Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Third of All HTTPS Websites Vulnerable To DROWN Attack (drownattack.com)

Posted by timothy on from the that-guy's-just-waving-about-sharks dept.

An anonymous reader writes: The OpenSSL project has released versions 1.0.2g and 1.0.1s to address a high severity security issue known as the DROWN attack (CVE-2016-0800) which allows attackers to break HTTPS and steal encrypted information. In layman terms, the attack uses an improperly patched issue (from 1998) in SSL to attack websites using the more modern TLS protocol. Servers where admins use SSL and TLS are in danger. Additionally, servers where only TLS is used, but the admins are sharing the same certificate for other servers where they have SSL, are also vulnerable, since the attack targets RSA, employed in both SSL and TLS. The entire attack is also easy to carry out, costing only $440 on Amazon EC2.

17 of 72 comments (clear)

  1. Hiawatha by Aethedor · · Score: 2

    So glad that I'm using a webserver that does NOT use this abomination called OpenSSL and was writting with security in mind. Drown, Heartbleed, Slowloris, etc, never caused me any trouble.

    --
    It doesn't have to be like this. All we need to do is make sure we keep talking.
    1. Re:Hiawatha by robmv · · Score: 4, Informative

      It is not an OpenSSL exclusive problem, Is a protocol one. If you have SSLv2 enabled, you are vulnerable

    2. Re:Hiawatha by Aethedor · · Score: 4, Interesting

      Sure, but that's how mbed TLS (former PolarSSL, the TLS library used in Hiawatha) and Hiawatha helped me. mbed TLS dropped support for it long ago and Hiawatha uses sane and secure default settings. Without any tweaking, it gives you an A rating at ssllabs.com.

      --
      It doesn't have to be like this. All we need to do is make sure we keep talking.
    3. Re:Hiawatha by WaffleMonster · · Score: 3, Insightful

      So glad that I'm using a webserver that does NOT use this abomination called OpenSSL

      It uses the abomination called PolarSSL with its own history of exploitable vulnerabilities.

      and was writting with security in mind

      Using naÃve heuristics to defend against SQLi and XSS demonstrates the opposite.

      Drown, Heartbleed, Slowloris, etc, never caused me any trouble.

      Whose fault is allowing SSLv2 and export ciphers in 2016? All those poor site operators... OpenSSL made me do it!!

      --
      https://technet.microsoft.com/...

  2. Re:Wow, really? by Anonymous Coward · · Score: 4, Funny

    Use open source software. OSS has had years if not decades of eyeballs scouring it for vulnerabilities. While occasionally something still gets found, it is not typically severe and is quickly patched.

  3. Re:Wow, really? by Anonymous Coward · · Score: 2, Interesting

    To be fair, the described attack requires resources that haven't been available to the majority of the world until very recently. Had you managed to sit on this zero-day for twenty years, and you'd started the computations listed on consumer-grade equipment in the late 90s, you might be halfway done by now. Bottom line is, now that datacenter-level resources are becoming available to any script kiddie with a credit card, you're going to see a lot more of this kind of attack, regardless of the source.

  4. [REDUNDANT] by darkain · · Score: 4, Funny

    [REDUNDANT]

    Good thing /. isn't vulnerable at all, thanks to its lack of HTTPS support!

  5. Re:The name by Anonymous Coward · · Score: 3, Informative

    It's actually an acronym(-ish) for Decrypting RSA with Obsolete and Weakened eNcryption.

    It also lends itself to the term "my server got dr0wned".

  6. Re: Wow, really? by Anonymous Coward · · Score: 2, Informative

    LibreSSL is more robust and is a lean version of OpenSSL.

  7. Re:LibreSSL not affected by DROWN attack by guruevi · · Score: 2

    Obviously because it doesn't support SSLv2.

    The problem is not in the library but in the protocol, the reason people continue to use OpenSSL is BECAUSE it supports all sorts of SSL versions and thus more flexible to use than any other OpenSSL-wannabe-dropin.

    This OpenSSL version however breaks stuff by disabling it by default and changing the API when you DO want to use it; given that the only applications that would use it are ancient, I doubt there would be any fixes for those applications to use the new API. This is a protocol issue, not a library issue, leave the API's intact, throw up a giant warning and let people manage their own security. Now what will happen is that people requiring SSLv2 support (for whatever reason) will probably revert to older versions of the library that have bigger issues than SSLv2 support.

    --
    Custom electronics and digital signage for your business: www.evcircuits.com
  8. Re:Disable SSLv2 by Billly+Gates · · Score: 2

    The default in most packages (I'm talking Exchange, IIS, Apache, nginx, Postfix, Dovecot, ...) is that it is enabled. The problem is that disabling it could break a lot of clients, especially those on Windows XP, IE6 or older versions of Java.

    Which is why I want to strangle slashdotters who claim anything after XP is for the sake of change and that old software is the best thing since sliced bread.

    System admins get the horde of the hostily more than the helpdesk folks. It is their fault for being hacked, yet users and management never want to upgrade or spend any money because it works just fine. Meanwhile if something is hacked or breaks it is on the system admin for not fixing it even though management didn't follow their own procedures

    --
    http://saveie6.com/
  9. Re:Disable SSLv2 by codealot · · Score: 2

    You're confusing it with SSLv3, which was still used by Win XP, IE6, Java 6, ancient Androids maybe. I can't think of anything that depends on SSLv2 and would be in common use today.

    SSLv2 has been obsolete for decades. Both should be turned off--the bare minimum for secure sites is TLS v1.0, and PCI DSS requires all older protocols to be disabled, if you need such certifications.

  10. Re:Disable SSLv2 by Dogers · · Score: 2

    On Windows since at least 2008R2, SSLv2 is explicitly disabled by default..

    --
    I am a viral sig. Please copy me and help me spread. Thank you.
  11. Re: Wow, really? by Anonymous Coward · · Score: 5, Informative

    Um, LibreSSL removed SSLv2, so no. It is not vulnerable.

    http://undeadly.org/cgi?action=article&sid=20160301141941&mode=expanded

  12. Re:Disable SSLv2 by Carewolf · · Score: 2

    No, that would be SSLv3. SSLv2 was deprecated in 1998 - 18 years ago, we had years of downgrade attacks like this before it became standard practice to drow all SSLv2 support, and that is already some 10 years ago. Unless you need to support crap from the 1990s that havne't been updated, you have no excuse for support SSLv2, and if you need to support that old crap, you really should have it on a secure intranet.

  13. Re:Disable SSLv2 by AnthonySimpson · · Score: 2

    SSLv3 is vulnerable to the POODLE attack and other attacks. It doesn't seem like any version of SSL is truly safe. What are the alternatives? Documentation on SSL3 vulnerabilities- https://isc.sans.edu/forums/di...

  14. Re:Wow, really? by AchilleTalon · · Score: 2

    I don't see how it relies on badly written software rather than bad sysadmin practices. The exploit need both TLS and SSLv2 configured on the server. These days, if someone has SSLv2 active on his/her website, you can call it a bad sysadmin practice for sure. Anyone with SSLv2/SSLv3 active on his/her website deserve to be kicked in the butt. And a third of the sysadmins deserve exactly that.

    --
    Achille Talon
    Hop!