SSL Renegotiation Attack Becomes Real 97
rastos1 and several other readers noted that the SSL vulnerability we discussed a couple of weeks back, which some researchers had claimed was too theoretical to worry about, has now been demonstrated by exploit. The attack description is available on securegoose.org. "A Turkish grad student has devised a serious, real-world attack on Twitter that targeted a recently discovered vulnerability in the SSL protocol. The exploit by Anil Kurmus is significant because it successfully targeted the so-called SSL renegotiation bug to steal Twitter login credentials that passed through encrypted data streams. All in all, a man in the middle is able to steal the credentials of a user authenticating himself through HTTPS to a trusted website."
What to do? (Score:4, Informative)
Good explanation of the bug by TLS spec author (Score:5, Informative)
A good source of info about what this attack is and how serious it is can be found at
http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html [educatedguesswork.org]
Kinda bad article (Score:5, Informative)
Well, I suppose it's my own fault for trusting The Register. After reading the first article, I got curious and went on to check out the technical details of the exploit. What The Register phrases as "it's Twitter's API's fault" is actually "holy fuck you can POST the whole HTTP message to arbitrary locations (hosted on the same server, anyway)", which is a tad bit worse. While the Internet still isn't going to go down in flames, this does open up potential for some sites to get some nasty burns, and in a way they almost surely won't already be protected against, even if the developers aren't idiots.
Re:theregoestheinternet? Not so fast! (Score:5, Informative)
You could actually read the rest of the article, in which it indicates that this is not merely a CSRF-equivalent attack (as it was originally taken to be), as opposed to just reposting an out-of-context snippet chosen to make the editors look bad.
Re:theregoestheinternet? Not so fast! (Score:1, Informative)
And it even links right after that quote to a follow-up post [iss.net] from the same blog that notes that "Unfortunately, the situation is worse than I thought".
Re:Just one phrase that fits. (Score:5, Informative)
Re:Well, I suppose thats another Benefit of Twitte (Score:2, Informative)
no its not, in the code base its 666
Not worried, fixed already (Score:2, Informative)
"Fortunately a version of OpenSSL (0.9.8l) is available which disables renegotiation, which is appropriate for most applications. According to Mr. Kurmu, Twitter seems to have already applied it. Have you?"
http://blogs.iss.net/archive/stealingcookieswiths.html [iss.net]
Unless I'm missing something, I need not worry about the wife, or myself. We both have OpenSSL 0.9.8 but I ain't sure WHAT my sons are using. Windows XP probably doesn't use SSL.
Oh well - I'll just warn them one more time NOT to do internet banking on their Windows machines, and warn as well that their SSL connections may be vulnerable.
Securing Servers (Score:4, Informative)
Obviously such attacks are possible because of the application security, renegotiation just makes it easier. BTW, here is a tool to check if your server is vulnerable to renegotiation attacks: https://www.ssllabs.com/ssldb/ [ssllabs.com]
BTW, clients (e.g. browsers) are pretty save - there is NO need to panic!!
Re:Not worried, fixed already (Score:3, Informative)
Looks like Debian has backported the security fix. The version with disabled renegotiation is 0.9.8k-6 .
http://packages.debian.org/changelogs/pool/main/o/openssl/openssl_0.9.8k-6/changelog [debian.org]
It's in "unstable" at the moment, but you should be able to download and install it without harm.