SSL/TLS Vulnerability Details to be Released Friday

Published: 2011-09-20
Last Updated: 2011-09-20 15:18:13 UTC
by Kevin Liston (Version: 2)
13 comment(s)

I'm getting a lot of emails asking about articles that ultimately reference this upcoming talk: "BEAST: Surprising crypto attack against HTTPS" (http://ekoparty.org/2011/juliano-rizzo.php)

I don't have any extra details.  Anything that I write now will be unnecessary speculation.  It sounds like it will be interesting; their presentation last year on Padded Oracle Attacks (the crypto Oracle, not the database) certainly was.

 UPDATE: Dr J links us to "A CHALLENGING BUT FEASIBLE BLOCKWISE-ADAPTIVE
CHOSEN-PLAINTEXT ATTACK ON SSL
" that may describe the attack.  This attack requires that the attacker be able to sniff the traffic and run code on the victims machine to inject the chosen-plaintext into the stream. 

My recommendation is still to wait until we see the details before formulating a response, but sight-unseen the following steps couldn't hurt:

  1. Users: Don't bank using someone else's wifi.
  2. Browser Authors: Update to support TLS 1.2
  3. Servers Admins: Configure to support TLS 1.2
Keywords: TLS
13 comment(s)

Comments

Juliano Rizzo presents this friday the attack and the tool "Beast" at Ekoparty.

More info here:
https://threatpost.com/en_us/blogs/new-attack-breaks-confidentiality-model-ssl-allows-theft-encrypted-cookies-091611

http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/
Yes, those would be the articles. I'd like to postpone any response until we see the actual presentation.

-KL
an older paper that appears to describe this type of attack. I am with Kevin on withholding further discussion until seeing the attack/paper: http://eprint.iacr.org/2006/136.pdf
So, I just know my boss is going to ask,. "If SSL is dead and TLS is broken, how do we secure our web sites?" I don't have a good answer for him. Thoughts?
@RobM's boss: we recommend waiting until Friday when there are details to analyze. But if you insist on doing something now, upgrading your servers to support TLS 1.2 couldn't hurt.
Anyone have a link on how to upgrade Apache 2.2 to support TLS 1.2? The apache 2.2 reference here: http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslprotocol doesn't seem to provide a 1.2 protocol configuration option.
I once attended a demonstration of Zcaler (hosted web filtering service) where they bragged about "breaking SSL on the fly" to monitor for data leak. Am I missing something here? Should the padlock icon be replaced by someone laughing?
Last comment should say "ZScaler" of course
@confused. They are using HTTP inspect, where you are presented a certificate from the device intercepting your request, with some information from the original cert.

Essentially they do a MITM on your SSL traffic. So not breaking the protocol at all.
M
openssl doesn't support TLS 1.1 or 1.2. Apache doesn't support TLS 1.1 or 1.2.. the browsers don't TLs 1.1 or 1.2.

This problem has been kept really quiet ... I wonder why


https://bugzilla.mozilla.org/show_bug.cgi?id=565047 – Implement TLS 1.1 (RFC 4346)
https://bugzilla.mozilla.org/show_bug.cgi?id=480514 – Implement support for TLS 1.2 (RFC 5246)

Diary Archives