Hackers break SSL encryption used by millions of sites

Ask for help about NoScript, no registration needed to post
tlu
Senior Member
Posts: 129
Joined: Fri Jun 05, 2009 8:01 pm

Hackers break SSL encryption used by millions of sites

Post by tlu »

http://www.theregister.co.uk/2011/09/19 ... aypal_ssl/

This sounds really horrible.
BEAST is like a cryptographic Trojan horse – an attacker slips a bit of JavaScript into your browser, and the JavaScript collaborates with a network sniffer to undermine your HTTPS connection..
The details will be revealed later this week. Hopefully, Noscript can protect against this JS injection which is obviously necessary for this attack.
Mozilla/5.0 (X11; Linux x86_64; rv:9.0a1) Gecko/20110920 Firefox/9.0a1
dhouwn
Bug Buster
Posts: 968
Joined: Thu Mar 19, 2009 12:51 pm

Re: Hackers break SSL encryption used by millions of sites

Post by dhouwn »

I don't get it. So JS is used to send particular data in a SSL session that can then help in decrypting other data in that same session? So it's some sort of chosen-plaintext attack?
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0) Gecko/20100101 Firefox/7.0
User avatar
Giorgio Maone
Site Admin
Posts: 9454
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: Hackers break SSL encryption used by millions of sites

Post by Giorgio Maone »

I know the details (which I cannot reveal yet), and I can confirm that having both JavaScript and plugins disabled effectively prevents this attack from succeed.
For better protection on hostile networks, use NoScript Options|Embeddings|Apply these restrictions to whitelisted sites as well (AKA "FlashBlock mode").
Mozilla/5.0 (Windows NT 5.2; WOW64; rv:6.0.2) Gecko/20100101 Firefox/6.0.2
al_9x
Master Bug Buster
Posts: 931
Joined: Thu Mar 19, 2009 4:52 pm

Re: Hackers break SSL encryption used by millions of sites

Post by al_9x »

Giorgio Maone wrote:I know the details (which I cannot reveal yet)
When can you reveal them?
Mozilla/5.0 (Windows NT 5.1; rv:7.0) Gecko/20100101 Firefox/7.0
User avatar
Giorgio Maone
Site Admin
Posts: 9454
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: Hackers break SSL encryption used by millions of sites

Post by Giorgio Maone »

al_9x wrote:
Giorgio Maone wrote:I know the details (which I cannot reveal yet)
When can you reveal them?
When Mozilla opens the still embargoed security-sensitive bug report.
Mozilla/5.0 (Windows NT 5.2; WOW64; rv:6.0.2) Gecko/20100101 Firefox/6.0.2
kukla
Senior Member
Posts: 317
Joined: Mon May 04, 2009 12:08 am

Re: Hackers break SSL encryption used by millions of sites

Post by kukla »

Giorgio Maone wrote:I can confirm that having both JavaScript and plugins disabled effectively prevents this attack from succeed.
I'm very glad to have NoScript and the protection it usually affords, but to me, unfortunately, this doesn't give much comfort, since almost any SSL site I might go to, such as banking or making a purchase, would require that JavaScript be enabled.
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:6.0.2) Gecko/20100101 Firefox/6.0.2
User avatar
Giorgio Maone
Site Admin
Posts: 9454
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: Hackers break SSL encryption used by millions of sites

Post by Giorgio Maone »

kukla wrote:since almost any SSL site I might go to, such as banking or making a purchase, would require that JavaScript be enabled.
JavaScript and plugins need to be allowed on the site of the attacker for the attack to succeed.

Of course if the victim site uses a mixed SSL policy (i.e. it's NOT forced to HTTPS neither by HSTS, nor by NoScript's explicit HTTPS enforcement, something which shouldn't be condoned to any financial institution) the attacker might be able to inject its code directly inside the unencrypted victim pages, but in order to do that he must already control your DNS and/or your network (i.e. he's your internet provider or you're behind a hostile proxy).

In such extreme (and rather uncommon) situations you should raise your NoScript Option|Advanced|Forbid active web content unless it comes from a secure (HTTPS) connection setting to the appropriate level, even though this means browsing non-HTTPS website may become quite painful.
Mozilla/5.0 (Windows NT 5.2; WOW64; rv:6.0.2) Gecko/20100101 Firefox/6.0.2
dhouwn
Bug Buster
Posts: 968
Joined: Thu Mar 19, 2009 12:51 pm

Re: Hackers break SSL encryption used by millions of sites

Post by dhouwn »

When Mozilla opens the still embargoed security-sensitive bug report.
Am I right assuming that this might take a while should it be true that the security issue is in the protocol and not the implementation and that only switching to TLS 1.1 or newer would really fix it? (be it that being harsher on mixed-content won't cut it)
Giorgio Maone wrote:but in order to do that he must already control your DNS and/or your network (i.e. he's your internet provider or you're behind a hostile proxy).
I want to add: Controlling a network might be quite easy in some cases, just think of ARP poisoning, WEP, the security issues of GSM/3G…
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0) Gecko/20100101 Firefox/7.0
User avatar
Giorgio Maone
Site Admin
Posts: 9454
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: Hackers break SSL encryption used by millions of sites

Post by Giorgio Maone »

dhouwn wrote:
When Mozilla opens the still embargoed security-sensitive bug report.
Am I right assuming that this might take a while should it be true that the security issue is in the protocol and not the implementation and that only switching to TLS 1.1 or newer would really fix it?
Actually a relatively easy work-around at the implementation level is possible, so I expect this to be fixed quite soon in the browser.
Unfortunately the worst problem is that even if the browser gets fixed, plugins still remain vulnerable and can be used to mount an attack even inside a "fixed" browser.
Mozilla/5.0 (Windows NT 5.2; WOW64; rv:6.0.2) Gecko/20100101 Firefox/6.0.2
dhouwn
Bug Buster
Posts: 968
Joined: Thu Mar 19, 2009 12:51 pm

Re: Hackers break SSL encryption used by millions of sites

Post by dhouwn »

Interesting read on this from a Chrome developer also partly explaining what is needed for exploiting this and possible workarounds on the TLS protocol level:
http://www.imperialviolet.org/2011/09/2 ... beast.html
(though I can't quite believe that stream ciphers like RC4 are that much better in this case)
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0) Gecko/20100101 Firefox/7.0
User avatar
therube
Ambassador
Posts: 7924
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: Hackers break SSL encryption used by millions of sites

Post by therube »

"...

Status

Firefox itself is not vulnerable to this attack. While Firefox does use TLS 1.0 (the version of TLS with this weakness), the technical details of the attack require the ability to completely control the content of connections originating in the browser which Firefox does not allow.

The attackers have, however, found weaknesses in Java plugins that permit this attack. We recommend that users disable Java from the Firefox Add-ons Manager as a precaution. We are currently evaluating the feasibility of disabling Java universally in Firefox installs and will update this post if we do so. ..."

http://blog.mozilla.com/security/2011/0 ... nications/
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 5.1; rv:7.0) Gecko/20110923 Firefox/7.0 SeaMonkey/2.4
dhouwn
Bug Buster
Posts: 968
Joined: Thu Mar 19, 2009 12:51 pm

Re: Hackers break SSL encryption used by millions of sites

Post by dhouwn »

therube wrote:"We are currently evaluating the feasibility of disabling Java universally in Firefox installs and will update this post if we do so. ..."
Here is the bug for it: Bug 689661 - Block Java Plugin due to security vulnerabilities (BEAST TLS and bug in same-origin-policy)

And here is the one filed for NSS (the library doing that certificate/encryption stuff in Firefox) concerning this attack: Bug 665814 - (CVE-2011-3389) Rizzo/Duong chosen plaintext attack on SSL/TLS 1.0 (facilitated by websockets -76)

Video: http://www.youtube.com/watch?v=BTqAIDVUvrU
Last edited by dhouwn on Wed Sep 28, 2011 4:13 pm, edited 1 time in total.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0) Gecko/20100101 Firefox/7.0
User avatar
Giorgio Maone
Site Admin
Posts: 9454
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: Hackers break SSL encryption used by millions of sites

Post by Giorgio Maone »

This is the bug I originally referred to. While the protocol itself was and is vulnerable, the specific websocket implementation in Firefox was found not to be exploitable.
Mozilla/5.0 (Windows NT 5.2; WOW64; rv:6.0.2) Gecko/20100101 Firefox/6.0.2
Post Reply