This is fantastic news
A fully encrypted internet would be safe from Wacky's censorship, Phorms pharming, and various ISPs' "traffic shaping". Will it now happen?
Well, banks *certainly* aren't going to continue to use insecure methods for online banking. They've lost enough cash already in the last 12 months and aren't enjoying the current media spotlight on their attitudes to risk. They will simply change to https-only web-sites. Similarly, no browser vendor will want the bad publicity of displaying a padlock when the protocol is known to be insecure, so they will tweak their browser to prevent the http/https flipping that the article notes as part of the problem. The pressure is then on for everyone else (online shopping, certainly) to offer https-only sites simply to avoid being tarred with the "tainted" brush.
Isn't it more or less exactly what an web entry server does, although in a legitimate way? Sitting in the middle between the user's browser and target website, establish an SSL connection with the web site, provide the user with a valid certificate and make him belief that he's directly and securely connected to the target? Unless you check the certificate you won't notice.
Or is it me being a bit thick...
Try one of these:
"Many webmasters still configuring SSL badly"
"Many users still do not check the target URL for 'https'"
"Hacker cannot defeat SSL, so attacks badly designed websites"
Why not try another security scare that has been around for years:
"Web browsers do not always handle unicode securely"
"Web journalist uses factually incorrect alarming title to get a few extra hits"
and so a new t-shirt was born
and its legend bore: "encrypt everything"
the warm, fuzzy and open days of the internet are now over, we are standing on the precipice gazing down into a future where wars will be fought, knowledge will truly become power and ignorance will be no defence.
Let me get this straight
"Sadly, the Tor users entered passwords even though the addresses in their address bars didn't display the crucial "https."
But if you were running https to Tor they'd be able to read them anyway!
Article has confused SSL with browser UI
This is not a flaw in SSL at all. No change to the SSL protocol (or its latest version, known as TLS) is needed. SSL has not failed to do its job. This is a failure of browser UI. It's a failure of the browser's address bar to adequately inform the user of the source of the https page that the browser is displaying. By incorrectly identifying this problem as an SSL protocol flaw, the article suggests that all of the many applications that use SSL are at risk. If it were true that only browsers use of SSL then perhaps a browser UI failure could be equated with an SSL protocol failure. But browsers are NOT the only users of SSL, and it is simply WRONG to state that this browser UI failure represents a weakness in a security protocol that protects many other applications that are not fooled in this manner.
So what's the problem?
Just turn on encryption for everything. Make it easy for people to do this.
Is there some huge technological barrier that prevents this? Or a better way of validating that the page is still encrypted?
I'd like to make a suggestion: Browsers can detect- mostly- when there are username and password fields in use. No idea how they do that. But use that functionality to detect when usernames and passwords are being entered into a non secure site- then flag it up as "Warning! This site is not secure. Pester the sysadmin to secure it."
Also, it's not a "hole [that's been] poked in the secure sockets layer". It's a way of circumventing it- your properly-SSLed data is just as secure as it used to be.
Man in the middle attacks have been the bane of encrypted connections where the encryption session is set up purely over the vulnerable connection since their creation. This is just a slightly new twist on a long known problem. It doesn't make it any easier to break into encrypted connections though than existing methods.
The only way we can have somewhat secure encrypted connections is if the keys used to setup the encrypted link are passed separately. One potential method would be to send the required encryption keys via mobile phone in a text message. This is still vulnerable if a hacker can intercept your text messages from your mobile connection as well as your internet connection but of course protects you from internet based man in the middle attacks at least.
This is why you should never use Tor for personal stuff, you see the problem with Tor is that it anonymises you- it's near impossible to tell where data is coming from, but it isn't a security boost. People can grab your data and perform MITM attacks over Tor easily so if you're using it to access information it's no big deal if someone steals your HTTP requests and the the HTTP responses from Wikipedia or whatever, but if you start accessing your bank, or Paypal over Tor you're actually less secure than not using it because any old joe using Tor may be able to grab it including who you are due to your login details whilst at least a direct connection via your ISP is somewhat trusted. Anyone using Tor for security is an idiot, because if anything it decreases security.
Also, this is why people shouting "encrypted connections!!!!" as a solution to packet shaping and such are utterly naive because your ISP is one of the few entities that can actually peform MITM attacks on you to break that encryption. This would likely be a legal grey area for them but as the law has in recent years swayed strongly towards allowing maximum snooping and ensuring minimum privacy I would not be suprised if the courts or the government were to decide that ISPs can in fact break your encrypted links to see what's in there.
If we're going to have truly secure encryption for P2P and such we'd need to start working outside of the net- passing encryption keys via text message to mobile phones and such but of course if anyone can intercept net connections AND mobile phone texts then it's the police.
Moral of the story? If you want truly secure data connections across the net, make sure you setup a secure tunnel where keys are passed to each other in person and that no one else may gain access to them.
As it stands, SSL is good enough for banking and online shopping for as long as our ISPs and the underlying internet backbones on which we rely to access these services remain trustworthy. It is however not in anyway anything other than an illusion of security if you want to ensure that no one at all can access your communications.
>Marlinspike said he later disposed of all personally identifiable information
= But kept the login details for the more interesting sites.
Was I the only one...
...who went and checked their "critical" bookmarks point at an https link?
Question - would checking the certificate not expose this? If the browser is a "toast" pop-up and detailing certificate info, surely the attack would become obvious.
... sorry to be a pedant, "through several clever slights on hand" is all wrong. The expression is "by sleight of hand' as in like a magician's card trick or disappearing handkerchief.
I'm pretty sure you can't have a plural 'sleights' either. Maybe "through several clever tricks" would have sufficed.
And now I really must get out....
Moral of the story
a) Don't price EV certificates out of the market. Most clients I know won't bother because the cost/benefit ratio is all wrong
b) Encrypt everything.
I can't see either happening in the near term, to be honest.
interesting sites ?
If there are any interesting sites on the web, I demand to know where they are!!
(It's certainly not my bank's, these days).
Paris, coz she might know a little about poking in the third hole.
As I understand it...
From what I inferred from the article - this works by stripping the "s" from https, in links and the like?
So if your SSL is running under a sub-domain "ssl.example.com" rather than "www.example.com" with a different document root outside the web-tree - then all that will happen is you'll get 404 errors? Unless it also rewrites "ssl" to "www".
On Apache - will this manage to spoof the server environment variable HTTPS?
Thus circumventing something simple (as a PHP example):
header("Location: https://ssl... yadda yadda yadda");
... although that could end up in a terminal loop I suppose.
The answer is simple really (possibly)
Users should have a certificate unique to themselves, then use a system like OpenDNS where a personal image is displayed as part of the webpage, that is only known to the user and only accessible with the users certificate.
A complication to this are the issues with dodgy certificate providers etc....
Seems to me to be few realistic options to make the internet entirely secure as my data is passing through so many third parties, legitimate or otherwise, webpages are loaded from cached information all over the planet, not impossible to compromise. Even packet inspections like phorm (probably really a trick by the security services with advertising as the front) are springing up.
Unless I have a very personal relationship with the target organisation in advance of even visiting their site, there seems to me to be little chance of creating any certainty.
@ Ken Hagan
Not sure if you posted without reading my previous comments but with regards to your comment:
"A fully encrypted internet would be safe from Wacky's censorship, Phorms pharming, and various ISPs' "traffic shaping". Will it now happen?"
I'm afraid that's simply not true, ISPs are one of the few entities that can easily perform man in the middle attacks on the internet. The only thing preventing them snooping encrypted internet access is fear of legal repercussions, they can quite easily if they wished break and observe or even modify encrypted connections if they so wished.
The problem is though as I see it, even the legal repercussions aren't a long term safeguard. I do not believe it would take long, should everyone start encrypting everything for our current Labour government to nullify any protection these laws might give citizens. I am pretty convinced Labour would be more than willing to allow ISPs to perform MITM attacks on users encrypted connections under the guise of "counter-terrorism" whilst simultaneously allowing them to use that facility for their own business purposes- i.e. traffic shaping and phorm.
Do not be confused by the common misunderstanding that encrypted connections are a be all and end all solution. They're only safe as long as we can be sure no one will perform MITM attacks on them and your ISP, BT and the various other service providers that handle any kind of routing and transit across the internet of your traffic are the ones we are depending on here.
The best we have right now is to hope that ISPs snooping encrypted traffic by forging keys/certs remains a major taboo and in that situation encrypted traffic is indeed safe, it's not guaranteed to be forever though and one might wonder if some ISPs with their ignorance of data protection laws (I'm looking at you BT- Phorm) are already using this kind of attack anyway.
Me? I'm keeping my fingers crossed we get a new government in that is a bit more concious of privacy rights before Labour can enact laws that will open the door for ISPs legally being able to snoop on data sent via encrypted connections. Personal I'll vote Lib Dem, not perfect for sure, but the only party other than the greens that truly seems interested in civil liberties to the point they'd reverse some of the damage Labour has done. If they can at least get enough votes to hold the balance of power it's enough to prevent a further slide- I'm not convinced the Conservatives as a whole would really be any better than Labour sadly even though they have one or two individual MPs like David Davis who does seem to care.
"Just turn on encryption for everything. Make it easy for people to do this.
Is there some huge technological barrier that prevents this? Or a better way of validating that the page is still encrypted?"
Yes. You can't use Virtual Hosts with SSL, so every Encrypted site needs its own IP address.
All certs should be EV
But by that I don't mean everyone should pay loads of cash for an EV cert, I mean that nobody should be issuing certs without checking.
Browsers should be installed without the cheap and dirty registrars available. Those that are know to not be trustworthy should be removed from the list in browser updates.
This is a social problem. TLS itself is rock solid.
Does this therefore mean that new legislation/guidelines and the attitude of government/law-enforcement that views encryption as something to raise suspicions in itself (terrorism, fraud, illegal porn etc) will now have to be revised? I don't bank on that happening quickly. But if we're to use encryption for simple online security, then they must.
Surely tthe main moral of the story is "don't use bank sites through hotspots"?
I realise that man in the middle attacks don't _have_ to happen in public hotspots -- but I have always been under the impression that you should never use even and encrypted website through an untrusted|unencrypted medium?
"the tool uses a proxy on the local area network that contains a valid SSL certificate"
You'd have to identify yourself to get such a certificate, right?
third or forth time in half a year...
that the register has reported some encryption standard as "broken" and when you read the article it turns out that the author either hasn't understood the attack enough to realise the encryption hasn't been exploited at all or knows that and is trying to cause a stir with the aim of creating traffic. The overall problem with this is that it makes the rest of the articles on the reg look like a joke too.
There again, when you see the amount of morons that come out to flame any "Linux" related article you can see how "sexing up" articles is a good idea for the regs profits.
Defeating ISPs with Encryption
ISPs are indeed in prime position to perform man in the middle attacks on SSL and other kinds of anonymous encryption. However, if we had a key repository system that was standardized and people were allowed to register their personal public keys at convenient locations, with appropriate identification requirements. And corps had their public keys also registered there, then it would be quite difficult for an ISP to act as man in the middle. Assuming, of course, that when you registered your key you got the registry system's public key as well. A somewhat less secure, but still limited-liability method would be to have the registry system's key included in web browsers. Then only the browser companies would be able to man-in-the-middle. You could reduce this risk by simply making it so that the registry system would update your browser's key to said system, after verifying who it thinks it is talking to.
As it happens, I did miss your earlier points, the most important of which for the purposes of my discussion would appear to be...
"Man in the middle attacks have been the bane of encrypted connections where the encryption session is set up purely over the vulnerable connection since their creation."
"The only way we can have somewhat secure encrypted connections is if the keys used to setup the encrypted link are passed separately."
OK, I see your point. There are too few pre-shared keys in this world. One or two will be baked into your operating system (for internet update services) but most of the rest will pass through your ISP's wires at some point, and for any key exchange that follows a recognised protocol a malicious ISP can write a program to slurp the keys as they pass, so...
"ISPs are one of the few entities that can easily perform man in the middle attacks on the internet. The only thing preventing them snooping encrypted internet access is fear of legal repercussions, they can quite easily if they wished break and observe or even modify encrypted connections if they so wished."
However, I'd offer two counter-arguments.
Firstly, as long as the legal repercussions remain, no ISP will touch this with a barge-pole. Any such snooping would quickly become public knowledge, because it would be a major operation at any ISP to install it and the IT staff there just aren't paid enough to keep that size of secret. Even if they did, it is only a matter of time before someone bothers to independently verify the exchanged keys using an alternate channel, like a piece of paper.
So whether such snooping is officially legalised, or attempted on the sly, everyone will know about it. Secondly, then, I think you've underestimated likelihood of the legal repercussions ever going away. Who would object?
First up is just about *anyone* doing e-commerce, let alone online banking. With mass-snooping, all the mafia have to do is get their henchmen employed by an ISP and suddenly they can pick off high-value targets at leisure because all the information gathering is being done "legally". Commerce is a seriously powerful lobby. In the US they proved more powerful than the NSA when they overturned the ban on the export of 128-bit encryption.
Second up are various courts. Much to the government's repeated annoyance, they don't control these and aren't likely to any time soon. Legalising mass-interception of communications would require a *lot* of legislation to be torn up, including a few treaties we've signed with other sovereign nations. Messy!
Third up are probably the intelligence services. The kiddy fiddlers and suicide bombers can easily pre-share their keys on scraps of paper, so the GCHQ staff will be given the job of sifting through a gigantic pile of information, secure in the knowledge that it contains *all* the ramblings of teenagers and none of the plans of the people they are interested in, just to let some barmy home secretary get her kicks. I'm not remotely surprised that our Stella has attacked the government on this issue, just as I wasn't surprised that she attacked their use of torture, which she knows full well merely confirms the mis-conceptions of the goon with the hose.
Last up is the electorate. Here in the UK, at any point in time, about 60% of the population *didn't* vote for government. They will need little persuading that this crosses some kind of line. (Specifically, a few memory sticks on trains will be all the persuasion they need.)
Unless the government can get past *all four* lobbies, a mass snooping law would fail.
Seems IE might not be vulnerable to the "homographic" attack
- except for users who have a chinese character set as the OS default. see http://www.doxpara.com/?p=1269
Perhaps one solution would be to render unicode characters displayed in the address bar in a different colour to the ascii ones so that the chinese slash-like characters would stand out. I guess most uses probably still wouldn't notice though!
"You can't use Virtual Hosts with SSL, so every Encrypted site needs its own IP address."
Perhaps this is the push that will finally encourage everyone to use IPv6?
I guess I'm in the small minority that does take the trouble to check the certificate on secure connections to my bank's website? It's not paranoia if they really are out to get you.
Bookmarking isn’t always a help
Some banks aren’t too keen on you going straight to their secure pages. The UK’s Co-operative Bank use a hostname that changes over time. I’ve had another financial institution flag up my bookmarking of their secure site as anomalous behaviour and had my on-line access frozen. I can’t believe it was simply the absence of the referrer header, so it may have been that combined with my IP address not being seen to access their main site first.
Re: Seems IE might not be vulnerable to the "homographic" attack
Nice. So it seems like the retarded idea of enabling unicode characters in DNS registries is the cause for homographic attacks. Great!
I just don't understand why is it so important to have non-Latin characters in URLs. It only opened a new avenue for phishing.
As for users not noticing the difference between http:// and https:// ... they *deserve* to get phished. FF3 shows a nice yellow URL bar when using https, IE7 does something similar. Even if still using IE6, you can always check the https stuff yourself, or the "lock" icon. Come on!
Nothing Quite That Easy
SSL encryption adds overhead which could be significant on some sites if everything was encrypted. Try comparing ftp transfer times with sftp if you don't think so. Having said that, I would like a client browser option to require encryption at all times................
not sure what to say
Somewhere a line has to be drawn into what's ethical and what's not. Everything can't be fullproof. There are probably hundreds of thousands of people with concealed carry permits to carry firearms. We don't all go around shooting people. You can't change an entire system because a few trolls in dirty t-shirts that have no lives spend their time trying to get famous by breaking into things.
Im all for ethical 'hacking' but things like this, it's stupid. Anyone can rob a bank, anyone can shoot someone, it doesn't happen because we are somewhat civilized. When will the nerds become civilized.
Keeping a (click-thru) db of url's and which of the two (http|https) was used (in what sequence) last time the url was visited would not resolve anything then ?
>> I guess I'm in the small minority that does take the trouble to check the certificate on secure connections to my bank's website? It's not paranoia if they really are out to get you.
That's all well and good - until you want to buy something from a site that uses 3-D Secure, in an IFrame, where you can't easily check the certificate. The people behind the vast majority of bank security systems need to be shot.