Slashdot Mirror
Some HTTPS Inspection Tools Actually Weaken Security (itworld.com)
America's Department of Homeland Security issued a new warning this week. An anonymous reader quotes IT World:
Companies that use security products to inspect HTTPS traffic might inadvertently make their users' encrypted connections less secure and expose them to man-in-the-middle attacks, the U.S. Computer Emergency Readiness Team warns. US-CERT, a division of the Department of Homeland Security, published an advisory after a recent survey showed that HTTPS inspection products don't mirror the security attributes of the original connections between clients and servers. "All systems behind a hypertext transfer protocol secure (HTTPS) interception product are potentially affected," US-CERT said in its alert.
Slashdot reader msm1267 quotes Threatpost: HTTPS inspection boxes sit between clients and servers, decrypting and inspecting encrypted traffic before re-encrypting it and forwarding it to the destination server... The client cannot verify how the inspection tool is validating certificates, or whether there is an attacker positioned between the proxy and the target server.
Slashdot reader msm1267 quotes Threatpost: HTTPS inspection boxes sit between clients and servers, decrypting and inspecting encrypted traffic before re-encrypting it and forwarding it to the destination server... The client cannot verify how the inspection tool is validating certificates, or whether there is an attacker positioned between the proxy and the target server.
might inadvertently make their users' encrypted connections less secure and expose them to man-in-the-middle attacks,
Well no shit, given that the traffic inspection itself has to be done via a man-in-the-middle attack.
CLI paste? paste.pr0.tips!
It's as obvious as a zipper. If you unencrypt to inspect, you have to re-encrypt before sending it back along its path. Done perfectly, it's zero impact.
You have to verify that you're re-zip is as good as the original zip, or duh, you've weakened your zipper.
So it kind of begs the question how thorough and deployment-specif is the testing itself in the first place?
Why not test on multiple hops along the path if you can, including on a pseudo-client?
So now Slashdot has to have ads everywhere, even across the page as I scroll down.
Actually, it's just a grey bar, because the adblocker stops the actual content. But I still have a grey bar that I don't want.
So long slashdot. It's been nice knowing you over the last 16 years.
If you think I voted for Trump because of this post, you're wrong. I voted for Dr. Jill Stein of the Green Party. Again.
I think they're also talking about the validation of the source - i.e. the man in the middle attack isn't just accepting the connection it's making on the client's behalf that it's own connection to the server is actually secure in and of itself.
It's a two pronged issue.
Karnal
And then just do the opposite. 100% effective! Safe AND secure.
I suspect they mean duplicate or match.
Since the certificate of the original site is very hard to re-create then the recipient would be able to detect a man in the middle attack, but on company computers it may be a lot harder since the company also controls the clients.
So don't do your private banking in a company environment.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
Except in this case, the zipper was broken when you got it, you unzip it ignoring the broken teeth, zip it back up ignoring the broken teeth, and everyone assumes you're protecting them against this so they don't notice that it's gotten a bit drafty.
If I have been able to see further than others, it is because I bought a pair of binoculars.
Done perfectly, it's zero impact.
Which means there's always some amount of impact, since you can't guarantee that it's done perfectly. HTTPS inspection tools are engaging in a man-in-the-middle attack themselves, and are introducing a whole new attack surface. We don't just have to trust that the code itself is implemented perfectly, we also have to trust that the server running it is not compromised, or that a legitimate admin isn't engaging in some nefarious activity.
This negates a rather large portion of the strength (such as it is) of HTTPS in the first place: that there were only two parties handling unencrypted data, the sender and the receiver.
So don't do your private banking in a company environment.
Don't do private anything on company equipment.
What I do, though, is use my own equipment (phone or tablet) to do my private stuff, and I use an SSH tunnel to my home server for internet access, so that the company network never sees any traffic that it can decrypt. Not a solution for everybody, but it works well for me.
It's not actually breaking SSL, but it certainly does weaken HTTPS security.
At first, I thought the story was talking about something new - e.g. companies (that operate web servers) performing MITM on their own servers. Which might make sense in some cases - you might want to enforce strong encryption by applying it uniformly at the "edge", while having less-secure-but-still-encrypted connections within your own network. And if this were designed poorly then yes, you could imagine screwing yourself up (for example if the edge server performs inappropriate data compression.)
But no, this is just the same thing that anyone with any sense has been saying for the last 20 years: MITMing your users' outgoing connections harms their security. Yawn.
What do you do with DNS resolving? The easy solutions still leak DNS requests to admins of the network you are in.
Worse, one of the ads is for Megapath, who I adamantly refuse to ever do business with again under any circumstances.
When Megapath acquired Speakeasy, I ended up as a customer of theirs. Their customer retention practices are simply evil. Should you ever try to cancel, I advise you to document every single step. They made it so you could only cancel service by filling out a web form, after which someone would supposedly call you. I never got that call and thought I was cancelled, not being familiar with their process. Oh, the web form I used will not provide any manner of confirmation to you, either. Document what you did. Maybe even log a support call asking why it didn't work (and get a case #, agent name and preferably an email from the agent documenting your call, though I bet they won't give out that last one).
Only due to a fluke whereby my credit card changed and they were unable to charge the old card did I eventually find out that I wasn't really cancelled. I refused to pay the alleged balance until they cancelled service and provided me with proof that my account was terminated.
I sincerely believe that their scummy customer retention practices are deliberately scummy and I refuse to ever give them another dime in the future. Looking back, I can see how they set up every step to trap the unwary customer in their rules and designed their cancellation process to be as rotten as possible. Should you ever have the misfortune of doing business with them, read all the rules carefully and expect them to play tricks on you. Document everything and confront them with that proof when they try to say that you can't prove that you really cancelled, even though you've been using another internet service for months.
How is this inadvertent?
These tools have been out there for years.
The user of the inspection box is INTENTIONALLY looking at my encrypted data, which could include PHI, PCI, or just plain shit I don't want them to see. My security has already been breached.
That these boxes are even possible to create and deploy (i.e. that someone CAN grant a CA for the box (not even that someone will do so)) shows the untenability of the entire "web of trust" for certs that is supposed to make you certain your data isn't being hijacked over TLS.
As long as this is out there, one can have _zero_ confidence any TLS-encrypted session isn't being hijacked.
I hope there's a rebuild of encrypted transport, and that next time, they don't make certificates so horsey. No, I don't know how to do that perfectly. Seems there's no way to do it peer-to-peer if I have to go down to every bank or business with a printout of their cert and match it up.
Maybe there's something blockchain technology could offer to make certs truly verifiable...
Yep, the IT group continually sends employees emails telling us how much they don't trust us, THEN the decrypt our SSL sessions and expect our Complete trust in them... no dice, you made it completely clear that No One could be trusted. How does your newfound snooping power change that concept?
If the HTTPS is being inspected, the user has already suffered a MITM attack.
Certificate pinning resolves this issue and also makes ALL of those Next Generation Firewalls as useful as any old fashioned packet filter, Source IP Destination IP.
That's correct my analogy was a best-case.
No shit Sherlock this announcement is 10 years too late. Years ago the cert list was much better and regularly provided somewhat useful information. Now traffic is nearly nil and warnings they send are comically outdated.
Various proposals have been put forward to replace various parts of SSL/TLS (including the broken CA model) with better things that can't be easily targeted with man-in-the-middle attacks.
The EFF has the Sovereign Keys project.
DANE stores security related information in DNS and is the subject of several RFC standards.
Other proposals exist to replace some or all of SSL/TLS as well.
Why are people out there in the real world (makers of web browsers and servers for example) not interested in implementing any of these alternatives to the current horridly broken system?
Here wordfence recommends not using Cloudflare:
https://www.wordfence.com/blog...
"In Alert TA17-075A, US-CERT is referring to HTTPS interception products that are used on corporate networks. We extend this point of view to any HTTPS interception products, including cloud WAFs."
Use certificate pinning. Yeah, you won't be able to get out over the corporate shit without first tunneling elsewhere, but your coporate spues won't be able to see your shit if you pin to known good certs.
Fixed TFA.
The problem with SSL-unpacking proxies is the following:
- You can't pass along the original SSL certificates, so your clients all have to trust the SSL proxy
- You can't verify with your clients whether the SSL certificate is correct, so you have to either accept or deny all 'broken' SSL certificates.
- Since a significant portion of SSL implementations are expected to be broken (especially once you start dealing with parties like Microsoft, IBM and Oracle), your implementation also has to be broken.
Custom electronics and digital signage for your business: www.evcircuits.com
Anti virus and sand boxing programs such as Invincia run as root. (any program that requires root to sand box a user space program is just a bad idea). The quality of programming and design that goes into some of these programs is appalling. It would be nice to educate employere not to click on every link and to be suspicious of certain emails but unfortunately most corporations find it too inconvenient to actually authenticate their corporate emails so a vigilant employee would miss any company wide notifications.
DNS can be sent down the SSH tunnel.
Even if this proxying feature were disabled, the network administrator could still see hostnames. They're in cleartext in the Server Name Indication field of the ClientHello message of any modern TLS connection.
You can't verify with your clients whether the SSL certificate is correct, so you have to either accept or deny all 'broken' SSL certificates.
That or the proxy could return a 526 ("Invalid Server Certificate") status. (The 52x status codes are defined not by any RFC but unofficially by the Cloudflare reverse proxy service.) The response body describes the problem and displays the details of the certificate that the proxy does not trust. If the user logged into the proxy has "Allow" privileges, the body contains an "Allow" link to let this particular device use this particular upstream certificate despite its use of an unknown issuer or obsolete cipher suite. The IT department can view exceptions in effect.
Even if a bank were to print out their certificate hash, you can technically generate another certificate with the same hash
Good luck with that. For one thing, the existing SHA-1 attack is a collision, not a preimage, which is orders of magnitude harder. For another, web browsers aren't supporting new SHA-1 certificates, and SHA-256 isn't in foreseeable danger of even a collision.
Would prefer a system where issuance of a CA is a matter of real-time verifiable record [...] blockchain might help here
Such a system is being built in response to the DigiNotar fraud of 2011. It's called Certificate Transparency. And like Bitcoin, it uses a Merkle tree. Chrome already requires it for EV certificates and for certificates issued by Symantec.
But how do you do this on a phone?
SSH only tunnels TCP, DNS is UDP. You can use socat locally and remotely to transport the local udp request through tcp tunneled over ssh, but that more or less requires a complete Linux/Gnu environment on the phone AFAIK, requiring rooting it and installing something like Debian and setting up way to execute scripts in a chrooted environment.
Is there an easy way yo do this?
But how do you do this on a phone?
By installing an app that extends android.net.VpnService . Or by tethering your GNU/Linux laptop.
SSH only tunnels TCP, DNS is UDP.
DNS can run over TCP. In fact, many DNSSEC responses are so big that they have to (source).
It does break SSL, SSL is meant to be point to point, this is a MITM attack.
if your traffic is being intercepted and decrypted before it reaches the destination, then that means that it is breaking the entire concept around what is supposed to make SSL secure.
It does break SSL, SSL is meant to be point to point, this is a MITM attack.
Perhaps I'm splitting hairs here, but this is not a MITM attack on SSL. The SSL protocol in this situation is behaving just fine. This is a MITM attack on HTTPS, a layer higher than SSL.
I connect with my VPN without using DNS, and once connected, all traffic goes through the tunnel, including DNS lookups.
Teppies is correct, but my approach is a bit different. For safety, I tunnel all UDP traffic as well (not just DNS lookups) using a TCP wrapper.
See subject: Via APK Hosts File Engine 9.0++ SR-7 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/
Ads & malware rob speed/security/privacy
Hosts add speed (via hardcodes/adblocks), security (vs. bad sites/malware/poisoned dns), reliability (vs. dns down), & anonymity (vs. dns requestlogs/trackers).
Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus + less security bugs/complexity & faster vs. addons/routers/remote dns!
Avoids DNSChangers in routers/IP settings & dns redirects (99.999% of ISP DNS != patched vs. it) + lightens DNS load & resolves faster from local system RAM!
* Via what u NATIVELY have built into the IP stack in FASTER kernelmode!
APK
P.S. - Safe https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/
What hosts do addons can't (or as well):
PROTECT vs.:
1.) bad sites (past ads)
2.) fastflux C&C
3.) dynDNS C&C
4.) DGA C&C
5.) DNS down
6.) poisoned dns
7.) trackers (dnsrequestlogs/ads/transparent ISP proxy)
8.) spam/phish payload
9.) dns blocks
10.) slowdown 2 ways: adblocks & hardcodes
11.) Multiplatform
12.) Ez data edit
13.) Efficiency (cpu/ram/I-O)
14.) UBlock no DNS bennys = poor imitation = "sincerest form of flattery"
15.) NoScript tag parses. Hosts block ad script before it downloads!
APK
P.S.=> AB+ 151mb http://cdn.ghacks.net/wp-content/uploads/2014/06/adblocker-memory-consumption.jpg/
UBlock 64MB http://cdn.ghacks.net/wp-content/uploads/2014/06/adblocker-memory-consumption.jpg/
(hosts ~6mb)
ClarityRay defeatable
Don't work http://www.businessinsider.com/google-microsoft-amazon-taboola-pay-adblock-plus-to-stop-blocking-their-ads-2015-2/
SLOWER: http://superuser.com/questions/686041/which-leads-to-faster-browsing-an-ad-blocker-or-an-edited-hosts-file/
All of them do. They completely smash and destroy it, and then fool you into thinking it's safe.
Sadly, a Libertarian cannot force his views on another, and freedom cannot spread as does the cancer known as religion.