Expert calls SSL protocol vulnerability a non issue

By Robert Westervelt, News Editor 05 Nov 2009 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

SearchSecurity.com: To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Two security researchers are calling for an industry-wide response to fix a serious vulnerability they discovered in the SSL protocol, used widely on the Internet for secure data transfers. But a noted network security researcher says the vulnerability has very little impact on most users and will not result in data loss.

Moxie Marlinspike, a security researcher who has discovered high- profile security flaws, said the vulnerability has extremely limited value in practice. The attack is not designed to intercept traffic. Instead code is injected revealing nothing to the attacker, Marlinspike said.

"It has virtually no impact on the majority of users in the common case of how SSL/TLS is deployed," Marlinspike wrote in an email message. "It doesn't affect your webmail, online banking or online shopping experience."

The two researchers who discovered the problem, Marsh Ray and Steve Dispensa of Overland Park, Kan.-based security firm PhoneFactor Inc., are calling for an industry-wide fix to patch and protect Web servers, database and mail servers, as well as Web browsers and other tools that use the technology. In an interview with SearchSecurity, Ray said the potential is there for an attacker to mount a man-in-the-middle attack, sniffing Internet traffic to steal sensitive data.

SSL vulnerability: SSLstrip hacking tool bypasses SSL to trick users, steal passwords: Moxie Marlinspike explains how his hacking technique fools Web users into thinking they are on an SSL-protected site, leaving them feeling quite safe, but pwned all the same.  How to secure SSL following new man-in-the-middle SSL attacks: Man-in-the-middle SSL attacks at Black Hat D.C. exposed a flaw in the https structure, so how can you avoid such an attack at your enterprise?

"All clients and servers that speak SSL/TLS will need a patch of some form or the other," Ray said. "The security benefits of SSL/TLS will not be fully restored until both the client and server sides of the communications are patched, and at some point in the future people will need to decide if they no longer want to talk to an unpatched client or server."

Marlinspike, who demonstrated his SSLStrip tool in February at the Black Hat DC briefings, said the attack is dependent on client-certificate authentication, a rarely deployed authentication protocol designed to make users contact an SSL server to authenticate instead of, or in addition to a password.

"Basically, in the context of HTTP, this is a non-issue and is no different than much more straightforward [cross-site request forgery] CSRF techniques," Marlinspike said. "It's possible that this attack might actually be something other than academic for protocols other than HTTP, but there have yet to be any proposals for how it might be."

Ray said he has been able to reproduce the problem in a way that did not involve client- certificate authentication, although the technique is much more difficult. He said the presence of client certificates makes mitigation strategies much more difficult. It's unclear, he said, how many websites use client- certificate authentication for renegotiation.

"Web services and SOAP type connections tend to use client certificates a lot," Ray said. They're at the core of a lot of smart card systems as well."

The attacker must first find a way in via the network, such as an insecure wireless access point or a compromised router. Once in, the vulnerability allows the attacker to inject himself into the authenticated SSL communications path and execute commands, the researchers said.

Karsten Nohl, a security researcher who was part of a team that broke the crypto algorithm in the Mifare Classic RFID-based smart card, called the flaw serious. He stopped short of calling it a "Kaminsky-grade" threat for Internet users.

"Most people are already not checking for the padlock symbol, but [man-in-the-middle]is still hard," Nohl said. Fixing the bug, however, will require the SSL stacks in hundreds of millions of automated networked devices that automatically exchange data."

The bug can be expected to be around for many years giving cybercriminals a chance to create a different attack scenario, said Nohl who works for security consultancy H4rdw4re LLC.

"Companies and agencies that already control parts of the Internet were incidentally given a large abuse potential through this vulnerability," he said.

SearchSecurity radio:

The two researchers have been working with ICASI (Industry Consortium for Advancement of Security on the Internet) to coordinate an industry- wide fix for the problem since they discovered the flaw in August. The vulnerability became publicly known on Wednesday when a member of an Internet Engineering Task Force (IETF) working group independently discovered the issue and posted it to an IETF mailing list.

Ray said he discovered the flaw during code review on some software used to implement the Phonefactor two-factor authentication service. He traced it down through several layers and developed a working exploit. On Sept. 29, he presented his findings to industry consortium at Google's campus in Kirkland, Wash.

"It is complex and tricky to implement so I didn't want to ring alarms until I was absolutely sure of what I had," Ray said. "We tried very hard to get the right people in a room and give them time to hammer out solution before the vulnerability was made public.

Tags: Network Protocols and Security,  SSL and TLS VPN Security,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Network Protocols and Security How to keep networks secure when deploying an 802.11n upgrade How to prevent phishing attacks with social engineering tests How SSL-encrypted Web connections are intercepted DNSSEC deployment challenges can be overcome Microsoft issues SMB vulnerability advisory, patch pending Microsoft repairs Windows media, TCP/IP vulnerabilities How to test IPv6 infrastructures DNSSEC deployments gain momentum since Kaminsky DNS bug Kaminsky interview: DNSSEC addresses cross-organizational trust and security How to create secure Windows FTP automation SSL and TLS VPN Security US CERT warns of clientless SSL VPN vulnerability How SSL-encrypted Web connections are intercepted Best Remote Access Products How to set up a split-tunnel VPN in Windows Vista Securing the intranet with remote access VPN security A short enterprise VPN deployment guide Creating an SSL connection between servers Can S/MIME, XML and IPsec operate in one protocol layer? Can secure USB devices prevent man-in-the middle attacks How to secure SSL following new man-in-the-middle SSL attacks

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary 5 terms you need to know before you employ VoIP  (SearchSecurity.com) digest authentication  (SearchSecurity.com) IGP  (SearchSecurity.com) IP spoofing  (SearchSecurity.com) Secure Sockets Layer  (SearchSecurity.com) smurfing  (SearchSecurity.com) Transport Layer Security  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary