DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 21st May 2015
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default HTTPS-crippling attack threatens tens of thousands of Web and mail servers

From http://arstechnica.com/security/2015...-mail-servers/

Quote:
Diffie-Hellman downgrade weakness allows attackers to intercept encrypted data.

Tens of thousands of HTTPS-protected websites, mail servers, and other widely used Internet services are vulnerable to a new attack that lets eavesdroppers read and modify data passing through encrypted connections, a team of computer scientists has found.

The vulnerability affects an estimated 8.4 percent of the top one million websites and a slightly bigger percentage of mail servers populating the IPv4 address space, the researchers said. The threat stems from a flaw in the transport layer security protocol that websites and mail servers use to establish encrypted connections with end users. The new attack, which its creators have dubbed Logjam, can be exploited against a subset of servers that support the widely used Diffie-Hellman key exchange, which allows two parties that have never met before to negotiate a secret key even though they're communicating over an unsecured, public channel.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #2   (View Single Post)  
Old 21st May 2015
bsd-keith bsd-keith is offline
Real Name: Keith
Open Source Software user
 
Join Date: Jun 2014
Location: Surrey/Hants Border, England
Posts: 344
Default

Does that mean all HTTPS sites, or only if they negotiate a new key?

I'm thinking: I have passwords & phrases into my bank account, does this allow the capture of my data?
__________________
Linux since 1999, & also a BSD user.
Reply With Quote
  #3   (View Single Post)  
Old 21st May 2015
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

The "key" discussed is a 512-bit Diffie-Hellman key exchange. This mechanism is permitted by something under 10% of the million most-popular websites.

If your bank permits the use of this particular key exchange mechanism, your banking traffic traffic is at risk of both decryption or modification (this last is called a "man-in-the-middle" attack).

Your passphrase/passwords are used for identification and authorization with your bank's website, they are not part of this or any other key exchange, which is used to set encryption/decryption keys for your communication with your bank.

If you are still confused, please read the article.

Last edited by jggimi; 21st May 2015 at 03:51 PM. Reason: clarity, and byte -> bit
Reply With Quote
  #4   (View Single Post)  
Old 21st May 2015
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

There is good news that comes out of this latest exploit exposure. The reuse of prime numbers was the core weakness that was exploited. Bruce Schneier wrote today:
Quote:
...now that we know reusing prime numbers is a bad idea, we can stop doing it.
Reply With Quote
  #5   (View Single Post)  
Old 21st May 2015
bsd-keith bsd-keith is offline
Real Name: Keith
Open Source Software user
 
Join Date: Jun 2014
Location: Surrey/Hants Border, England
Posts: 344
Default

I did read the linked article, but couldn't figure out if my bank details would be at risk.
It seems that it is only those that use Diffie-Hellman key exchange, but I don't know if a bank would be using it(?).
__________________
Linux since 1999, & also a BSD user.
Reply With Quote
  #6   (View Single Post)  
Old 21st May 2015
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Thank you for clarifying the question.

Both your bank and your browser use HTTPS and its underlying Transport Layer Security (TLS) protocol to encrypt traffic. TLS allows the two parties (webserver, browser) to pick and choose from each other's suite of permitted cipher systems, looking for a best match. This particular security problem is that a packet can be injected which forces a renegotiation of cipher systems, and forcing this very weak encryption technology which some websites -- but for our purposes more importantly most browsers -- still permit.
The weakness is two factor: a short key, and reuse of prime numbers.
Your bank may or may not be affected, but your browser almost certainly is. As noted in the press, major browser makers are developing patches and expect to release security updates over the next few days. (Among the major browsers, only IE did not permit 512-bit DFE at the time this issue became public knowledge.)

You could ask your bank if they are impacted, but only if you can find the right technicians to ask. Otherwise, using a supported version of IE should be safe, because if your session is attacked IE should refuse the DFE 512 renegotiation.

Your personal account information is only used at the application layer, and is not part of the cipher key exchange. However, if there is a successful attack and plaintext is leaked or inserted, your transactions and your information may be compromised.

Last edited by jggimi; 21st May 2015 at 03:54 PM. Reason: will -> should.
Reply With Quote
  #7   (View Single Post)  
Old 21st May 2015
bsd-keith bsd-keith is offline
Real Name: Keith
Open Source Software user
 
Join Date: Jun 2014
Location: Surrey/Hants Border, England
Posts: 344
Default

Thank you for the detailed explanation.
( I'll check for browser updates.)
__________________
Linux since 1999, & also a BSD user.
Reply With Quote
  #8   (View Single Post)  
Old 21st May 2015
thirdm thirdm is offline
Spam Deminer
 
Join Date: May 2009
Posts: 248
Default

Until
browsers update, some firefox users are suggesting setting the
following settings to false in about:config:

security.ssl3.dhe_rsa_aes_128_sha
security.ssl3.dhe_rsa_aes_256_sha

I can't say that I know the implications of that change. Presumably it
would force the connection to your bank to fail if it can't use one of
the cipher suites not using export grade diffie hellman for key
exchange, e.g. the ones using elliptic curve Diffie-Hellman.
Reply With Quote
  #9   (View Single Post)  
Old 22nd May 2015
bsd-keith bsd-keith is offline
Real Name: Keith
Open Source Software user
 
Join Date: Jun 2014
Location: Surrey/Hants Border, England
Posts: 344
Default

Thanks for that info on about:config.
__________________
Linux since 1999, & also a BSD user.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Attack code exploiting critical bugs in net time sync(NTP) puts servers at risk J65nko News 15 31st December 2014 06:59 PM
Security Gone in 30 seconds: New attack plucks secrets from HTTPS-protected pages J65nko News 1 1st August 2013 05:30 PM
Security Unlucky for you: UK crypto-duo 'crack' HTTPS in Lucky 13 attack J65nko News 0 4th February 2013 10:51 PM
Security New attack against TLS/SSL obtains session cookies from HTTPS jggimi News 1 17th September 2012 05:00 PM
Virtual domains on multiple mail servers running Exim4 as MTA satimis General software and network 10 27th November 2008 02:42 PM


All times are GMT. The time now is 12:46 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick