×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

SSL Renegotiation Attack Becomes Real

kdawson posted more than 4 years ago | from the laugh-a-while-you-can dept.

Security 97

rastos1 and several other readers noted that the SSL vulnerability we discussed a couple of weeks back, which some researchers had claimed was too theoretical to worry about, has now been demonstrated by exploit. The attack description is available on securegoose.org. "A Turkish grad student has devised a serious, real-world attack on Twitter that targeted a recently discovered vulnerability in the SSL protocol. The exploit by Anil Kurmus is significant because it successfully targeted the so-called SSL renegotiation bug to steal Twitter login credentials that passed through encrypted data streams. All in all, a man in the middle is able to steal the credentials of a user authenticating himself through HTTPS to a trusted website."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

97 comments

Just one phrase that fits. (0)

palegray.net (1195047) | more than 4 years ago | (#30123644)

Holy crap, that sucks.

Re:Just one phrase that fits. (4, Funny)

Bottles (1672000) | more than 4 years ago | (#30123672)

Or 'Goodness, old boy, that's dashed inconvenient!' for us Brits. So two phrases. Gosh.

Re:Just one phrase that fits. (1)

Beardo the Bearded (321478) | more than 4 years ago | (#30123998)

Or in Internet English:

OMGWTF!

Just so I'm clear here, does this mean that SSL, (and thus all https traffic) is compromised, or is it just a specific subset?

I mean, are we talking about just twitter and facebook getting fux0r3d or is this everyone from Amazon to banking to webmail?

Re:Just one phrase that fits. (4, Informative)

crymeph0 (682581) | more than 4 years ago | (#30124538)

Apparently just a specific subset, though it would probably be easy to find other websites with vulnerabilities similar to Twitter's. Basically, although he couldn't directly read the encrypted user name and password passed between Twitter servers and clients, he was able to exploit functionality in Twitter's public API to log the data from the request to a location he could access, including the stuff that had been encrypted in transit.

Re:Just one phrase that fits. (1)

Engeekneer (1564917) | more than 4 years ago | (#30127128)

So you didn't bother to RTFA did you now? It was after all ONE click away and stuff.Apparently just a specific subset, though it would probably be easy to find other websites with vulnerabilities similar to Twitter's. Basically, although he couldn't directly read the encrypted user name and password passed between Twitter servers and clients, he was able to exploit functionality in Twitter's public API to log the data from the request to a location he could access, including the stuff that had been encrypted in transit.

So, added slashdot formatting for you

Re:Just one phrase that fits. (2, Insightful)

Anonymous Coward | more than 4 years ago | (#30124948)

No it just means they will arrest him and throw him in jail next time he visits the USA on holiday.

Re:Just one phrase that fits. (1)

dch24 (904899) | more than 4 years ago | (#30126560)

GET it.slashdot.org/post?user=Anonymous%20Coward&pw=hi HTTP/1.1
Host: it.slashdot.org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-TW; rv:1.9.0.10) Gecko/2009042316 Firefox/3.5.5
Accept: text/html
Connection: keep-alive
Referer: http://88.80.13.160/custom_feed.xml [88.80.13.160]
Cookie: __unam=ff611ea-121c61ef92e-7d0ca25d-4; PHPSESSID=g4cu6pdclgqverrf2a522uofl1

Well, Anonymous Coward will never get caught out this way!

Re:Just one phrase that fits. (0)

Anonymous Coward | more than 4 years ago | (#30127120)

You forgot the pwnies.

Re:Just one phrase that fits. (1)

deek (22697) | more than 4 years ago | (#30124674)

  Crikey! We're rooted!

  Two phrases for us as well, mate. That's fair dinkum.

Re:Just one phrase that fits. (0)

Anonymous Coward | more than 4 years ago | (#30125678)

We Stuffed, Buggered, - this is 'heaps shit' - Australians - (and especially us southern ones) Could have a field day here...

Re:Just one phrase that fits. (1)

grcumb (781340) | more than 4 years ago | (#30125934)

Or 'Goodness, old boy, that's dashed inconvenient!' for us Brits. So two phrases. Gosh.

Or in Californian:

"Duuu-uude..."

That's two phrases as well.

Re:Just one phrase that fits. (1)

von_rick (944421) | more than 4 years ago | (#30123804)

And the person who publicised the security flaw did a great job by trying it out on Twitter (and mentioning it). Hopefully this will make people tweet a tad bit lesser.

In the interim, its quite necessary to patch the SSL protocol to avoid these kind of attacks.

Re:Just one phrase that fits. (3, Funny)

The Archon V2.0 (782634) | more than 4 years ago | (#30124434)

Hopefully this will make people tweet a tad bit lesser.

I fear it's like hoping a large sponge will be able to lower ocean levels a foot. For some people, I'm sure they would only slack off on their Twitter use if the exploit made your computer grow a foot and kick you in the groin every time you tweeted.

Re:Just one phrase that fits. (1)

grcumb (781340) | more than 4 years ago | (#30126298)

Hopefully this will make people tweet a tad bit lesser.

I fear it's like hoping a large sponge will be able to lower ocean levels a foot. For some people, I'm sure they would only slack off on their Twitter use if the exploit made your computer grow a foot and kick you in the groin every time you tweeted.

@me: OWIE PC keeps OW kicking OW REALLY HURTS pics here: http://bit.ly/3423dghe [bit.ly]

Re:Just one phrase that fits. (1)

fractoid (1076465) | more than 4 years ago | (#30124844)

And this person is called Anil Kurmus. I'm not sure what a Kurmus is but I'd prefer not to take one anilly.

Well, I suppose thats another Benefit of Twitter.. (5, Funny)

Monkeedude1212 (1560403) | more than 4 years ago | (#30123710)

It's nice to have a Sandbox for testing the latest and greatest hacks and security protocols, where no one cares about the user and/or what information they've posted on the site.

Re:Well, I suppose thats another Benefit of Twitte (1)

Oewyn (1526739) | more than 4 years ago | (#30124374)

It's nice to have a Sandbox for testing the latest and greatest hacks and security protocols, where no one cares about the user and/or what information they've posted on the site.

How about slashdot? We could make it a game, person who can steal the credentials w/ the lowest UID wins.

Re:Well, I suppose thats another Benefit of Twitte (0)

Anonymous Coward | more than 4 years ago | (#30124450)

...person who can steal the credentials w/ the lowest UID wins.

I win!!!!

Anonymous Coward is '0'

Re:Well, I suppose thats another Benefit of Twitte (2, Informative)

simcop2387 (703011) | more than 4 years ago | (#30124576)

no its not, in the code base its 666

Re:Well, I suppose thats another Benefit of Twitte (0)

Anonymous Coward | more than 4 years ago | (#30125244)

666 is still fairly hard to beat.

Time for some much needed (0)

Anonymous Coward | more than 4 years ago | (#30123746)

FUD!!!!

Don't worry. It'll be fixed soon. (1)

John Hasler (414242) | more than 4 years ago | (#30123750)

As will the next one. And the one after that, and the one after that...

Re:Don't worry. It'll be fixed soon. (2, Funny)

pookemon (909195) | more than 4 years ago | (#30124062)

However the one after that will take a bit longer...

Re:Don't worry. It'll be fixed soon. (3, Funny)

evilpenguin (18720) | more than 4 years ago | (#30125104)

That one burned down, fell over, and THEN sank into the swamp...

Re:Don't worry. It'll be fixed soon. (1)

rubycodez (864176) | more than 4 years ago | (#30125794)

I once asked my russian friend what the slang "pizdets" means, though it literally is vagina it is used like "fucked". He said it was something beyond hopeless, "thing burn to ground, someone drops atom bomb on embers, pigs come and zey shit in zee crater"

Re:Don't worry. It'll be fixed soon. (0)

Anonymous Coward | more than 4 years ago | (#30127040)

it does not mean "vagina" literally, actually. you probably were thinking about 'pizda', which also would be more like 'cunt'

Re:Don't worry. It'll be fixed soon. (1)

pookemon (909195) | more than 4 years ago | (#30126824)

But the fourth one stayed up. And that's what you're going to get, Lad, the strongest castle in all of England

Funny mod's well deserved evilpengquin.

Not worried, fixed already (1, Informative)

Runaway1956 (1322357) | more than 4 years ago | (#30124606)

"Fortunately a version of OpenSSL (0.9.8l) is available which disables renegotiation, which is appropriate for most applications. According to Mr. Kurmu, Twitter seems to have already applied it. Have you?"

http://blogs.iss.net/archive/stealingcookieswiths.html [iss.net]

Unless I'm missing something, I need not worry about the wife, or myself. We both have OpenSSL 0.9.8 but I ain't sure WHAT my sons are using. Windows XP probably doesn't use SSL.

Oh well - I'll just warn them one more time NOT to do internet banking on their Windows machines, and warn as well that their SSL connections may be vulnerable.

Re:Not worried, fixed already (1)

Runaway1956 (1322357) | more than 4 years ago | (#30124710)

Ooops - I spoke to soon. Gotta have OpenSSL (0.9.8l) - that's a letter l at the end, not a number 1. We ain't safe - but I'll be compiling the blasted thing real soon. Debian has no l available in any repository I looked at.

Re:Not worried, fixed already (5, Insightful)

Anonymous Coward | more than 4 years ago | (#30124918)

You are forgiven for the error. Anyone using a letter that could be mistaken for a number in any software version string should be cockpunched with brass knuckles coated in broken glass and lemon juice

Re:Not worried, fixed already (0)

Anonymous Coward | more than 4 years ago | (#30128316)

I'm allergic to lemons.

Re:Not worried, fixed already (1)

sorak (246725) | more than 4 years ago | (#30131826)

That gives me kid Icarus flashbacks...Can I borrow your brass knuckles?

Re:Not worried, fixed already (1)

*BBC*PipTigger (160189) | more than 4 years ago | (#30134966)

I'm compelled wondering what elabor8 && arcane malice you'd devise && visit upon me for my versioning system:

    $majr.$minr.$ptim

e.g., 1.4.9BHD2cg (Major Version 1, [Relatively] Stable Minor Revision 4, Released 2009 Tuesday November 17 13:02:38:42)

    HTTP://Ax9.Org/pt

It utilizes my Base64 (/[0-9A-Za-z._]+/) encoding to store d8 && time (down to 60th-of-a-second frames) utilizing only 7 characters.

    HTTP://Search.CPAN.Org/~Pip

It's handy for me since `ls` automatically sorts such versioned files chronologically && uniformly for efficient identification.

Cheers,
-Pip

Re:Not worried, fixed already (2, Informative)

deek (22697) | more than 4 years ago | (#30126170)

Looks like Debian has backported the security fix. The version with disabled renegotiation is 0.9.8k-6 .

http://packages.debian.org/changelogs/pool/main/o/openssl/openssl_0.9.8k-6/changelog [debian.org]

It's in "unstable" at the moment, but you should be able to download and install it without harm.

Re:Not worried, fixed already (2, Insightful)

Lennie (16154) | more than 4 years ago | (#30130346)

You have to remember it's not a fix. It's a workaround, it just disables part of the protocol.

Their are also new packages for Apache2 for Debian for some other parts that needed to be disabled/changed, but it too is just a workaround.

Their isn't yet a real fix, because it's problem with the protocol it self.

Re:Not worried, fixed already (1)

Eunuchswear (210685) | more than 4 years ago | (#30127480)

Well, the obvious search http://www.google.com/search?q=debian+openssl+%220.9.8l%22 [google.com] comes up with

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555829 [debian.org]

Which ends:

Subject: Bug#555829: fixed in openssl 0.9.8k-6
Date: Thu, 12 Nov 2009 18:48:39 +0000

Source: openssl
Source-Version: 0.9.8k-6

We believe that the bug you reported is fixed in the latest version of
openssl, which is due to be installed in the Debian FTP archive:

[...]

Closes: 555829
Changes:
  openssl (0.9.8k-6) unstable; urgency=low
  .
      * Disable SSL/TLS renegotiation (CVE-2009-3555) (Closes: #555829)

No fix yet for Lenny as far as I can see, but if you're really worried you could install the sid version.

3rd link says it is not MITM but CSRF (0)

Anonymous Coward | more than 4 years ago | (#30123780)

And has already been patched on twitters end last week.

Sweet honeypot revenge (0)

Anonymous Coward | more than 4 years ago | (#30123796)

Oh the deliciousness of it all

Testing times (1)

Wowsers (1151731) | more than 4 years ago | (#30123838)

No doubt some government somewhere around the world will use this to grab as much information as possible before the exploit is patched.

Re:Testing times (2, Interesting)

Gothmolly (148874) | more than 4 years ago | (#30123976)

Do you seriously believe the NSA hadn't exploited this, and other bugs, already ?

Re:Testing times (1)

c6gunner (950153) | more than 4 years ago | (#30124248)

The NSA has Alien Technology from Area 51, and you think they're bothering with silly little SSL man-in-the-middle exploits? Pft. Please leave your tinfoil hat at the door, on your way out.

Really... (0)

Anonymous Coward | more than 4 years ago | (#30124254)

NSA has a lot of resources. They have a lot of clever people working there. (Though I don't know how motivated they are to constantly do their best aftery they get hired.)

That said... It's just a government agency. One large organization. I have large difficulties to believe that they can know (let alone utilize) backdoors to all the big encryption methods/communications softwares/protocols/operating systems and whatnot. And this all without the rest of the world ever finding out details.

Re:Really... (3, Interesting)

AHuxley (892839) | more than 4 years ago | (#30126304)

The NSA is like the DIA, they actually have a real mission, funding and never have "Church report" or ""Oliver North" moment.
The staff rise up via wealthy parents or selection via standardised testing and scholarships/part time work.
Entering the final years of advanced maths and cryptography they are tapped/groomed via security clearances for small projects.
If they show the skills and mindset they are invited in deeper.
Nothing like working in the future, with languages, huge budgets and never having to answer to anyone.
Some burn out, some get the contacts and security clearances to contract back, some exit and go private.
Over history, after ww2, the US has been seen to be very good with hardware and software.
Enigma shows the gold standard, Crypto ag and Soviet penetration shows the ongoing skill set.
The idea that "all the big encryption methods" are safe is rather large risk to take.
The US gifted (as in export laws) the world Apple. IBM, Sun, MS , Unix ect.
Was that just for MS and Apple to sell boxes and get students enjoying the American way of digital life?
"the rest of the world" has sold out and is part of the NSA telco loop, a disputed zone or under constant surveillance.
If your under under constant surveillance, it becomes a known known to have fun with :)

That, or . . . (1)

Tanman (90298) | more than 4 years ago | (#30124086)

they'll just keep posting reading those state secrets right off the spy's twitter . . . yeaaaaaaah.

Kinda bad summary (5, Insightful)

Virak (897071) | more than 4 years ago | (#30123856)

Important part of the article:

He did it by injecting text that instructed Twitter's application protocol interface to dump the contents of the web request into a Twitter message after they had been decrypted.

The only reason it was exploitable was because of Twitter's API. Understandably, I'm not too worried about the rest of the Internet going down in flames any time soon.

Re:Kinda bad summary (5, Insightful)

teh_commodore (1099079) | more than 4 years ago | (#30123898)

Oh good. We're totally fine. It only works on sites that are poorly designed. And Twitter's been patched, so that leaves, well, I guess no one.

Re:Kinda bad summary (3, Interesting)

dimeglio (456244) | more than 4 years ago | (#30124052)

Internet banking is 100% SSL/TLS based. On top of that, most banks, and services like Paypal offer B2B interfaces and APIs. This is not just a problem, this is adding a serious risk to all Internet based transactions. Obviously, Internet merchants and banks are going to downplay this publicly but security consultants just paid their next vacation in the Bahamas.

Re:Kinda bad summary (4, Interesting)

teh_commodore (1099079) | more than 4 years ago | (#30124822)

1) Which banks have an open-to-the-public API?

2) Let's assume you have an answer to 1). The exploit involves dumping text to a public message. If your bank has any sort of messaging feature, it's private. Hell, if your tweets are private on twitter, you were never in danger in the first place.

Re:Kinda bad summary (3, Interesting)

omuls are tasty (1321759) | more than 4 years ago | (#30127172)

Wrong. Your HTTP headers don't end up on your Twitter "blog" (or whatever it's called), they end up on the attacker's.

And as for banks not having a public messaging feature, is Citibank big enough for you?
https://banking.citibank.com/JoinOurOnlineForum/UserGuide.aspx [citibank.com]

But once again, do note that the page where the user's credentials end up doesn't need to be public; it just has to be accessible by the attacker.

Re:Kinda bad summary (0)

Anonymous Coward | more than 4 years ago | (#30131900)

Any sane bank needs a POST request with username/password. Some have multiple POST requests before authentication. Now, that screws any MITM attacks like this SSL renegotiation hole protocol + HTTP. Now, most people will do their banking and sign out. If they don't sign out, the bank will timeout their session so if they are re-connecting, the old credentials will fail and they are back at the login page requiring the POST(s).

So what is vulnerable? Maybe them webaps like gmail and their other apps. Banks, on the other hand, are not. Banks that are vulnerable to this exploit probably lost your money anyway.

Re:Kinda bad summary (0)

Anonymous Coward | more than 4 years ago | (#30128378)

Every Web site has an open API. It's just more or less poorly designed. Having something designed to talk with using a browser does not prevent it from being called by a program. A web site is practically an API, it's just a bit more cumbersome to work with than a Web service API.

Whoosh? (0)

Anonymous Coward | more than 4 years ago | (#30128880)

I think you missed the sound. It was something like: Whoosh!

Re:Kinda bad summary (1)

Jesus_666 (702802) | more than 4 years ago | (#30129138)

Internet banking is 100% SSL/TLS based.

<keith>In America.</keith>

Seriously, though, internet banking has very little in the way of standardization across countries. HTTPS is popular but then you also have HBCI/FinTS (Germany) or SEED (S. Korea) and most likely other local standards in other countries.

I'm happy with my HBCI+Smartcard homebanking. Granted, I need to use proprietary apps for it but I still prefer it over PIN/TAN via HTTPS. With the right card reader (class 2 or 3), not even my computer gets to see my PIN.

Re:Kinda bad summary (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#30123900)

Understandably, I'm not too worried about [everything but Twitter] going down in flames any time soon.

Did someone mention 'having a party'?

Kinda bad article (4, Informative)

Virak (897071) | more than 4 years ago | (#30123960)

Well, I suppose it's my own fault for trusting The Register. After reading the first article, I got curious and went on to check out the technical details of the exploit. What The Register phrases as "it's Twitter's API's fault" is actually "holy fuck you can POST the whole HTTP message to arbitrary locations (hosted on the same server, anyway)", which is a tad bit worse. While the Internet still isn't going to go down in flames, this does open up potential for some sites to get some nasty burns, and in a way they almost surely won't already be protected against, even if the developers aren't idiots.

Re:Kinda bad summary (2, Interesting)

Culture20 (968837) | more than 4 years ago | (#30124046)

He did it by injecting text that instructed Twitter's application protocol interface to dump the contents of the web request into a Twitter message after they had been decrypted.

What's to prevent inserting text that essentially says make this request, and use the same password string to change the user's password? Not all malicious uses of the injection need to be about *getting* data. It doesn't even have to be kids having "fun". Locking a particular [set of] user[s] out of a financial system at a critical time in a financial transaction might benefit someone in organized crime.

Re:Kinda bad summary (3, Funny)

Fred_A (10934) | more than 4 years ago | (#30124774)

The only reason it was exploitable was because of Twitter's API. Understandably, I'm not too worried about the rest of the Internet going down in flames any time soon.

Well I'm not doing my banking on Twitter anymore that's for sure !

Re:Kinda bad summary (0)

Anonymous Coward | more than 4 years ago | (#30127262)

> Well I'm not doing my banking on Twitter anymore that's for sure !

The sad thing about this is that someone actually DID come up with some crazy idea for a way to tweet money to random people...

Re:Kinda bad summary (1)

Fred_A (10934) | more than 4 years ago | (#30127394)

The sad thing about this is that someone actually DID come up with some crazy idea for a way to tweet money to random people...

I suppose it's some kind of corollary to rule 34.
"However stupid the idea, somebody will try to implement it on the Internet"
Which I hereby dub "Fred's rule", unless there is prior art. Which there probably is.

What to do? (3, Informative)

whathappenedtomonday (581634) | more than 4 years ago | (#30123914)

I wondered how this will be addressed and the numerous "it will be fixed, don't worry" posts were not really helpful. TFA was and linked to "a TLS extension to cryptographically tie renegotiations to the TLS connections they are being performed over, thus preventing this attack" draft [ietf.org] .

Good explanation of the bug by TLS spec author (5, Informative)

cullenfluffyjennings (138377) | more than 4 years ago | (#30123932)

A good source of info about what this attack is and how serious it is can be found at
http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html [educatedguesswork.org]

Pizzas (Re:Good explanation .. by TLS spec author) (1)

daveewart (66895) | more than 4 years ago | (#30127698)

His explanation describes how the compromise might work using online pizza ordering as an example. This is a superb way to highlight the risks. No-one wants their pizzas going to someone else, after all.

Goodbye car analogies, Hello pizza analogies :-)

Change in password/auth policy (1)

asdf7890 (1518587) | more than 4 years ago | (#30124006)

Time to switch our systems to using challenge-response auth even when the entire site is carried over SSL...

Of course that means having to store passwords in a for that the server-side code can decode them, which is itself generally a no-no...

Anyone have good ideas for authentication mechanisms that can't be circumvented by this and similar hacks?

Re:Change in password/auth policy (1)

CannonballHead (842625) | more than 4 years ago | (#30124364)

Anyone have good ideas for authentication mechanisms

Genome scans and very large automatic rifles!

Re:Change in password/auth policy (1)

ToasterMonkey (467067) | more than 4 years ago | (#30124452)

Time to switch our systems to using challenge-response auth even when the entire site is carried over SSL...

Umm.. most sites don't use SSL for authentication (client certificates), so I don't know what you're implying. Authentication aside, you still have the equally serious loss of integrity that comes with broken crypto.

theregoestheinternet? Not so fast! (0, Flamebait)

The Orange Mage (1057436) | more than 4 years ago | (#30124038)

FTFA:

Most, if not all, major web applications have implementation level protections against CSRF, such as random nonces in web forms that must be submitted along with any request. Those protection measures are effective against this new SSL man in the middle attack. Therefore, this vulnerability has minimal security impact for most websites and Internet users.

I know this is /., but come on and at least check when it's a claim as big as "theregoestheinternet."

Re:theregoestheinternet? Not so fast! (4, Informative)

cduffy (652) | more than 4 years ago | (#30124104)

You could actually read the rest of the article, in which it indicates that this is not merely a CSRF-equivalent attack (as it was originally taken to be), as opposed to just reposting an out-of-context snippet chosen to make the editors look bad.

Re:theregoestheinternet? Not so fast! (1, Informative)

Anonymous Coward | more than 4 years ago | (#30124180)

And it even links right after that quote to a follow-up post [iss.net] from the same blog that notes that "Unfortunately, the situation is worse than I thought".

The sky is falling (3, Insightful)

LBt1st (709520) | more than 4 years ago | (#30124782)

It would be nice if FireFox updated with detection for sites that would allow this (and other) kinds of attacks.
With shit like this in the wild it's hard to know what sites to trust. /Paranoid

Re:The sky is falling (2, Insightful)

Frosty Piss (770223) | more than 4 years ago | (#30124930)

It would be nice if FireFox updated with detection for sites that would allow this (and other) kinds of attacks.

FF already nags enough.

Re:The sky is falling (1)

John Hasler (414242) | more than 4 years ago | (#30125304)

> ...it's hard to know what sites to trust.

None. The Web is inherently insecure.

Re:The sky is falling (4, Insightful)

socceroos (1374367) | more than 4 years ago | (#30125740)

People ought to stop blaming "The Web" as being inherently insecure. As much as you drill down into it, when party1 communicates with party2 and party1 isn't intimately familiar with party2's identity then transactions of information will always be prone to being exploited. This goes for human interaction (face to face) as well as human-to-computer interaction.

Frankly, I'd rather have an insecure internet than have an internet where everyone's identity was fully exposed and documented.

Re:The sky is falling (1)

LBt1st (709520) | more than 4 years ago | (#30126516)

I agree, hence why I use a whitelist to prevent sites from using any scripting on my machine. I even whitelist cookie usage. But this exploit is on a whole new level.

Re:The sky is falling (0)

Anonymous Coward | more than 4 years ago | (#30125616)

It would be far nicer if Godzilla attacked FireFox and completely destroyed it since it is nothing more than a steaming stinking pile of poop.

Securing Servers (4, Informative)

StartCom (1018308) | more than 4 years ago | (#30124846)

Obviously such attacks are possible because of the application security, renegotiation just makes it easier. BTW, here is a tool to check if your server is vulnerable to renegotiation attacks: https://www.ssllabs.com/ssldb/ [ssllabs.com]

BTW, clients (e.g. browsers) are pretty save - there is NO need to panic!!

Debian Linux (2, Interesting)

jchawk (127686) | more than 4 years ago | (#30124856)

For what its worth Debian released an update to Apache and guidance on how to mitigate the vulnerability.

They did indicate that this was only a work around and a protocol redesign would be required in order to completely fix the vulnerability.

I wonder how many people just simply aren't paying attention and will get burnt by this problem. I want to believe not many but I honestly know better...

Re:Debian Linux (1)

XanC (644172) | more than 4 years ago | (#30125478)

Well, that's nice, but there are many other web servers and proxy servers in Debian which are still vulnerable. And from what I can tell, there are no plans to fix the root vulnerability in stable. What are we supposed to do?

Re:Debian Linux (0)

Anonymous Coward | more than 4 years ago | (#30125780)

yes i just updated, and now the certificates i have all look the same. diff +//return random -return(randomFoo() ); +return(4);

Christmas gift.shoes,handbags,ugg boot,Tshirts, (0, Offtopic)

coolforsale107 (1679900) | more than 4 years ago | (#30125134)

http://www.coolforsale.com/ [coolforsale.com] Best quality, Best reputation , Best services Our commitment, customer is God. Quality is our Dignity; Service is our Lift. Ladies and Gentlemen weicome to my coolforsale.com.Here,there are the most fashion products . Pass by but don't miss it.Select your favorite clothing! Welcome to come next time ! Thank you! Air jordan(1-24)shoes $33 Nike shox(R4,NZ,OZ,TL1,TL2,TL3) $35 Handbags(Coach lv fendi d&g) $35 Tshirts (Polo ,ed hardy,lacoste) $16 free shipping competitive price any size available accept the paypal Thanks

One of the key parts (1)

trifish (826353) | more than 4 years ago | (#30127306)

From TFA: "To be sure, Kurmus's attack only worked because Twitter's API allowed him to post the captured data steam to a tweet that he was then able to retrieve."

Twitter is serious (1)

CrashandDie (1114135) | more than 4 years ago | (#30127430)

I can't help but smile at the title and subtitle of TFA:

Researcher busts into Twitter via SSL reneg hole
Yes, it's a serious vuln

So now we assess the gravity of the situation based on Twitter? Awsm.

hmmmmm (3, Funny)

nimbius (983462) | more than 4 years ago | (#30127992)

looks like we're all well and truly fucked.

Microsoft should have a patch in about 8 years, Apple will have lashed its developers until there are no further utterances of this problem, Adobe will ask what model phone does it affect, Oracle will ship another box of stupid mugs and tshirts to me as soon as I complain about the vulnerability, Dell will insist i continue to wait for the DRAC to load its SSL page, and i think most importantly my bank will have little, if ANY clue what im talking about.

I need about, say, a million open source eyes on this problem. Gentlemen, the internet appears broken and im offering beer to fix it.

This says it all... kinda (1)

rgviza (1303161) | more than 4 years ago | (#30128512)

"every request sent over the microblogging site includes the account holder's username and password"

Retarded design. However this attack could just as easily be used to dump a session id from a well designed site with the same end result. This is bad bad bad...
The attacker could, once in the user's session, change their password and email address and hijack the account.

Here's the thing... (1)

mea37 (1201159) | more than 4 years ago | (#30130762)

Don't get me wrong, I think the initial "this isn't a practical problem" response to the SSL reneg vulnerability is a serious mistake. A major facet of security is knowing what the system is doing; if the system is doing something unexpected that none of the legitimate users can anticipate, then there is a potential for severe security problems. This is one of the big reasons why I wish people who think "it works so I don't have to know why" would leave the programming industry and do something more suited to that way of thinking.

HOWEVER, the people who should be really embarrased from a security standpoint are twitter. Why does their API have a function that causes the user's password to be written to anywhere in cleartext?!? That's just bat-shit crazy. And as I understand it their workaround is to disable reneg instead of addressing the application-level problem? (If they'd done both, I'd say the response were at least on the ball...)

To be clear - if there's a feature of twitter that depends on writing out user credentials in cleartext, feel free to enlighten me; but my response will assuredly be "then that feature is not worth the risk and should not exist".

Security Dude (1)

codeedog (1680396) | more than 4 years ago | (#30133202)

The fundamental problem is that the password (or its material) is sent through the encrypted SSL channel instead of being integrated into it. The SSL negotiation should use the password to (re)generate the shared secret. If the server doesn't have the password (or password derived bits), it won't be able to communicate with the client. Similarly for the client. Why does this matter? A Man In The Middle attack is more difficult to stage because the client can detect that the middle man has no knowledge of the password during the secret key negotiation phase. It is still possible for the MITM to guess the key (at chance) and depending upon the protocol, the MITM might be able to extract information about the password that allows better than chance guessing; this all depends upon the design of the protocol. There are plenty of protocols out there both freely available and patented that solve this problem. The patent for Encrypted Diffie Hellman has just expired and ought to be used by everyone, now. The problem is that SSL hardware accelerators won't work as expected, since they take the server key and pass the client credentials (password or its derived material) back to the application server for login. With an updated (more secure system), the password verifiers will have to be pushed down into the hardware accelerators, which means the hardware accelerator will have to "know" about the users, keep a user database. IT nightmare. Plus, that accelerator is sitting at the network edge, so you've got all of the user/password verifier info residing in close proximity to the internet (and hackers). I still think it's better than sending your password (material, verifier) over a channel to a remote server. Anyone can be tricked into doing it.
Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...