InfoSec News

I was hoping for a more official release of the document, but you will be able to find the document and the sample decrypt java code here http://www.insecure.cl/Beast-SSL.rar .
The paper is an interesting read. To me it outlined the weakness in using CBCvery nicely and the attack is well described. Certainly one of the more readable crypto papers I've come across. Iwill suggest you read it whilst well fed, and rested.
So is SSL/TLS dead?
The attack essentially implements a mini MITMattack using javascript delivered initially through a Cross Site Scripting (XSS)flaw. In a more traditional SSLMITM attack the application will terminate the SSLconnection, present a new certificate and then establish a SSLconnection to the originally requested site. Because the certificate is selfsigned, it would typically throw up an error, allowing the user to notice that there is something going on. This attack works at a lower level. The SSLconnection isn't interrupted. The weakness in using Cypher Block Chaining (CBC) is exploited to get access to the desired information. Whereas in the traditional MITMattack the user has a chance of noticing, with this attack they are unlikely to. As is outlined in the imperialviolet blog there are easier ways to attack. We do however need to keep this one in our minds.
How to fix it?
Well the easiest would be for web sites and browsers to stop using TLS v1.0, but as Rob points out in a previous diary http://isc.sans.edu/diary.html?storyid=11629 That may not be as easy as we think. The only other choice we have is to start disabling those ciphers that utilise CBC, but that may not work either as there are precious few cypher suites available that do not use CBC. Using stream ciphers will address the issue, but may introduce new ones (RC4 has its own weakness).
Chrome has already addressed the issue and the fix on the browser side is quite simple and elegant. We'll see the other browsers implement something similar over the next few weeks. That doesn't fix the protocol, but it will help address the immediate issue of clients being attacked in this manner.
If you do want to change the cipher defaults, in Windows world, you will need to make some registry changes.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL

This key and subkeys control how the ciphers are used.

This article http://support.microsoft.com/kb/245030 explains how to change protocols and weak cyphers (make sure you test in a test bed first).
As things develop, we will keep you posted.
Regards
Mark - Shearwater (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Google Wallet has run into technical glitches during its rollout, although the extent of the problems is not clear.
 
Facebook launched a flood of new features this week and many users are unhappy with the changes, finding them complex, confusing and even a form of censorship. Columnist Mike Elgan suggests what to do.
 
Internet Storm Center Infocon Status