2011.09: BEAST – Browser Exploit Against SSL/TLS
- BEAST demo (2011.09.25) – http://vnhacker.blogspot.com/2011/09/beast.html
- “Firefox devs mull dumping Java to stop BEAST attacks” (“‘Horrible user experience’ for your own good”) by Dan Goodin (The Register; 2011.09.29) – http://www.theregister.co.uk/2011/09/29/firefox_killing_java/
- “World takes notice as SSL-chewing BEAST is unleashed- Google, Microsoft, Mozilla patch cracks in net’s foundation of trust” by Dan Goodin (The Register; 2011.09.27) – http://www.theregister.co.uk/2011/09/27/beast_attacks_paypay/
- To be fair, Duong and Rizzo’s exploit isn’t the easiest to pull off. Attackers must already control the network used by the intended victim, and they can only recover secret information that’s transmitted repeatedly in a predictable location of the encrypted data stream. They must also have means to subvert a safety mechanism built into the web known as the same-origin policy, which dictates that data set by one domain name can’t be read or modified by a different address.
- “Security impact of the Rizzo/Duong CBC “BEAST” attack” by EKR (2011.10.23) – http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html
- “What does the SSL/TLS BEAST exploit mean for my web-based file transfer application?” by Jonathan Lampe (2011.09.20) – http://www.filetransferconsulting.com/file-transferbeast-tls-vulnerability/
- “BEAST: Surprising crypto attack against HTTPS” – http://www.ekoparty.org/cronograma.php
- \We present a new fast block-wise chosen-plaintext attack against SSL/TLS. We also describe one application of the attack that allows an adversary to efficiently decrypt and obtain authentication tokens and cookies from HTTPS requests. Our exploit abuses a vulnerability present in the SSL/TLS implementation of major Web browsers at the time of writing.
- “Researchers Exploit Flaws in Browser SSL/TLS Encryption” by Brian Prince – http://www.securityweek.com/researchers-exploit-flaws-browser-ssltls-encryption
- fast block-wise chosen-plaintext attack against SSL/TLS
- “We also describe one application of the attack that allows an adversary to efficiently decrypt and obtain authentication tokens and cookies from HTTPS requests. Our exploit abuses a vulnerability present in the SSL/TLS implementation of major Web browsers at the time of writing.”
- “While other attacks focus on the authenticity property of SSL, BEAST attacks the confidentiality of the protocol,”
- the attack impacts TLS 1.0 and SSL 3.0, but does not affect TLS versions 1.1 and 1.2
- “Researchers crack SSL encryption” by Zeljka Zorz (Help Net Security; 2011.09.21) – http://www.net-security.org/secworld.php?id=11664
- The revelation that the last two versions (1.1 and 1.2) of the TLS cryptographic protocol are safe from such an attack gives almost no satisfaction, as the overwhelming majority of websites protected by it support version 1.0.
- “BEAST is different than most published attacks against HTTPS,” Duong shared with The Register. “While other attacks focus on the authenticity property of SSL, BEAST attacks the confidentiality of the protocol. As far as we know, BEAST implements the first attack that actually decrypts HTTPS requests.”
- He also claimed that with recently made improvements, it is able to decrypt a typical 1,000 to 2,000 characters long cookie in under ten minutes. Also, that other applications that use the vulnerable TLS version – such as instant messaging and VPN programs – could be attacked with BEAST.
- “Hackers break SSL encryption used by millions of sites – Beware of BEAST decrypting secret PayPal cookies” by Dan Goodin (The Register; 2011.09.19) – http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/
- Although TLS 1.1 has been available since 2006 and isn’t susceptible to BEAST’s chosen plaintext attack, virtually all SSL connections rely on the vulnerable TLS 1.0, according to a recent research from security firm Qualys that analyzed the SSL offerings of the top 1 million internet addresses.
- Chief culprits for the inertia are the Network Security Services (http://www.mozilla.org/projects/security/pki/nss/) package used to implement SSL in Mozilla’s Firefox and Google’s Chrome browsers, and OpenSSL (Ma href=”http://openssl.org/’>http://openssl.org/), an open-source code library that millions of websites use to deploy TLS. In something of a chicken-and-egg impasse, neither toolkit offers recent versions of TLS, presumably because the other one doesn’t.
2011.01: Hacked certificate authorities
- “Qualys endorses alternative to crappy SSL system” by Dan Goodin (The Register; 2011.09.30) – http://www.theregister.co.uk/2011/09/30/qualys_endorses_convergence/
- “Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL” (Cryptogon.com; 2011.01.31) – http://cryptogon.com/?p=20288 | download – http://files.cloudprivacy.net/ssl-mitm.pdf.
- Abstract: This paper introduces the compelled certificate creation attack, in which government agencies may compel a certificate authority to issue false SSL certificates that can be used by intelligence agencies to covertly intercept and
hijack individuals’ secure Web-based communications. Although we do not have direct evidence that this form of active surveillance is taking place in the wild, we show how products already on the market are geared and marketed towards this kind of use—suggesting such attacks may occur in the future, if they are not already occurring. Finally, we introduce a lightweight browser add-on that detects and thwarts such attacks.
- “In SSL We Trust? Not Lately” by Wolfgang Kandek (Dark Reading; 2010.04.07) – http://www.darkreading.com/blog/archives/2010/04/trust_in_ssl_st.html
- “Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL” (2010.03) – http://paranoia.dubfire.net/2010/03/new-paper.html | http://files.cloudprivacy.net/ssl-mitm.pdf
- Abstract: This paper introduces a new attack, the compelled certificate creation attack, in which government agencies compel a certificate authority to issue false SSL certificates that are then used by intelligence agencies to covertly intercept and hijack individuals’ secure Web-based communications. We reveal alarming evidence that suggests that this attack is in active use. Finally, we introduce a lightweight browser add-on that detects and thwarts such attacks.
- “Governments Using Forged SSL Certificates for Man in the Middle Attack on “Secure” Web Sessions” (Cryptogon.com; 2010.03.25) – http://cryptogon.com/?p=14505
- “Law Enforcement Appliance Subverts SSL” by Ryan Singel (Wired; 2010.03.24) – http://www.wired.com/threatlevel/2010/03/packet-forensics/