 Smokey Bearveritas odium paritPremium
join:2008-03-15
Annie's Pub
kudos:4 | Poor SSL Implementations Leave Many Sites At Risk Resume DarkReading article:
said by DarkReading :Flawed implementations of the Secure Sockets Layer encryption algorithm could be exposing Websites to attack and compromise, according to new research scheduled to be released later this month. Rodney Thayer, a researcher at security consulting firm Canola & Jones, is working on a paper about SSL vulnerabilities that will be presented at the Chaos Communication Camp (CCC) hacker conference in Berlin at the end of this month. The paper outlines the results of tests he conducted using simple search engines and his knowledge of cryptography and SSL certificates. Although the paper outlines 31 different SSL issues, many of the problems are of a common ilk, Thayer says. One of the most common is configuration error. "I saw a lot of retail sites, for example, that offer users access to both » www.store.com and then just store.com," Thayer says. "They may think they're making things more convenient for the user, but that sort of thing can really wreck the functionality of SSL certificates." In many other cases, Thayer found sites that were operating on expired certificates or were using outdated technologies, such as SSL 2 or the 40-bit RC-4. "There's absolutely no reason why anybody should be using SSL 2, which has proven to be vulnerable," he says. "And in most cases, using RC-4 would be a reason for a retailer to fail a PCI audit. These are technologies that shouldn't be out there anymore." While much of the blame for these faults lies with the companies who operate the Websites, the research also suggests there may be a strong need for better standards and practices among SSL certificate authorities, Thayer says. "In my research, I found something like 247 certificate authorities that are considered to be legitimate, ranging from the best-known authorities like VeriSign to some small organization in Turkey that will provide certificates for free," Thayer says. "There are no real industry standards for what constitutes a certificate authority." And in most cases, the certificate authorities don't have a process for continually testing the validity of SSL certificates and warning sites when they fall out of line. "I understand that they can't check every site, but when they're acting as the authority for a company that has 300 different certificates, they should have a way to say, 'Dude, you're out of line,'" Thayer says. »www.darkreading.com/security/enc···WEEKLY_T
--
Smokey's Security Forums »www.smokey-services.eu/forum/
Smokey's Security Weblog »smokeys.wordpress.com/
** Merry Christmas and Safe 2009 Surfing Habits to All ** |
|
 nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7
 ·AT&T U-Verse
| Nothing surprising here.
The whole SSL system is poorly designed. The primary design aim appears to have been to provide income to CAs (self appointed certification authorities).
Best would be to junk it, and start over.
</soapbox>
--
AT&T dsl; Westell 327w modem/router; openSuSE 11.0; firefox 3.0.5 |
|
 swhx7Premium
join:2006-07-23
Elbonia | What would a better system look like? |
|
| reply to Smokey Bear
said by Smokey Bear:..."I understand that they can't check every site, but when they're acting as the authority for a company that has 300 different certificates, they should have a way to say, 'Dude, you're out of line,'" Thayer says. This may be OK with that Turkish organization that provides certificates for free but I'd certainly expect more from Verisign or say...Thawte where certificates ain't cheap. |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| reply to swhx7
What would a better system look like? For most people, they would be provided a public key by their bank or credit card company. They would only trust certificates signed by that public key (or those public keys if they have several credit card providers).
This cannot work with X.509, because an X.509 key allows only one certifier. With the PGP key standards, you can have multiple certifying keys. When a web commerce site sets up business, it gets approval from Visa and Master Card to accept charges. They would also ask Visa and Master Card to provide certifying keys on their PGP based security certificate.
For an end user, the trust in site certificates would be derived from the trust relationship they already have with their banking institutions.
--
AT&T dsl; Westell 327w modem/router; openSuSE 11.0; firefox 3.0.5 |
|
swhx7Premium
join:2006-07-23
Elbonia | Fine for bank and credit card accounts, but what about all the other sites one may need/want encrypted connections to? I assume you don't mean that they would all need approval from financial companies.
For SSH I guess we rely on DNS at the key exchange on the first connection - that's the only quick way an ordinary user can be relatively sure the handshake stuff is being done with the right server.
For arbitrary websites a "PGP-like system" seems like an interesting idea. Basically, A encrypts transmissions to B with B's public key - including maybe A's public key on the first round - and B encrypts transmissions to A with A's public key, correct?
Would it then be secure to post the public keys on the sites themselves? Or some other side channel? At a glance I'd say that's where attacks would be. |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Fine for bank and credit card accounts, but what about all the other sites one may need/want encrypted connections to? I assume you don't mean that they would all need approval from financial companies. I was just giving an example that would fit the most common use. Sure, there could be other keys you would trust, not just those of your bank.
For arbitrary websites a "PGP-like system" seems like an interesting idea. Basically, A encrypts transmissions to B with B's public key - including maybe A's public key on the first round - and B encrypts transmissions to A with A's public key, correct? The description you give for PGP also adequately describes the current system. The difference between the two is in the issue of trust. The PGP trust mechanism (the "web of trust") is roughly similar to the trust arrangements you make in every day life. With the current SSL, you trust a site because your operating system or browser says you should - and that is no basis for trust at all, in my opinion.
The technical difference is that the X.509 certificate allows only a single certifying signature (a single point of failure), and trust in the signer is established by the operating system or browser developer. A PGP public key certificate can have multiple signatures, and you decide for yourself which signatures to trust. My banking example was to illustrate how trust could be decided by non-technical folk.
--
AT&T dsl; Westell 327w modem/router; openSuSE 11.0; firefox 3.0.5 |
|
 therube
join:2004-11-11
Randallstown, MD | reply to Smokey Bear
On the end user side, you can verify that these insecure implementations are blocked.
They (SSL2) have been so for some time now in Mozilla products, & I would assume that it would that way in IE too?
Sample website, »www.bcms.gov.uk/bcms/wctd0001.htm.
To load that page, you would need to specifically enable both SSL2 (security.enable_ssl2) & security.ssl2.rc2_40 (in Mozilla).
SSL v2 Sites |
|
|
|
swhx7Premium
join:2006-07-23
Elbonia
1 edit | reply to nwrickert
It seems that a PGP-like system as described would be better for everyone - but I may be missing something. Why hasn't it been done? I mean, is it just resistance for commercial reasons, or is there some technical objection?
The reason PGP hasn't caught on is that it hasn't been made user-friendly in mainstream software.
Also, implementations would have to be interoperable. It would take a (new?) standards proposal, and sample code for an open source browser. Maybe it could be done in a plugin for a Mozilla browser. |
|
