[cabfpub] A BREACH beyond CRIME :-(

Phillip Hallam-Baker philliph at comodo.com
Fri Aug 2 12:04:37 UTC 2013


The real problem here is the toxic combination of Netscape's Javascript hack that was thrown together in 14 days and the reliance on bearer tokens. But TLS is the only thing claiming security so it gets the blame. 



On Aug 2, 2013, at 4:25 AM, Rob Stradling <rob.stradling at comodo.com> wrote:

> More details...
> 
> http://arstechnica.com/security/2013/08/gone-in-30-seconds-new-attack-plucks-secrets-from-https-protected-pages/
> 
> On 02/07/13 08:52, Rob Stradling wrote:
>> More on this...
>> 
>> http://www.darkreading.com/vulnerability/https-side-channel-attack-a-tool-for-enc/240157583
>> 
>> On 29/05/13 15:07, Rob Stradling wrote:
>>> https://www.blackhat.com/us-13/briefings.html#Prado
>>> 
>>> "SSL, GONE IN 30 SECONDS - A BREACH BEYOND CRIME
>>> In this hands-on talk, we will introduce new targeted techniques and
>>> research that allows an attacker to reliably retrieve encrypted secrets
>>> (session identifiers, CSRF tokens, OAuth tokens, email addresses,
>>> ViewState hidden fields, etc.) from an HTTPS channel. We will
>>> demonstrate this new browser vector is real and practical by executing a
>>> PoC against a major enterprise product in under 30 seconds. We will
>>> describe the algorithm behind the attack, how the usage of basic
>>> statistical analysis can be applied to extract data from dynamic pages,
>>> as well as practical mitigations you can implement today. We will also
>>> describe the posture of different SaaS vendors vis-à-vis this attack.
>>> Finally, to provide the community with ability to build on our research,
>>> determine levels of exposure, and deploy appropriate protection, we will
>>> release the BREACH tool."
>>> 
>> 
> 
> -- 
> Rob Stradling
> Senior Research & Development Scientist
> COMODO - Creating Trust Online
> Office Tel: +44.(0)1274.730505
> Office Fax: +44.(0)1274.730909
> www.comodo.com
> 
> COMODO CA Limited, Registered in England No. 04058690
> Registered Office:
>   3rd Floor, 26 Office Village, Exchange Quay,
>   Trafford Road, Salford, Manchester M5 3EQ
> 
> This e-mail and any files transmitted with it are confidential and 
> intended solely for the use of the individual or entity to whom they are 
> addressed.  If you have received this email in error please notify the 
> sender by replying to the e-mail containing this attachment. Replies to 
> this email may be monitored by COMODO for operational or business 
> reasons. Whilst every endeavour is taken to ensure that e-mails are free 
> from viruses, no liability can be accepted and the recipient is 
> requested to use their own virus checking software.
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public




More information about the Public mailing list