Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Collapse In the HTTPS Market

Posted by Soulskill on from the many-points-of-failure dept.

CowboyRobot writes: HTTPS has evolved into the de facto standard for secure Web browsing. Through the certificate-based authentication protocol, Web services and Internet users first authenticate one another ("shake hands") using a TLS/SSL certificate, encrypt Web communications end-to-end, and show a padlock in the browser to signal that a communication is secure. In recent years, HTTPS has become an essential technology to protect social, political, and economic activities online. At the same time, widely reported security incidents (such as DigiNotar's breach, Apple's #gotofail, and OpenSSL's Heartbleed) have exposed systemic security vulnerabilities of HTTPS to a global audience. The Edward Snowden revelations (notably around operation BULLRUN, MUSCULAR, and the lesser-known FLYING PIG program to query certificate metadata on a dragnet scale) have driven the point home that HTTPS is both a major target of government hacking and eavesdropping, as well as an effective measure against dragnet content surveillance when Internet traffic traverses global networks. HTTPS, in short, is an absolutely critical but fundamentally flawed cybersecurity technology.

136 of 185 comments (clear)

  1. So offer a cost effective replacement by brunes69 · · Score: 5, Insightful

    Yes HTTPS is flawed. Name one protocol that is not.

    Unless someone can offer a cost effective replacement (IE one that can be deployed and scaled into without breaking existing technology) then the best approach is to continue and fix the flaws as they are found.

    The solution to a problem is not always "throw it away and re-write it". In fact the longer you are around in technology, the more you will realize that this is hardly ever a good idea.

    1. Re:So offer a cost effective replacement by Anonymous Coward · · Score: 5, Insightful

      As with all security, your requirements depend on your threat model. What are you trying to protect against?
      I suspect most of us just don't want thieves stealing our bank passwords, social security numbers, or credit cards.
      HTTPS is probably sufficient for that.
      If you're trying to make sure the NSA can't get at data of yours that it wants, you need something else. What that is, I don't know.

    2. Re:So offer a cost effective replacement by philipmather · · Score: 5, Funny

      Spock. I win.

      --
      Regards, Phil
    3. Re:So offer a cost effective replacement by jellomizer · · Score: 4, Funny

      Paper disproves Spock

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    4. Re:So offer a cost effective replacement by Anonymous Coward · · Score: 2, Interesting

      There was an offered solution, and a damn good one that was highlighted here on /.
      http://it.slashdot.org/story/12/07/25/1612236/father-of-ssh-says-security-is-getting-worse

      SSH extension to http and some clever simplistic key management for end users. DONE.

    5. Re:So offer a cost effective replacement by gstoddart · · Score: 3, Funny

      Paper disproves Spock

      And Spock Scissors Fingers.

      --
      Lost at C:>. Found at C.
    6. Re:So offer a cost effective replacement by Anonymous Coward · · Score: 2, Funny

      Romulans kill federation spy.

    7. Re:So offer a cost effective replacement by gstoddart · · Score: 1

      Romulans kill federation spy.

      LOL ... I thought we were playing Spock, Paper, Scissors.

      --
      Lost at C:>. Found at C.
    8. Re:So offer a cost effective replacement by CaptainJeff · · Score: 2

      Indeed, HTTPS was originally designed as a solution for e-commerce.

    9. Re:So offer a cost effective replacement by ArhcAngel · · Score: 4, Funny

      Please don't put IE in a post recommending a security replacement for the web. It scares me.

      --
      "A person is smart. People are dumb, panicky dangerous animals and you know it." - K
    10. Re:So offer a cost effective replacement by Code+Herder · · Score: 2, Informative

      I agree that currently, objectively even if it's uncomfortable to have the government read and log all my electronic communications I'm not *currently* hugely worried about it. I'm much more worried about thieves, etc.

      The problem is what's going to happen moving forward? The logical end game, is total surveillance of everything electronic/physical ( with cam, image recognition ) where the police comes knocking on your door because your phone GPS logs and CCTV show that 2 months ago you were in a house that's just been busted for being a drug dealer den. It's all automatic, they just had to tell the datamining tools to flag every single person that came in and out of that house since the drug dealer moved in 4 years ago.

      I would like to say it's alarmist and stuff but for example where I live in Canada, Cop cars now have automated license plate scanners. It's all tied to your police file, DMV, ticket, etc. If *anything* is out of order like unpaid plates, broken tail light 2 days ago that you needed to repair, etc it's going to popup a warning that they should check you. I was pulled over ( rightly so ) because I was 2 days late on my driver license, the cop car just happened to be parked on the side of the street and when I drove by it signaled that a car ( with picture ) just drove by with an owner that hadn't renewed his driver license on time. The next step of this, is already in the works,it's going to be total surveillance of all car plates all the time. It's nothing ground breaking but I know where I live it's being worked on, we have a shitload of camera everywhere to monitor traffic, it's just a natural extension of that. They'll just signal in somewhat real time the position of a car the cops want tracker and I imagine at some point they'll extend it to unpaid license plates and stuff. Obviously that system works mostly in urban areas. I can't find the news article about it, but I read about it almost a year ago IIRC.

    11. Re:So offer a cost effective replacement by Anonymous Coward · · Score: 1

      And Spock fingers Lizard

    12. Re:So offer a cost effective replacement by CastrTroy · · Score: 5, Interesting

      And it's the wrong solution. The solution is that I shouldn't have to send my credit card number to every retailer I want to do business with. The credit card companies and banks should have set up a system long ago so that I can send money to a retailer without having to divulge my private information to a non-trusted third party. Paypal offers something which is halfway in between. I can pay people without having to send them my credit card info. Unfortunately, I have to trust PayPal. It would make much more sense for the bank to be in control of this, since they have all the information anyway, and I would hope that they know how to keep it secure.

      --

      Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
    13. Re:So offer a cost effective replacement by ThatsNotPudding · · Score: 1

      ...the best approach is to continue and fix the flaws as they are found.

      You mean *after* they've been known about for years by blackhats - or far more likely and terrifying - the TLAs.

    14. Re:So offer a cost effective replacement by __aaclcg7560 · · Score: 1

      IE

      The sooner that corporate IT can abandon Internet Explorer (especially IE6), the better off everyone will be.

    15. Re:So offer a cost effective replacement by NatasRevol · · Score: 4, Insightful

      Sounds like you just listened to the Apple Pay part of their announcement at the beginning of the month.

      --
      There are two types of people in the world: Those who crave closure
    16. Re:So offer a cost effective replacement by hey! · · Score: 4, Interesting

      Yes HTTPS is flawed. Name one protocol that is not.

      TELNET. Of course "flawless" means "meeting its design goals," it doesn't mean "suitable for any application."

      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
    17. Re:So offer a cost effective replacement by __aaclcg7560 · · Score: 2

      I'm sure the Gorn loved being fingered by a Vulcan.

    18. Re:So offer a cost effective replacement by timeOday · · Score: 1
      Our over-reliance on credit card numbers as "keys to the kingdom" is indeed bad, but what does it have to do with SSL?

      15 years ago I had an MBNA credit card. On their website you could generate a one-time credit card number that was only good for the stated amount. That was a big improvement. I guess not enough people bothered to use it though.

    19. Re:So offer a cost effective replacement by the_B0fh · · Score: 1

      Please don't destroy his dreams. Reality is painful.

    20. Re:So offer a cost effective replacement by reikae · · Score: 1

      Or our Battle.net accounts, which have better security measures* than anything on your list :-)

      *Stronger passwords than my online banking allows plus a one-time pad and SMS confirmation for actions such as changing passwords. My bank has a one-time pad too but from what I've gathered from comments on /. that's not as common as it should be.

    21. Re:So offer a cost effective replacement by Curunir_wolf · · Score: 2

      Why do you care when you are not liable?

      Maybe. Sometimes. I'm currently out $120 from a fraudulent charge that was approved anyway (it was a debit card on my bank account). The bank credited me when the fraud report was submitted, but then the merchant came back and said "Well it looks legit to us, even though a completely different name than the one on the card was used, and we shipped the stuff to a different state." MasterCard went along with that, and took my $120 and handed it over to Newegg. Since April, numerous letters, calls, and emails have yielded no response at all.

      So if MasterCard decides they're not going to cover it, that's it. You pretty much have no recourse. And they do that, even when the charges are clearly fraudulent.

      --
      "Somebody has to do something. It's just incredibly pathetic it has to be us."
      --- Jerry Garcia
    22. Re:So offer a cost effective replacement by whoever57 · · Score: 1

      Why do you use a debit card when the protections provided under law for a credit card are so much better?

      --
      The real "Libtards" are the Libertarians!
    23. Re:So offer a cost effective replacement by Solandri · · Score: 2

      Why do you care when you are not liable?

      Why do you think caring should stop with liability? The merchant who ends up paying for fraud just raises their prices to make back the lost money. So you are still paying for the fraud whether or not you're directly liable.

    24. Re:So offer a cost effective replacement by westlake · · Score: 1

      The solution is that I shouldn't have to send my credit card number to every retailer I want to do business with.

      The online retailer knows what you are buying and it needs a shipping address, and e-mail address and/or or phone number as a point of contact. Simply shopping the brick and mortar stores exposes pretty much everything anyone would want to know about your health, income, employment, housing, marital status, lifestyle choices and so on.

    25. Re:So offer a cost effective replacement by mwvdlee · · Score: 1

      In the Netherlands, we have such a system (called "iDeal").
      As far as I know, atleast Germany and a few scandinavian countries have similar systems.
      I dare bet a lot of countries have such systems as well.

      --
      Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
    26. Re:So offer a cost effective replacement by Curunir_wolf · · Score: 1

      Why do you use a debit card when the protections provided under law for a credit card are so much better?

      Because you need credit for those.

      --
      "Somebody has to do something. It's just incredibly pathetic it has to be us."
      --- Jerry Garcia
    27. Re:So offer a cost effective replacement by CastrTroy · · Score: 1

      Well, in the original days of the web when everything was wired, and even so to an extent today, even with so much stuff being wireless, it's not very likely that somebody is going to steal your information by listening in on your connection to steal 1 credit card number. Instead, they're just going to break into the retailer's servers and steal 100,000 credit card numbers at once. A lot more gain for a lot less effort.

      --

      Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
    28. Re:So offer a cost effective replacement by mlts · · Score: 1

      Problem is that SSL, and to a lesser extent SSH suck, but almost everything out there is worse, barring physically dropping off a large drive array and using one time pads on each endpoint.

      SSL for public web servers is tough to fix. Have more than 2 CAs sign a key? What keeps two CAs from being compromised? Have a revocation list, the bad guys can block that from propagating. Have a key get "known" may be an add-on, but some sites use hundreds of server keys and change them out often.

      For other tasks, it is fairly simple. If a server and client are static, then they can trust each other, similar to how SSH works, and dispense with the CA stuff entirely. Other tasks might work with an out of band method for distributing and authenticating keys.

      SSL/TLS is a hard protocol to fix. Make a change willy-nilly without heavy regression testing will just open new vulnerabilities.

    29. Re:So offer a cost effective replacement by whoever57 · · Score: 1

      Because you need credit for those.

      What about a pre-paid credit card? Get one of those and you can start building up some credit. Unless, of course you have some catastrophic credit event in your recent past.

      --
      The real "Libtards" are the Libertarians!
    30. Re:So offer a cost effective replacement by Curunir_wolf · · Score: 1

      Why do you use a debit card when the protections provided under law for a credit card are so much better?

      According to that site:

      If someone makes unauthorized transactions with your debit card number, but your card is not lost, you are not liable for those transactions if you report them within 60 days of your statement being sent to you.

      Well I reported it within 2 days of the charge itself, but I'm still out $120. So it doesn't really work very well. Should I file a complaint with the FTC? Do you think I would actually get a response?

      --
      "Somebody has to do something. It's just incredibly pathetic it has to be us."
      --- Jerry Garcia
    31. Re:So offer a cost effective replacement by Curunir_wolf · · Score: 1

      Because you need credit for those.

      What about a pre-paid credit card? Get one of those and you can start building up some credit. Unless, of course you have some catastrophic credit event in your recent past.

      I really don't WANT credit. My solution to this is another bank account that only gets funds when I know I'm going to use a card for an on-line purchase or something.

      --
      "Somebody has to do something. It's just incredibly pathetic it has to be us."
      --- Jerry Garcia
    32. Re:So offer a cost effective replacement by Curunir_wolf · · Score: 1

      I didn't use my debit card over the Internet, the fraudster did. I don't know how they got the information on the card, maybe from Target or something. Maybe a gas pump skimmer, who knows? I saw the charge and disputed it within 2 or 3 days. The bank issued a credit (they called it provisional) and I filled out the fraud form. There were actually 3 fraudulent charges - Nordstrom's, The Gap, and Newegg. The first 2 were no problem, but after about 5 weeks, I got a letter from the bank saying the credit had been reversed because the merchant claimed the charge was authorized. It included a lot of details about the charge. The name used was Steven Tieng (never heard of him). He used a billing address that I had moved out of a few weeks earlier. The package was shipped to a different address in a different state, to another person. And yet despite all these inconsistencies (WRONG NAME even), they claimed it was legit and kept the money.

      The bank gave me 10 days to file a "rebuttal", which I did the very next day. The girl at the bank told me it was "the most thorough rebuttal she had ever seen". Nevertheless, it appears MasterCard simply threw it in the trash. There has been no response from them in just over 6 months. I ask at the bank, they call, and just get "nothing". Newegg simply responds with "Oh, gee, too bad. Call your bank.".

      I doubt I'll ever see a dime of that money again.

      --
      "Somebody has to do something. It's just incredibly pathetic it has to be us."
      --- Jerry Garcia
    33. Re:So offer a cost effective replacement by rfunches · · Score: 1

      This is why you never, ever use a debit card at anything other than an ATM. (Not even at the grocery store for cash back.) That limits where your card details can be skimmed from.

      I don't understand why you thought Newegg would do anything? If the bank "lost" the paperwork, you send a certified letter to follow up, and if they still play possum, send a letter to the regulators and (within the U.S.) state attorney's office...

    34. Re:So offer a cost effective replacement by IgnitusBoyone · · Score: 2

      I would cancel my relationship with mastercard. It might also help to never shop at newegg again and to convince others as well. My highschool job was working retail. I was taught something like one unhappy customer was 200 grand in business.

      That story is pretty convincing you. I would make it my goal to make people aware of it.

      --
      Momento Mori
    35. Re:So offer a cost effective replacement by Curunir_wolf · · Score: 1

      I don't understand why you thought Newegg would do anything?

      Because Newegg claimed the charge was legitimate, even though the name used was not the name on the card, and they shipped it to a different address in another state, AND they told me on the phone it was fraudulent, and cancelled "Steven Tieng's" account with them. So they made a BIG mistake - when the fraud report came in, they told MasterCard, "oh, no, looks legit to me!"

      --
      "Somebody has to do something. It's just incredibly pathetic it has to be us."
      --- Jerry Garcia
    36. Re:So offer a cost effective replacement by Anonymous Coward · · Score: 1

      Yes HTTPS is flawed. Name one protocol that is not.

      That's ridicules. HTTPS is not flawed. CA model is flawed and has been since the beginning. Don't even "slashdotters" understand the difference?

      There is also a difference between bugs in software and bugs in a protocol.

    37. Re:So offer a cost effective replacement by Asgard · · Score: 1

      Beware 'overdraft protection' on that account where they'll extend you some credit and come after you for it later, with a ton of fees on top.

    38. Re:So offer a cost effective replacement by Narcocide · · Score: 1

      My guess is it was actually shut down due to pressure from the government (*cough* NSA *cough*) to increase transparency in online credit card transactions. This would have made it far too easy for people to anonymously spend money on drugs and prostitutes.

    39. Re:So offer a cost effective replacement by Narcocide · · Score: 1

      Which, interestingly enough, a one-time-use, generated-on-the-fly, disposable credit card number would ALSO protect you against...

    40. Re:So offer a cost effective replacement by thule · · Score: 1

      I know people think Apple invented NFC payments, but they didn't. This is NOT unique to Apple Pay. Apple Pay is an implementation of a standard. Google Wallet is an implementation of the same standard. Either way, the vendor/POS terminal does NOT get the CC# during the transaction.

    41. Re:So offer a cost effective replacement by tepples · · Score: 1

      What about a pre-paid credit card?

      I was under the impression that those came with annual fees.

    42. Re:So offer a cost effective replacement by tepples · · Score: 1

      For one thing, Dave Ramsey fanboys eschew anything with "credit" in the name.

    43. Re:So offer a cost effective replacement by Miamicanes · · Score: 1

      Not really... it just would have meant the authorities would have needed a proper court order to make Mastercard/Visa/Amex tell them who that one-time number was associated with, and furnish them with a list of every other transaction that person engaged in over some finite window of time. We're not talking about Bitcoins here, just very long credit card numbers still associated with exactly one real-world account, from a universe of potential numbers that's too sparse to effectively guess a valid number (let alone use one to commit fraud). At the end of the day, they STILL had to bill someone for it, so it was no secret who that number was associated with.

    44. Re:So offer a cost effective replacement by tepples · · Score: 1

      Which model should replace CAs? Perspectives breaks when a man in the middle is placed between a server and its only Internet uplink.

    45. Re:So offer a cost effective replacement by Lorens · · Score: 1

      15 years ago I had an MBNA credit card. On their website you could generate a one-time credit card number that was only good for the stated amount. That was a big improvement. I guess not enough people bothered to use it though.

      I have this system today, and my "real" card number, while valid, is systematically declined for Internet transactions. It's common enough that Amazon (at least the French Amazon) has an FAQ on the problems it can cause (bigger orders can be split up, and Amazon debits each packet separately). Some sites refuse the virtual card, but I can real-time the on/off switch on my bank's website to use my "real" card number just for the necessary number of seconds. Not ideal, but better than most.

    46. Re:So offer a cost effective replacement by Fnord666 · · Score: 1

      Which, interestingly enough, a one-time-use, generated-on-the-fly, disposable credit card number would ALSO protect you against...

      Which kinda suck for use as a recurring payment method.

      --
      'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
    47. Re:So offer a cost effective replacement by Fnord666 · · Score: 1

      With credit and debit card fraud being a hot topic these days you might try looking for an investigative reporter in your local marketing area. They might do a "on your side" type of piece on your case, especially with all of the documentation you have.

      --
      'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
    48. Re:So offer a cost effective replacement by Opportunist · · Score: 1

      A few tactical nukes, well placed, should do.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    49. Re:So offer a cost effective replacement by Opportunist · · Score: 1

      What kind of one-time pad? If it is not a true two factor system (i.e. the old fashioned paper OTP numbers) it's worthless.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    50. Re:So offer a cost effective replacement by reikae · · Score: 1

      It's just an indexed list of short codes, bank's website tells which index to use when logging in and also when doing wire transfers or other important stuff. Each of the 300 codes are used only once obviously.

      Could you elaborate on the worthless systems? Is my bank's system one of those and if not, what would these systems be like exactly?

    51. Re:So offer a cost effective replacement by NatasRevol · · Score: 1

      Apple Pay is WAY more than NFC. It's what the GP said.

      --
      There are two types of people in the world: Those who crave closure
    52. Re: So offer a cost effective replacement by eyegone · · Score: 1

      Google "Secure Electronic Transactions.". TL;DR: It got a bit of traction in Europe but basically none in the U.S. (presumably due to different credit card liability laws).

      --
      "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
    53. Re:So offer a cost effective replacement by Opportunist · · Score: 1

      Imagine a trojan in your computer that is able to manipulate webpages in between them arriving at your machine and you seeing them. Like, say, a browser plugin. Adblockers and the like do pretty much that. And no, sadly HTTPS is no safeguard against that because these plugins hit after decryption and before encryption, i.e. they get the plain text. Then, the plugin waits for you to make an actual transfer. And here is what happens then:

      You type in that you want to transfer, e.g., 100 bucks to Water&Power. The plugin replaces those 100 bucks with 5000 and W&P with its mule account, then sends this to your bank. Your bank will confirm those 5000 to Mule and ask for your OTP key. The plugin will now display the request for the OTP key along with 100 bucks to W&P. Essentially, you're going to sign the phishing transaction while thinking you're signing the transaction you wanted to do.

      It's been a while that I saw something like that hit, IIRC it was in 2007 back when I was still in forensics. It was a pretty interesting piece of trojan in the form of a browser helper object that held the relevant data (i.e. target account and amount to steal) in registry keys. Nifty little bugger, it sure was a pleasure to take it apart. These things were highly specialized and could only target a specific bank in each of their incarnations, at least in the beginning. Later they were "bundled" to maximize the impact.

      The main flaw of the system is that there is only one channel being used, and with this channel being compromised there is nothing the bank or you could do to verify that either of you is actually talking to the other one and nobody in between is manipulating the transaction. Hence a lot of banks switched to text message OTP keys. There you get a text message with the target account and the target amount, along with the OTP key number. You are supposed to verify that the account and amount match what you entered. To crack this system, a potential attacker would have to compromise the computer and the cell phone, making the whole process quite a bit more secure.

      Unless, of course, you're using a mobile phone app to do your online banking...

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    54. Re:So offer a cost effective replacement by lister+king+of+smeg · · Score: 1

      This would have made it far too easy for people to anonymously spend money on drugs and prostitutes.

      yeah only the secret service get to hire sex workers not you plebs

      --
      ---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
    55. Re:So offer a cost effective replacement by lister+king+of+smeg · · Score: 2

      telnet is great for wathcing ascii art starwars, there is a suitable application

      (telnet towel.blinkenlights.nl)

      --
      ---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
    56. Re:So offer a cost effective replacement by JWSmythe · · Score: 1

      One does not simply invite the Romulans.

      --
      Serious? Seriousness is well above my pay grade.
    57. Re:So offer a cost effective replacement by dunng808 · · Score: 1

      At first I was going to disagree, convinced that the broken logic was better attributed to a football player until I realized that sort is unlikely to be hanging around here. Yours is the more likely explanation. Occam's razor.

      --

      Gary Dunn
      Open Slate Project

    58. Re:So offer a cost effective replacement by JWSmythe · · Score: 1

      I really liked PayPal's solution for limiting risk when paying sites that didn't support PayPal. Their Virtual Debit Card product was great. I could provide whatever information I wanted, restrict the virtual card to exactly the amount of the transaction, and optionally allow it for recurring transactions. They were awesome, especially when purchasing from small companies with very little information about if they were legitimate or not.

      PayPal if nice and all, but plenty of people fall for the common traps, like variations on the domain name which are phisher traps.

      People here were generally better at avoiding scams, but that doesn't help the > 90% of the population who never check.

      --
      Serious? Seriousness is well above my pay grade.
    59. Re:So offer a cost effective replacement by epyT-R · · Score: 1

      god forbid they do that, right? We all must be protected. We will all be pushed/shoved down the stairs.

    60. Re:So offer a cost effective replacement by AmiMoJo · · Score: 1

      Apple Pay requires you to put your card details into the phone, an insecure environment which leaked NSA slides claim to have full access to. With the recent celebrity hacking and the absolute facepalm of allowing remote dictionary attacks against iCloud they need to earn trust, not simply claim they are secure.

      I prefer stored value cards and eWallet systems. In the former case you buy the card with cash and it's basically anonymous, beyond the fact that purchases can be linked. Simply return the card and get a new one periodically to limit that. The eWallet systems make the charges appear on your phone bill, so they don't store and credit card details on the phone itself and the per transaction limit is low.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    61. Re:So offer a cost effective replacement by AmiMoJo · · Score: 1

      Your consumer protection laws are weak. You should lobby your elected officials to strengthen them.

      For example in the UK you could complain to the Financial Services Ombudsman. That instantly costs the bank money so they ate keen to avoid you doing that. The FSO then makes an impartial decision based on the rules. In your case it's hard to see how you could have lost. Costs you nothing beyond the time you spent writing letters anyway, and the FSO will accept email as well.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    62. Re:So offer a cost effective replacement by kybred · · Score: 1

      Which kinda suck for use as a recurring payment method.

      No they work quite well. When you setup the 'one-time' use number, you specify that it is for recurring charges. When the first charge hits it, the number is bound to that vendor. Any charge to that number from a different vendor will be rejected. This can cause a problem for some vendors that change card processors after you've set one of these up.

    63. Re:So offer a cost effective replacement by davester666 · · Score: 1

      > If you're trying to make sure the NSA can't get at data of yours that it wants, you need something else. What that is, I don't know.

      I believe what you are talking about is a complete reset of the US system of governing itself. Nothing short of that appears to be capable of doing the job.

      --
      Sleep your way to a whiter smile...date a dentist!
    64. Re:So offer a cost effective replacement by brantondaveperson · · Score: 1

      Not really - the 'one-time' credit cards could easily be set up to work only for a specific amount on a particular day for a particular retailer too.

    65. Re:So offer a cost effective replacement by reikae · · Score: 1

      Thanks for the example. My bank actually has an SMS confirmation system like you described, but it's only for "unusual" transactions. I've never triggered it, so merely transferring money to new accounts for the first time doesn't do it. Most of my payments are in the two-digit range though, and I assume they thought it would be too annoying for most customers to confirm each and every transfer.

    66. Re:So offer a cost effective replacement by petteyg359 · · Score: 1

      HTTPS is only sufficient until ISPs install proxies and give all the technophobe morons who are proud to proclaim "I don't know about all them flashing lights and stuff!" a nice little "internet installer" CD that sets the proxy as a trusted root, or has the tech who comes out because the customer is too proud of their ignorance to connect a coax cable between two coax ports and an ethernet cable between two ethernet ports install it for them.

    67. Re:So offer a cost effective replacement by X0563511 · · Score: 1

      HTTPS, as a protocol, seems fine. The flaws seem to have been specific implementations of the protocols, or with their algorithms (reminder that HTTPS is modular in that regard).

      --
      For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
    68. Re:So offer a cost effective replacement by Opportunist · · Score: 1

      More likely they shy away from the cost. I can't go into detail but SMS confirmation is anything but cheap.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    69. Re:So offer a cost effective replacement by rs79 · · Score: 1

      If this is a serious request for a protocol without flaws - didn't Bernstein fail to get any takers to find a flaw in djbdns?

      I realize that's not a flawless protocol per se, but rather is a flawless implementation of an inherently flawed protocol. If you know of a better example I'd like to hear it.

      --
      Need Mercedes parts ?
    70. Re:So offer a cost effective replacement by RockDoctor · · Score: 1

      We prefer Spork, Spam and Fox. All the absence of content together with repulsive presentation.

      --
      Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
    71. Re:So offer a cost effective replacement by Aram+Fingal · · Score: 1

      I don't know how you would eliminate all transfer of private information to the merchant. Paypal's system takes care of anonymizing the details of the payment. I gather thaty by saying "halfway" you are referring to the fact that you still have to give the merchant a shipping address. Also, without HTTPS, not only the shipping address but the items you are buying and what they cost is open to evesdropping.

  2. Technical flaws are beside the point by Anonymous Coward · · Score: 1, Insightful

    As long as we rely on CAs for trusted certificates SSL will always have an easily-exploited weak link.

    1. Re: Technical flaws are beside the point by Anonymous Coward · · Score: 1

      Self signed certificates are enough to encrypt the connection. You're missing the point here.

    2. Re:Technical flaws are beside the point by NotInHere · · Score: 1

      NSA and resourceful criminals can use 0days, and CA system helps against small criminals. Current protection meets the need, it seems. Not that I think its broken.

    3. Re:Technical flaws are beside the point by jopsen · · Score: 1

      As long as we rely on CAs for trusted certificates SSL will always have an easily-exploited weak link.

      We can all agree HTTPS isn't perfect... but both Firefox and Chrome have started pining certificates... At least that's a start.

    4. Re:Technical flaws are beside the point by WD · · Score: 1

      Be sure to check out Moxie Marlinspike's blog post about the topic.
      http://www.thoughtcrime.org/bl...

    5. Re:Technical flaws are beside the point by timeOday · · Score: 4, Informative
      Give the article some credit, that is largely what it is about:

      To evaluate both legal and technological solutions, an understanding of the economic incentives of the stakeholders in the HTTPS ecosystem, most notably the CAs, is essential. This article outlines the systemic vulnerabilities of HTTPS, maps the thriving market for certificates, and analyzes the suggested regulatory and technological solutions on both sides of the Atlantic. The findings show existing yet surprising market patterns and perverse incentives: not unlike the financial sector, the HTTPS market is full of information asymmetries and negative externalities, as a handful of CAs dominate the market and have become "too big to fail." Unfortunately, the proposed E.U. legislation will reinforce systemic vulnerabilities, and the proposed technological solutions are far from being adopted at scale. The systemic vulnerabilities in this crucial technology are likely to persist for years to come.

      Most all the responses I see to this story so far are kneejerk response to the summary, not very relevant.

    6. Re:Technical flaws are beside the point by Opportunist · · Score: 1

      NSA and resourceful criminals

      Why the tautology?

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  3. locks, doors, ... by silfen · · Score: 4, Insightful

    Every lock, every door can be attacked and broken. It's no different with protocols. We don't stop locking our bikes or cars just because a government soldier with an M16 can shoot the lock open.

    1. Re:locks, doors, ... by Anonymous Coward · · Score: 2, Insightful

      Exactly. Security requirements depend on the threat model.
      Just because the NSA can read your data doesn't mean the civilian crooks can get your bank password.

    2. Re:locks, doors, ... by Code+Herder · · Score: 1

      It's a bit flawed as an analogy because the soldiers things probably won't happen to you. On the other hand, current surveillance is automated and they automatically break down all the doors to take a peak, just in case.

    3. Re:locks, doors, ... by CopaceticOpus · · Score: 4, Insightful

      Physical locks still need to be broken manually, one door at a time.

      When it comes to https, all locks can potentially be opened at once, remotely, with the click of a button, and with no sign of intrusion. It's hardly the same.

    4. Re:locks, doors, ... by NotInHere · · Score: 1

      And, thanks to the internet, threats can travel with light speed.

    5. Re:locks, doors, ... by arth1 · · Score: 1

      Every lock, every door can be attacked and broken. It's no different with protocols. We don't stop locking our bikes or cars just because a government soldier with an M16 can shoot the lock open.

      But in real life, we also are better at spotting when locks don't serve a purpose. Most of us don't have double bolt locks on our bathroom doors, and businesses don't keep their doors lock and run out to unlock it for every customer.

      Sometimes it's not the door that needs protection, but the valuables themselves.

    6. Re:locks, doors, ... by gstoddart · · Score: 1

      And, thanks to the internet, threats can travel with light speed.

      Is that like "baked with real vegetables", which may or may not imply there's vegetables actually in it? ;-)

      --
      Lost at C:>. Found at C.
    7. Re:locks, doors, ... by hey! · · Score: 1

      If your bike was made of solid gold, then a conventional bike lock would be useless. Also your bike would be very heavy.

      The point is that your analogy has some flawed interpretations. What you're saying is that the use value of riding your bike anywhere outweighs the expected cost of its being stolen. That's completely valid. Likewise the marginal cost of a more sophisticated lock may not be worth the marginal reduction in expected theft-cost.

      But information has a wider range of uses and values than a bike does; you can't just say, "well HTTPS may not be perfect, but it's what we've got and it's good enough." Some information is literally priceless. Other information may not be priceless, but maybe it's not really needed on a system so you can protect it by moving it to a less exposed system. HTTPS is just one of many tools you have to work with when addressing security. Naturally you want to use it as skillfully as possible to reduce your vulnerabilities, but part of the process in many cases is imagining what would happen when something you're relying upon fails, then planning to deal with that.

      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  4. Problems with TLS and PKI by NotInHere · · Score: 4, Insightful

    goto_fail is just a bug like every else. Its a major bug, yes, but its "only" a bug. There are more systemic issues.

    PKI is broken. Diginotar was just one indident we know of. CAs can secretly give everybody any cert they want. We need a system where the CAs need have to publish their certs, and which itself can't forge. Certificate transparency only centralises this "tree of trust". We still need to give the tree a ground to stand on. This can be achieved by gossip protocols. With all these measures, we don't need CAs anymore. CA is a multi-million dollar industry, they won't like being obsolete.

    Third point: Microsoft. They haven't added usable perfect forward secrecy until april 2014.

    Fourth point: the users. They don't care, or other things are more important to them (stability, etc): Most of them don't update their browsers regularly. I don't critizise clicking away security warnings.

  5. Not very useful by Anonymous Coward · · Score: 1

    I think it is wrong to claim HTTPS is flawed by blaming the underlying software vulnerabilities. The post didn't mention anything about how HTTPS itself is flawed at the protocol level, or its design is flawed.

  6. For internal use? by phorm · · Score: 3, Insightful

    HTTPS/SSL, but with the signing, distribution, and recovation done in-house. The big SSL vendors seem to often be prone to poor security, as well as possibly succumbing to the demands of certain government agencies and providing "private" keys.

    At least if your certificate is signed in-house, you have control of your certs and a certain amount of extra protection against the above. This might not be a good solution for smaller shops, but mid/medium shops could accomplish this, it's just easier to use a "big name" registrar.

    Perhaps one solution would be to have an easily deployed appliance/distribution that runs as an internal certificate store.

    1. Re:For internal use? by devman · · Score: 1

      SSL cert vendors should never have your private key, and I've never seen one that needed it. They only sign you public key when you generate a certificate signing request.

    2. Re:For internal use? by tepples · · Score: 1

      If your SSL cert provider is also your web hosting provider, then your SSL cert provider has your private key because your web hosting provider needs your private key in order to provide service.

    3. Re:For internal use? by phorm · · Score: 1

      Signing key, not the key on the certificate itself.

  7. broken implementation! = bad protocol by raymorris · · Score: 5, Informative

    OpenSSL's heartbleeed bug was a bug in openssl, a buffer overrun that didn't really have anything to do with ssl. A similar bug in any other server software would be approximately as bad. Where https protocol specified a ping, openssl instead leaked the contents of arbitrary memory locations .

    Apple's goto bug was Apple's bug. Again, little to do with the protocol. Ssl/tls/https didn't fail here, the company failed to implement https.

    The one "fault" of the protocol in the cited cases could be that it isn't brain-dead simple. Since the standard isn't idiot-proof, idiots can screw it up.

    1. Re:broken implementation! = bad protocol by Anonymous Coward · · Score: 1

      Could the protocol be simplified?

      Being more complex than necessary IS a FLAW in a protocol.

    2. Re:broken implementation! = bad protocol by Anonymous Coward · · Score: 1

      No. SSL was designed to be flexible, which means it has a convoluted handshake. And it also brought all the baggage of X.509 along with it.

      SSL was designed at a time when best practice dictated that all your algorithms should be negotiable. It made sense: ciphers like RC4, 3DES, cipher modes like CBC, digests like MD5 and SHA-1, and public-key algorithms like RSA and DH are on their way out. Those were all state of the art back then, but everybody expected them to fail sooner rather than later. So your protocol needed to be future-proof. You needed a way to support multiple different algorithms presently, and an easy way to add new ones. This was the right decision, as the attacks on RC4, CBC, etc has shown.

      These days the state of the art in cryptography is much more advanced. It's not unreasonable to settle on ECC with known good parameters for signing and key exchange, SHA-3 for hashing, and AES+CTR+GCM (cipher, mode, checksum). Or some other set of strong algorithms that researchers are more confident won't fail catastrophically anytime soon.

      You don't need modularity anymore. That means you could design a new protocol which is much, much simpler. But simplify SSL? No. It was _designed_ to be modular. It means we _can_ use all those newer, stronger algorithms, but we're stuck with the baggage that makes that possible.

  8. Folks.... by Anonymous Coward · · Score: 5, Interesting

    It's not HTTPS that's insecure, it's the current certificate authenticity chain.

    Eliminate that chain, work out a public exchange and verification program (something akin to bittorrent for
    gpg signed certificates from other people you trust.) and plug that in in place of the current certificate authority
    model and you're set.

    This does of course require you to have people you trust who have some way to verify they got the 'original'
    copy of the certificate, and doesn't preclude using the equivalent of modern certificate authorities if desired.
    It simply provides 3rd party verification if something appears to be up.

    If you need a good example of how this might be carried out, look up 'WASTE', then imagine combining that with slashdot's rating system utilizing the old Kevin Bacon skit about 6 degrees of separation. That should provide secure peering with a layer of trust model that would dwindle the farther away from you a 'trusted individual' is positioned. It's not as 'cheap' in terms of cpu, disk space, or memory requirements as the current system, but it would be harder to exploit than the current centralized system.

    1. Re:Folks.... by Curunir_wolf · · Score: 4, Insightful

      Mod parent up. While the poster's solution may not be the right idea, he's absolutely identified the problem: profit-driven central authority.

      --
      "Somebody has to do something. It's just incredibly pathetic it has to be us."
      --- Jerry Garcia
    2. Re:Folks.... by swillden · · Score: 1

      Eliminate that chain, work out a public exchange and verification program (something akin to bittorrent for gpg signed certificates from other people you trust.) and plug that in in place of the current certificate authority model and you're set.

      Or rather than eliminating it, secure it. A couple of proposals:

      http://www.certificate-transparency.org/ provides a distributed mechanism for near real-time monitoring of certificates in use, to very quickly identify and block certificates that weren't issued legitimately.

      http://convergence.io/ makes the observation that MITM attacks result in some subset of the Internet seeing a different certificate from a given server. A distributed system of crosschecks identifies sessions which are being attacked.

      Note that in spite of the fact that Convergence is billed as a replacement for the CA system, there's no reason that we can't use both.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    3. Re:Folks.... by Opportunist · · Score: 1, Insightful

      The problem is not that it is for-profit. The problem is rather that we're supposed to implicitly trust them despite us having no reason to do so, and in the light of various revelations lately, have every reason to actually DIStrust a fair lot of them. Not because they are "evil". Just because they could not defend against the country they reside in requiring them to ... let's say "comply".

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    4. Re:Folks.... by WuphonsReach · · Score: 2

      Eliminate that chain, work out a public exchange and verification program (something akin to bittorrent for gpg signed certificates from other people you trust.) and plug that in in place of the current certificate authority model and you're set.

      DNSSEC + DANE

      It limits the damage a lot more then the current "trust the CA completely" model. A rogue CA can only damage / MitM certificates that they have issued without raising red flags in the SSL stack.

      Is DNSSEC+DANE perfect? No, it has some rough edges and possible corner cases, but it's far better then depending on the current CA model.

      --
      Wolde you bothe eate your cake, and have your cake?
    5. Re:Folks.... by chihowa · · Score: 1

      A decent stepping stone would be to allow multiple CA signatures on a certificate. Then, a user can decide how much they trust a certificate based on which CAs trust that certificate. As an added bonus, and verified through DANE or the like, it would be necessary to compromise multiple CAs in order to present a forged certificate. This moves us toward the big web of trust that you propose.

      Once this is set up, we can start pruning the massive implicitly trusted root CA list and bring a little sanity to who we need to "trust". If you haven't done so, take a look a the lists sometime. Your computer/browser completely trust any certificate signed by any one of those foreign governments or unrecognizable organizations. How secure is that?

      --
      If you want a vision of the future, imagine a youtube comments section scrolling - forever.
    6. Re:Folks.... by chihowa · · Score: 1

      It's that we trust 400 of them by default in the first place, and any one of them should be easy enough to subvert by a sufficiently powerful nation-state.

      Some of them are directly run by nation-states.

      --
      If you want a vision of the future, imagine a youtube comments section scrolling - forever.
    7. Re:Folks.... by AmiMoJo · · Score: 1

      The web of trust model can be infiltrated by the NSA/GCHQ, and with things like national security letters they can force people you trust to betray you.

      It's still the best system we have for when you need to trust random web sites, but I'd like to see exchanging public keys on person become common place. We all have phones with NFC and QR code reading capability. Banks should put verification codes in their branches, individuals should put them on their business cards.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    8. Re:Folks.... by Marillion · · Score: 2

      For example: Hong Kong Post Root; DoD Root CA 2; Federal Common Policy CA; Staat der Nederlanden Root CA - Any of these CA can mint a certificate for ANY website.

      Keep in mind that any sufficiently powerful nation is better served sending lawyers rather than hackers. Step One: All it takes is to send a court ordered warrant with gag-order to get the private key for "Go Daddy Root Certificate Authority - G2". Step Two: Mint certificates

      We should do two things. 1) Browsers should also start displaying the root CA. If I go to Google and I know it's Google because "Autoridad de Certificacion Raiz del Estado Venezolano" says so, I'd be suspicious. 2) Fix the all or nothing problem. Somehow limit the domain scope of a CA. "Google Internet Authority G2" mints certificates for Google.Com. What's to keep them from minting one for MyBank.com?

      --
      This is a boring sig
    9. Re:Folks.... by smash · · Score: 1

      Doesn't even have to be profit driven. If the government (or anyone with sufficient $ / technical skill) either owns or co-erces the CAs in the current model, you're boned.

      --
      I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
  9. It's probably good enough by klubar · · Score: 1

    Like all technology, it's really about what you are trying to protect. For most people and applications HTTPS is probably enough, if you're protecting multi-billion dollar transactions or infrastructure then you should use something stronger. Think of it like door locks -- all are flawed, but it's not worth spending $1 million on security to protect a $300,000 house.

    I'm reasonably satisfied with the level of protection from HTTPS for my twitter posts and even banking.

    As an aside, is the Microsoft HTTPS implementation any better? It seems like only open source and Apple have been implicated in the HTTPSgate scandal.

  10. and... by CosaNostra+Pizza+Inc · · Score: 1

    That's why I prefer to use a VPN

  11. If there's a systemic problem by nine-times · · Score: 2

    If there's a single systemic problem with HTTPS, it's that we're still largely relying on Certificate Authorities which charge a lot of money. The expense and complexity discourages people from using SSL more ubiquitously.

    I'm not saying it's a perfect security scheme, but my point is that the single biggest problem with it is that we're not using it enough.

    1. Re:If there's a systemic problem by heypete · · Score: 1

      If there's a single systemic problem with HTTPS, it's that we're still largely relying on Certificate Authorities which charge a lot of money. The expense and complexity discourages people from using SSL more ubiquitously.

      Cost is an issue if you're buying VeriSign certs for hundreds of dollars, but why waste your money? (Answer: nobody got fired for buying VeriSign, and big companies think customers care about the "trust seals"). Other CAs offer OV or EV certs for less than $200/year.

      DV certs are incredibly cheap. StartSSL offers DV certs for non-commercial purposes free-of-charge. For paid certs, they only charge for what costs them money: ndividuals can get their ID verified for $60/year and issue unlimited Class 2 certs. Organizations pay $120 (one individual verification, plus the organization verification) and can issue unlimited certs. Gandi offers DV certs (they're a Comodo reseller) for $16/year. NameCheap (a reseller of several CAs) has even lower prices: Comodo certs are $9/year, while RapidSSL certs are $10.95.

      I hardly consider $9/year to be a showstopper for even the most cash-strapped business or small organization.

      That said, you do have a point in regards to complexity: generating certs using command-line tools is not something the typical user can be expected to do, particularly with subtleties like adding the right flag for SHA2 signatures, configuring their server with good ciphersuites, etc. Heck, I routinely see professionally-managed websites with SSL cert chains missing the intermediate cert. Security is complex and can only be simplified so much, but it's still an issue.

    2. Re:If there's a systemic problem by bill_mcgonigle · · Score: 1

      If there's a single systemic problem with HTTPS, it's that we're still largely relying on Certificate Authorities which charge a lot of money. The expense and complexity discourages people from using SSL more ubiquitously.

      I don't think that's really it - I can get as many commercial-grade SSL certs for 7 bucks as I want. I got a couple at Namecheap for $2 when they were running a special. That's a large coffee at McDonald's. I've purchased 5-year wildcards for $150.

      How cheap does it need to be to be usable? For most people setting up a CA takes more time than $7 is worth.

      If there's an immediate problem, it's the default root stores. Why would I trust the US DoD to sign certs for Google, or, heck, even my own mail server? A default install of most browsers and OS's will. Oh, but we should be afraid of the NSA exploiting heartbleed? Heh, ceilingcat don't need no protocol exploits.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  12. Good article by WaffleMonster · · Score: 1

    Well done, authors obviously spent a lot of time on it. Splitting implementation and deployment was refreshing to see.

    Fundamental problem is aggregation of power/value is an irresistible beacon of abuse. From criminals to states the more value protected the bigger the effort to coopt the system.

    I have two "practical" ideas which might help slightly..

    1. Replace CA's with DANE or something like it. We already have global view of naming.. Trust should flow from ownership of names as a standard feature of domain ownership.

    While this reduces overlapping CA craziness it just replaces headaches associated with one trust anchor with another... however with non-overlapping view there is a lot more that can be done to distribute trust.

    The other problem deployment of DNSSEC without first fixing DNS DDOS amplification is in my view negligent and irresponsible.

    2. Use "zero knowledge" authentication protocols in addition to or instead of CAs. I have an account on some device or some service somewhere let my credentials be source of trust to protect my session. This solves the aggregation of power issues of planet wide trust anchors and allows people to secure their shit without having to screw around with certs.

    All of the technology to implement this exists... all browser vendors need to do is get off their asses and commit the TLS-SRP patches in their ticket systems.

    This is no panacea there are two issues using credentials for trust imposes which cannot be solved.

    1. Your 'identity ... (e.g. username)' is necessarily transmitted in the clear. While you can play games with reversible transforms or grouping the basis for deriving your identity is transmitted.

    2. There is no difference between storing a password and a password hash. Since we are establishing proof of mutual possession servers need to reversibly protect their passwords. Hashes no longer work.

    1. Re:Good article by Pinky's+Brain · · Score: 1

      I'm convinced that the refusal of browser companies to implement DANE is directly influenced by security services and CAs.

  13. HTTPS is not flawed by Aethedor · · Score: 5, Insightful

    From a technological point of view, it's a good protocol. It works and when implemented correctly, it's very secure. However, a PKI is not much about technology. It's mostly about organisation. In other words, it's not about PK, but all about I.

    And that's were most things go wrong. Yes, Heartbeat was about technology, but people who paid attention moved away from OpenSSL a long time ago. There are more than enough alternatives. GnuTLS and PolarSSL for example. Apple's gotofail was also about technology, but name me one piece of software that is 100% bug free.

    The real problem with HTTPS is how it's organized. When I install a browser (or get one via the OS), I also get a shit load of CA's which I'm supposed to trust. CA's from China, Turkey, Taiwan and other countries from which I don't even speak the language. I will never need a certificate from one of those CA's, because I will never need a secure connection with any website protected by their certificates. If the people from Iran were wise enough to realize that they don't need Diginotar because they don't speak Dutch, they would never be at risk because of Diginotar's epic failure. The first thing I do when installing a web browser is get rid of all the irrelevant CA's. Just to be sure, just to be safe.

    And that's what's wrong with HTTPS. That's what needs to be fixed. Trust shouldn't be imposed by a browser maker. Trust should be earned.

    --
    It doesn't have to be like this. All we need to do is make sure we keep talking.
    1. Re:HTTPS is not flawed by Josuah · · Score: 2

      I had tried using GnuTLS for a while in one of my builds (with libcurl, I think), but found it didn't always work right while OpenSSL did. I'm not sure if that is because I had to do something different with GnuTLS, but it just wasn't happy as a drop-in replacement.

      Anyway, I don't think "trust should be earned" works. If you visit a banking or shopping web site, in what way are they supposed to earn your trust before you do business with that web site? I can't think of a particularly good way (scalable, understandable, and convenient) other than the "I trust X and X trusts Y so I can trust Y" approach we are using today.

    2. Re:HTTPS is not flawed by Kevin+by+the+Beach · · Score: 2

      Great comments and observations. CA's are the weak link in the current HTTPS model. (unfortunately trust has been broken, and millions of computers are delivered with CA configurations that most users are not aware of)

    3. Re:HTTPS is not flawed by Anonymous Coward · · Score: 1

      but name me one piece of software that is 100% bug free.

      printf("Hello, wold!");

    4. Re:HTTPS is not flawed by Aethedor · · Score: 1

      I encourage you to try PolarSSL. It's really good and easy to learn. I replaced OpenSSL with PolarSSL in my own open source project within a few days and the only thing I regret is not doing it earlier.

      --
      It doesn't have to be like this. All we need to do is make sure we keep talking.
    5. Re:HTTPS is not flawed by swillden · · Score: 1

      but name me one piece of software that is 100% bug free.

      printf("Hello, wold!");

      $ cat > test.c
      printf("Hello, wold!");
      $ gcc test.c
      test.c:1:8: error: expected declaration specifiers or ‘...’ before string constant

      Given that it doesn't even compile, I'd say it's buggy as hell.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    6. Re:HTTPS is not flawed by dotancohen · · Score: 1

      Which CAs do you leave in place? Can you mention for each of those why you leave it? I ask as a user who intends to start doing the same, and I would like to know _why_ to trust or leave in place the CAs that are left.

      Thanks.

      --
      It is dangerous to be right when the government is wrong.
    7. Re:HTTPS is not flawed by Aethedor · · Score: 1

      First, know that it's not that I think all CAs are bad and evil. It's just that I don't know them and I don't know their procedures. Every CA that I 'trust' but has issued certificates only to websites that I never visit is a potential threat. Because that trust can be broken but I don't suffer from removing them from my list.

      If you want to do this right, request a list of issued certificates from every CA and check if you ever need a secure connection with any of those websites. If you do, keep the CA. If not, remote it. Because this is quite some work, the best thing to do is remove the obvious ones, like CAs from China, Turkey, Taiwan and other countries from which you don't visit websites, keep the ones you clearly need (likely CAs from your own country) and make your own choice about the rest.

      --
      It doesn't have to be like this. All we need to do is make sure we keep talking.
    8. Re:HTTPS is not flawed by dotancohen · · Score: 1

      Thanks. I did untrust the obvious ones, such as the Turkish and Chinese certs, however the list is long and I'd like to tighten the security a bit. Is there any way to see which certs I've actually _used_ so that I could start making informed decisions? Take for example "Trustis Limited". On what basis would I decide to keep or leave it.

      I don't mean to be a pain, but you seem to be the only person who understands this subject. Even googling the subject does not return many useful links. Thanks.

      --
      It is dangerous to be right when the government is wrong.
  14. HTTPS? by Anonymous Coward · · Score: 1

    Maybe you meant TLS? how do you even confuse the two....isn't this a nerd site?

    The HTTP layer was never the problem, the fact that it is the most used protocol nowadays should not excuse you from confusing TLS/SSL with HTTPS...

  15. Locks are there to keep honest people honest by bradley13 · · Score: 1

    Security prevents casual theft. When vulnerabilities are found, we fix them, to maintain a basic level of security. Sufficiently determined criminals may be able to break your security anyway. With https, the route that is always open is directly monitoring your computer directly, where the data is unencrypted. They are, after all, criminals - and it is the job of our governments to help chase them down and put them out of business.

    What is frightening about the today's situation is the discovery that many western governments are among the worst of the criminals. Governments have more resources than criminal organizations, and (short of vigilantism) there is no one who can enforce the law on the government officials involved. This is the real dilemma we face, as we consider our security systems.

    --
    Enjoy life! This is not a dress rehearsal.
  16. Trust Nobody by Kevin+by+the+Beach · · Score: 1

    I drew a diagram on my office wall to help explain the difficulties of "Trust" in the internet/cloud world to my wife. Her problem is unique to a small subset of Americans.. her profession (Licensed Clinical Social Worker) is granted "Privileged" communication status similar to Attorney/Client rights... This limits her choices as to who and what can be trusted as a computer system. In bold RED marker I circled all of the entities that would need to be "trusted" to one extent or another to keep her data secure when placed onto the internet/cloud. It makes it really difficult to communicate with clients when the ubiquitous solution is the least secure. Her simple answer when faced with current choices was NO, it's my license at risk why should I trust anybody. At the end of the conversation, she asked me to build her something that could be trusted... (good-bye free time, sex life, hobbies, etc...)

  17. after thousands of years, why now? by raymorris · · Score: 2

    Your main point is a good one - there are good reasons for the complexity.

    I'm curious about the other thing you suggested. People have been making and breaking ciphers for thousands of years. For thousands of years, every algorithm* has been broken. Why would you say today's won't be? MD5 was believed to be secure for a long time, now it's thoroughly broken. What evidence is there that SHA-3 doesn't have an undiscovered weakness, given that every other algorithm has had some?

    Further, quantum computers have now actually factored semiprimes, proving the theorems. So we already know how to break existing keys, given large quantum computers. At this stage, with so little knowledge about what medium-scale quantum computing, is it not hubris to think our kids won't come up with ways to use the new powers of quantum computing to solve problems that we don't yet know how to solve efficiently?

    * "every algorithm " meaning all algorithms useful for this purpose. OTPs specifically, aren't applicable to the problem, though they are unbreakable if properly implemented.

  18. Non skimmable card by DrYak · · Score: 1

    Or do it like we do on europe:
    rely on chip, instead of magnetic stipe.

    (Which can't get skimmed).

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
    1. Re:Non skimmable card by tepples · · Score: 1

      Navigating the work visa application process of any European country would be even more expensive.

  19. SSH by tepples · · Score: 1

    http://it.slashdot.org/story/12/07/25/1612236/father-of-ssh-says-security-is-getting-worse

    The article linked from that Slashdot story states:

    Page not found

    The Network World page that you have requested cannot be found by our friendly robots. The page you are looking for may have been removed, had its name changed, or may be temporarily unavailable. If you followed this link from outside our site, we'd appreciate if you'd let the owner of the referring site know.

    So is the solution just to take everything off the web entirely? But then I realized that can't be right, and the real article is here.

    SSH

    The "key continuity management" model, used by SSH and by HTTPS sites using self-signed certificates, is vulnerable to a day-one man in the middle without some out-of-band method for verifying the key fingerprint. Tatu Ylonen's article didn't appear to describe in detail how this might be changed.

  20. DNSSEC with DANE by tepples · · Score: 1

    Have a key get "known" may be an add-on, but some sites use hundreds of server keys and change them out often.

    Then let an organization be the CA for its own registered domain, and let it issue certificates for these "hundreds of server keys". DNSSEC with DANE was supposed to do this, at least at the same assurance level that domain-validated certificates are intended to provide.

    Other tasks might work with an out of band method for distributing and authenticating keys.

    Good luck describing that out-of-band method for distributing the key for every single web site you visit. The only decent proposals I've read are the status quo (X.509), DANE, and Perspectives. Perspectives checks a server's key fingerprint through multiple routes on the Internet. This detects a man in the middle even with unknown-CA certificates so long as it isn't between the server and its only uplink to the Internet (called the "Lserver attack" in the Perspectives white paper).

  21. This isn't news. by koan · · Score: 1

    been going for years.

    --
    "If any question why we died, Tell them because our fathers lied."
  22. This PKI paper is a rewrite of a rewrite by ocelot.wreak5016 · · Score: 2

    These guys have been refreshing and flogging variants of this paper for a year or two. Annoying, particularly as they continue to parrot some inaccuracies that have already been refuted many times by the security community (such as the "1000s of CAs"). This is just a new incarnation of their paper; I liken it to 'kicking a dead whale down the beach.'

  23. Implementation issues rather than design flaw by Eravnrekaree · · Score: 1

    HTTPS isnt flawed. Any protocol like this would have implementation issues. These are implementation problems, not a problem with HTTPS design itself.

  24. Server Name Indication by tepples · · Score: 1

    DV certs are incredibly cheap.

    But the certificate is not the only cost of upgrading from HTTP to HTTPS, as not all browsers still in use support Server Name Indication. Without SNI, a browser can see only the first certificate associated with port 443 of a given IP address, which requires your domain to have its own IP address as opposed to name-based virtual hosting. In the era of IPv4 address exhaustion, some hosts have started charging $60 per year for a dedicated IPv4 address (source: godaddy.com). The leading SNI-ignorant browsers are probably Internet Explorer on Windows XP and Android Browser on Android 2.x. But if you can get through to Roulette without a certificate error, your browser is capable of SNI and has StartSSL.

    On the other hand, you probably shouldn't be sending anything sensitive over the Internet to IE/XP anyway because XP isn't getting patches anymore. So depending on browser usage share in your audience's countries, it might be time to bite the bullet and upgrade small sites from HTTP to HTTPS+SNI.

  25. PKI is plain wrong, use SRP, no need for CAs by aberglas · · Score: 1

    SRP enables strong security from weak passwords. It does NOT rely on Certificates Authorities at all.

    Never heard of it? Then have a look at

    https://en.wikipedia.org/wiki/...

  26. username/password is a bigger problem by dog77 · · Score: 1

    A bigger problem is securing our username and password that we use to login over the SSL connection.

    The username and password are vulnerable because:
    1) They are typically exposed on the same system that handles the connection, which makes them vulernalble to trojans, key loggers, hackers, etc.
    2) They must be managed by humans or vulnerable password managers.
    3) They don't authenticate the server, making the user completely reliable on SSL certificate mechanism for authenticating the server, which as we are aware has a number of weaknesses including most browsers allow a user to ignore a bad certificate and bad certifcates can be trusted through accident or malicious intent.

    Having a well designed protocol underneath SSL to authenticate between the client and the server that:
    1) is key based
    2) has bidirectional authentciation
    3) allows authentication to be done on an isolated computer or dedicated security device

    Would go a long ways towards improving security.

    Maybe there is an existing protocol that provides some of this, but I don't believe OAuth on its own does.