Language Selection

English French German Italian Portuguese Spanish

Another Protocol Bites The Dust

Filed under
Security

For the last 6 weeks or so, a bunch of us have been working on a really serious issue in SSL. In short, a man-in-the-middle can use SSL renegotiation to inject an arbitrary prefix into any SSL session, undetected by either end.

To make matters even worse, through a piece of (in retrospect) incredibly bad design, HTTP servers will, under some circumstances, replay that arbitrary prefix in a new authentication context. For example, this is what happens if you configure Apache to require client certificates for one directory but not another. Once it emerges that your request is for a protected directory, a renegotiation will occur to obtain the appropriate client certificate, and then the original request (i.e. the stuff from the bad guy) gets replayed as if it had been authenticated by the client certificate. But it hasn’t.

Not that the picture is all rosy even when client certificates are not involved.




Vulnerability in SSL/TLS protocol

h-online.com: According to reports, vulnerabilities in the SSL/TLS protocol can be exploited by attackers to insert content into secure connections. If this is correct, it would affect HTTPS and all other protocols which use TLS for security, including IMAP. The precise effects of the problem are not discussed in the reports. It would, however, appear to be possible to manipulate HTML content from websites during data transfer and, for example, inject malicious code.

The crux of the problem is, rather than a flawed implementation, a design flaw in the TLS protocol when renegotiating parameters for an existing TLS connection. This occurs when, for example, a client wants to access a secure area on a web server which requires the requesting client certificates. When the server establishes that is the case, it begins a renegotiation to obtain the appropriate client certificate. The original request gets replayed during this renegotiation as if it had been authenticated by the client certificate, but it has not. The discoverer of the problem describes this as an "authentication gap".

Rest Here

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

FreeBSD 10.1 Has The New VT Driver, Hardware Improvements

Released this past week was the first beta of FreeBSD 10.1. If you haven't yet had time to explore this development release, there's a lot of improvements over FreeBSD 10.0. Here's some of the features that interest us the most about this forthcoming FreeBSD 10 update: - The driver for FreeBSD's new VT console has been added. The new VT hasn't been enabled by default but for now still requires setting a special parameter. - The ported-from-Linux Radeon DRM/KMS driver now has support for 32-bit ioctls so 32-bit OpenGL applications are able to run on a 64-bit FreeBSD system. - Various hardware-related improvements from Turbo Boost enabled Intel CPUs to PowerPC 970 CPUs to Atom Silvermont to Apple books saw different changes. - Bhyve virtualization improvements. Find out more about the recent FreeBSD 10 changes via the stable release notes. FreeBSD 10.1 is expected for an official unveiling on 29 October. Read more

Android tablet records and recreates 3D scenes

Mantis Vision and Flextronics unveiled an Android-based “Aquila” tablet based on Mantis’ MV4D 3D engine that uses a 3D sensing system to recreate 3D scenes. So-called 3D tablets, which display 3D video and other content with or without special glasses, never hit it big among consumers. Now Israeli 3D vision technology firm Mantis Vision and manufacturer Flextronics have built a different kind of tablet called the Aquila. It not only displays 3D content, but records, recreates it, and lets you manipulate the image in 3D or integrate it into applications. Read more

REVIEW: How to turn a Raspberry Pi in to an NSA-proof computer

One of the Pi's key attributes is its price of around £30. It is the nearest thing we have to a disposable computer and several can be used cost-effectively in a single project. A recently publicised use is the creation of a string of Raspberry Pi honeypots for detecting hacker activity on a corporate network. Given CW's enduring preoccupation with the surveillance programs of our Establishment masters, would it be, could it be possible to create a disposable, network-invisible computer? Read more

Android L