to question the adequacy of the cryptographic system the entire internet uses to prevent eavesdroppers from accessing your private accounts. And remember that a patch introduced by OpenSSL in 2002 to fix this very vulnerability was turned off because it introduced incompatibilities in software from Microsoft.

SSL encryption may have dodged a bullet for now, but as the recent DigiNotar debacle demonstrated, the system itself isn't immune to real-world attacks that have very real consequences for those who depend on it. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Simplify SSL certificate management across the enterprise
Simple steps to take control of SSL across the enterprise, and recommendations for a management platform for full visibility and single-point of control for these Certificates.