Slashdot Mirror

← Back to Stories (view on slashdot.org)

SSL Renegotiation Attack Becomes Real

Posted by kdawson on from the laugh-a-while-you-can dept.

rastos1 and several other readers noted that the SSL vulnerability we discussed a couple of weeks back, which some researchers had claimed was too theoretical to worry about, has now been demonstrated by exploit. The attack description is available on securegoose.org. "A Turkish grad student has devised a serious, real-world attack on Twitter that targeted a recently discovered vulnerability in the SSL protocol. The exploit by Anil Kurmus is significant because it successfully targeted the so-called SSL renegotiation bug to steal Twitter login credentials that passed through encrypted data streams. All in all, a man in the middle is able to steal the credentials of a user authenticating himself through HTTPS to a trusted website."

30 of 97 comments (clear)

  1. Re:Just one phrase that fits. by Bottles · · Score: 4, Funny

    Or 'Goodness, old boy, that's dashed inconvenient!' for us Brits. So two phrases. Gosh.

  2. Well, I suppose thats another Benefit of Twitter.. by Monkeedude1212 · · Score: 5, Funny

    It's nice to have a Sandbox for testing the latest and greatest hacks and security protocols, where no one cares about the user and/or what information they've posted on the site.

  3. Kinda bad summary by Virak · · Score: 5, Insightful

    Important part of the article:

    He did it by injecting text that instructed Twitter's application protocol interface to dump the contents of the web request into a Twitter message after they had been decrypted.

    The only reason it was exploitable was because of Twitter's API. Understandably, I'm not too worried about the rest of the Internet going down in flames any time soon.

    1. Re:Kinda bad summary by teh_commodore · · Score: 5, Insightful

      Oh good. We're totally fine. It only works on sites that are poorly designed. And Twitter's been patched, so that leaves, well, I guess no one.

      --
      --"insert clever quote here"
    2. Re:Kinda bad summary by Culture20 · · Score: 2, Interesting

      He did it by injecting text that instructed Twitter's application protocol interface to dump the contents of the web request into a Twitter message after they had been decrypted.

      What's to prevent inserting text that essentially says make this request, and use the same password string to change the user's password? Not all malicious uses of the injection need to be about *getting* data. It doesn't even have to be kids having "fun". Locking a particular [set of] user[s] out of a financial system at a critical time in a financial transaction might benefit someone in organized crime.

    3. Re:Kinda bad summary by dimeglio · · Score: 3, Interesting

      Internet banking is 100% SSL/TLS based. On top of that, most banks, and services like Paypal offer B2B interfaces and APIs. This is not just a problem, this is adding a serious risk to all Internet based transactions. Obviously, Internet merchants and banks are going to downplay this publicly but security consultants just paid their next vacation in the Bahamas.

      --
      Views expressed do not necessarily reflect those of the author.
    4. Re:Kinda bad summary by Fred_A · · Score: 3, Funny

      The only reason it was exploitable was because of Twitter's API. Understandably, I'm not too worried about the rest of the Internet going down in flames any time soon.

      Well I'm not doing my banking on Twitter anymore that's for sure !

      --

      May contain traces of nut.
      Made from the freshest electrons.
    5. Re:Kinda bad summary by teh_commodore · · Score: 4, Interesting

      1) Which banks have an open-to-the-public API?

      2) Let's assume you have an answer to 1). The exploit involves dumping text to a public message. If your bank has any sort of messaging feature, it's private. Hell, if your tweets are private on twitter, you were never in danger in the first place.

      --
      --"insert clever quote here"
    6. Re:Kinda bad summary by omuls+are+tasty · · Score: 3, Interesting

      Wrong. Your HTTP headers don't end up on your Twitter "blog" (or whatever it's called), they end up on the attacker's.

      And as for banks not having a public messaging feature, is Citibank big enough for you?
      https://banking.citibank.com/JoinOurOnlineForum/UserGuide.aspx

      But once again, do note that the page where the user's credentials end up doesn't need to be public; it just has to be accessible by the attacker.

  4. What to do? by whathappenedtomonday · · Score: 3, Informative

    I wondered how this will be addressed and the numerous "it will be fixed, don't worry" posts were not really helpful. TFA was and linked to "a TLS extension to cryptographically tie renegotiations to the TLS connections they are being performed over, thus preventing this attack" draft.

    --
    I hope I didn't brain my damage.
  5. Good explanation of the bug by TLS spec author by cullenfluffyjennings · · Score: 5, Informative

    A good source of info about what this attack is and how serious it is can be found at
    http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html

  6. Kinda bad article by Virak · · Score: 4, Informative

    Well, I suppose it's my own fault for trusting The Register. After reading the first article, I got curious and went on to check out the technical details of the exploit. What The Register phrases as "it's Twitter's API's fault" is actually "holy fuck you can POST the whole HTTP message to arbitrary locations (hosted on the same server, anyway)", which is a tad bit worse. While the Internet still isn't going to go down in flames, this does open up potential for some sites to get some nasty burns, and in a way they almost surely won't already be protected against, even if the developers aren't idiots.

  7. Re:Testing times by Gothmolly · · Score: 2, Interesting

    Do you seriously believe the NSA hadn't exploited this, and other bugs, already ?

    --
    I want to delete my account but Slashdot doesn't allow it.
  8. Re:Don't worry. It'll be fixed soon. by pookemon · · Score: 2, Funny

    However the one after that will take a bit longer...

    --
    dnuof eruc rof aixelsid
  9. Re:theregoestheinternet? Not so fast! by cduffy · · Score: 4, Informative

    You could actually read the rest of the article, in which it indicates that this is not merely a CSRF-equivalent attack (as it was originally taken to be), as opposed to just reposting an out-of-context snippet chosen to make the editors look bad.

  10. Re:Just one phrase that fits. by The+Archon+V2.0 · · Score: 3, Funny

    Hopefully this will make people tweet a tad bit lesser.

    I fear it's like hoping a large sponge will be able to lower ocean levels a foot. For some people, I'm sure they would only slack off on their Twitter use if the exploit made your computer grow a foot and kick you in the groin every time you tweeted.

  11. Re:Just one phrase that fits. by crymeph0 · · Score: 4, Informative

    Apparently just a specific subset, though it would probably be easy to find other websites with vulnerabilities similar to Twitter's. Basically, although he couldn't directly read the encrypted user name and password passed between Twitter servers and clients, he was able to exploit functionality in Twitter's public API to log the data from the request to a location he could access, including the stuff that had been encrypted in transit.

    --
    It should be illegal to say that freedom of speech should be limited.
  12. Re:Well, I suppose thats another Benefit of Twitte by simcop2387 · · Score: 2, Informative

    no its not, in the code base its 666

  13. The sky is falling by LBt1st · · Score: 3, Insightful

    It would be nice if FireFox updated with detection for sites that would allow this (and other) kinds of attacks.
    With shit like this in the wild it's hard to know what sites to trust. /Paranoid

    1. Re:The sky is falling by Frosty+Piss · · Score: 2, Insightful

      It would be nice if FireFox updated with detection for sites that would allow this (and other) kinds of attacks.

      FF already nags enough.

      --
      If you want news from today, you have to come back tomorrow.
    2. Re:The sky is falling by socceroos · · Score: 4, Insightful

      People ought to stop blaming "The Web" as being inherently insecure. As much as you drill down into it, when party1 communicates with party2 and party1 isn't intimately familiar with party2's identity then transactions of information will always be prone to being exploited. This goes for human interaction (face to face) as well as human-to-computer interaction.

      Frankly, I'd rather have an insecure internet than have an internet where everyone's identity was fully exposed and documented.

  14. Securing Servers by StartCom · · Score: 4, Informative

    Obviously such attacks are possible because of the application security, renegotiation just makes it easier. BTW, here is a tool to check if your server is vulnerable to renegotiation attacks: https://www.ssllabs.com/ssldb/

    BTW, clients (e.g. browsers) are pretty save - there is NO need to panic!!

  15. Debian Linux by jchawk · · Score: 2, Interesting

    For what its worth Debian released an update to Apache and guidance on how to mitigate the vulnerability.

    They did indicate that this was only a work around and a protocol redesign would be required in order to completely fix the vulnerability.

    I wonder how many people just simply aren't paying attention and will get burnt by this problem. I want to believe not many but I honestly know better...

  16. Re:Not worried, fixed already by Anonymous Coward · · Score: 5, Insightful

    You are forgiven for the error. Anyone using a letter that could be mistaken for a number in any software version string should be cockpunched with brass knuckles coated in broken glass and lemon juice

  17. Re:Just one phrase that fits. by Anonymous Coward · · Score: 2, Insightful

    No it just means they will arrest him and throw him in jail next time he visits the USA on holiday.

  18. Re:Don't worry. It'll be fixed soon. by evilpenguin · · Score: 3, Funny

    That one burned down, fell over, and THEN sank into the swamp...

  19. Re:Not worried, fixed already by deek · · Score: 2, Informative

    Looks like Debian has backported the security fix. The version with disabled renegotiation is 0.9.8k-6 .

    http://packages.debian.org/changelogs/pool/main/o/openssl/openssl_0.9.8k-6/changelog

    It's in "unstable" at the moment, but you should be able to download and install it without harm.

  20. Re:Really... by AHuxley · · Score: 3, Interesting

    The NSA is like the DIA, they actually have a real mission, funding and never have "Church report" or ""Oliver North" moment.
    The staff rise up via wealthy parents or selection via standardised testing and scholarships/part time work.
    Entering the final years of advanced maths and cryptography they are tapped/groomed via security clearances for small projects.
    If they show the skills and mindset they are invited in deeper.
    Nothing like working in the future, with languages, huge budgets and never having to answer to anyone.
    Some burn out, some get the contacts and security clearances to contract back, some exit and go private.
    Over history, after ww2, the US has been seen to be very good with hardware and software.
    Enigma shows the gold standard, Crypto ag and Soviet penetration shows the ongoing skill set.
    The idea that "all the big encryption methods" are safe is rather large risk to take.
    The US gifted (as in export laws) the world Apple. IBM, Sun, MS , Unix ect.
    Was that just for MS and Apple to sell boxes and get students enjoying the American way of digital life?
    "the rest of the world" has sold out and is part of the NSA telco loop, a disputed zone or under constant surveillance.
    If your under under constant surveillance, it becomes a known known to have fun with :)

    --
    Domestic spying is now "Benign Information Gathering"
  21. hmmmmm by nimbius · · Score: 3, Funny

    looks like we're all well and truly fucked.

    Microsoft should have a patch in about 8 years, Apple will have lashed its developers until there are no further utterances of this problem, Adobe will ask what model phone does it affect, Oracle will ship another box of stupid mugs and tshirts to me as soon as I complain about the vulnerability, Dell will insist i continue to wait for the DRAC to load its SSL page, and i think most importantly my bank will have little, if ANY clue what im talking about.

    I need about, say, a million open source eyes on this problem. Gentlemen, the internet appears broken and im offering beer to fix it.

    --
    Good people go to bed earlier.
  22. Re:Not worried, fixed already by Lennie · · Score: 2, Insightful

    You have to remember it's not a fix. It's a workaround, it just disables part of the protocol.

    Their are also new packages for Apache2 for Debian for some other parts that needed to be disabled/changed, but it too is just a workaround.

    Their isn't yet a real fix, because it's problem with the protocol it self.

    --
    New things are always on the horizon