[cabfpub] A BREACH beyond CRIME :-(

Phillip Hallam-Baker philliph at comodo.com
Tue Jul 2 15:26:06 UTC 2013


Please read the draft. 

It explains the deployment strategy.


On Jul 2, 2013, at 11:19 AM, Hannes Tschofenig <hannes.tschofenig at gmx.net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> Phil, 
> 
> the problem is that you cannot easily move to a cryptographic authentication style because of all the legacy devices and what JavaScript provides today. 
> There is the work on the W3C CryptoAPI that could make a difference but I have no hope that browser vendors will soon add a new HTTP authentication scheme. 
> 
> Ciao
> Hannes
> 
> On Jul 2, 2013, at 6:12 PM, Phillip Hallam-Baker wrote:
> 
>> Hannes,
>> 
>> I agree that we should not panic over the TLS issue till we know the breach. Unfortunately that type of remediation tends to happen behind closed doors and is considered to be a 'TLS fix'. Which means that it does not become what it should be which is a caution against using cookies for authentication.
>> 
>> 
>> 
>> 
>> 
>> On Jul 2, 2013, at 10:30 AM, Hannes Tschofenig <hannes.tschofenig at gmx.net> wrote:
>> 
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA512
>>> 
>>> Hi Rob, 
>>> 
>>> I am always a bit reluctant when I hear about these types of attacks. In many cases, they are very basic and make various assumptions. In the OAuth working group we had looked into various attacks and many of them turned out to be an implementation flaw: someone tried to make some short-cuts and then had to pay the price for it. The most recent example was Facebook earlier this year. 
>>> 
>>> So, I am looking forward to see the details of this attack. 
>>> 
>>> Rob, if you know the speakers maybe it is possible to get in touch with them upfront. 
>>> 
>>> Ciao
>>> Hannes
>>> 
>>> On Jul 2, 2013, at 5:02 PM, Phillip Hallam-Baker wrote:
>>> 
>>>> These SSL attacks are getting silly. Use of bearer tokens is not a viable authentication approach when an attacker can mount an adaptive chosen plaintext attack.
>>>> 
>>>> I wrote the following in response to CRIME:
>>>> 
>>>> http://www.ietf.org/id/draft-hallambaker-httpsession-01.txt
>>>> 
>>>> 
>>>> The basic idea is that instead of passing authentication cookies over the wire repeatedly, the secret is passed ONCE and after that the parties only exchange knowledge of the token. It has been submitted to the WebSec working group but nobody has commented to date. I was waiting for BlackHat
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> On May 29, 2013, at 10:07 AM, Rob Stradling <rob.stradling at comodo.com> wrote:
>>>> 
>>>>> https://www.blackhat.com/us-13/briefings.html#Prado
>>>>> 
>>>>> "SSL, GONE IN 30 SECONDS - A BREACH BEYOND CRIME
>>>>> In this hands-on talk, we will introduce new targeted techniques and 
>>>>> research that allows an attacker to reliably retrieve encrypted secrets 
>>>>> (session identifiers, CSRF tokens, OAuth tokens, email addresses, 
>>>>> ViewState hidden fields, etc.) from an HTTPS channel. We will 
>>>>> demonstrate this new browser vector is real and practical by executing a 
>>>>> PoC against a major enterprise product in under 30 seconds. We will 
>>>>> describe the algorithm behind the attack, how the usage of basic 
>>>>> statistical analysis can be applied to extract data from dynamic pages, 
>>>>> as well as practical mitigations you can implement today. We will also 
>>>>> describe the posture of different SaaS vendors vis-à-vis this attack. 
>>>>> Finally, to provide the community with ability to build on our research, 
>>>>> determine levels of exposure, and deploy appropriate protection, we will 
>>>>> release the BREACH tool."
>>>>> 
>>>>> -- 
>>>>> Rob Stradling
>>>>> Senior Research & Development Scientist
>>>>> COMODO - Creating Trust Online
>>>>> 
>>>>> _______________________________________________
>>>>> Public mailing list
>>>>> Public at cabforum.org
>>>>> https://cabforum.org/mailman/listinfo/public
>>>> 
>>>> _______________________________________________
>>>> Public mailing list
>>>> Public at cabforum.org
>>>> https://cabforum.org/mailman/listinfo/public
>>> 
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
>>> Comment: GPGTools - http://gpgtools.org
>>> 
>>> iQEcBAEBCgAGBQJR0uQNAAoJEGhJURNOOiAtnUgH/0iF6J/IprQ30EstDuBsouc6
>>> CUqb/PJZroYb9gmNqOBJFqBaAyNkZiqsD7Fcw8f1JSrHjzarJNeYHcAEDZx7rvHk
>>> sYgqfIKv/z6qBzgCB1yDo69GvU31sr51cyDSKdvmfdk0/ZvImn5KIV7jPObi8F0Y
>>> alEzwoHhrCa2/NEjHMXXQTSM0alflGLDxmbo1Uuwb4YASQcpIOkHvRgHK+1zJmCf
>>> ItTFEFRFuNp9QvCELOxfFvnYMLCAvtnkDDaQzFscJdk/hK01GStEucR+DNoJaX8C
>>> t7APcC06jjBMboVygF1eeLXNTeiuWWnjXBflrvHUNQr69+6xdYXDynO4yuSpuug=
>>> =joNX
>>> -----END PGP SIGNATURE-----
>> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> 
> iQEcBAEBCgAGBQJR0u+AAAoJEGhJURNOOiAtyBoH/R6zgMQMg22y202sWBFuPBTX
> PKwBrt9EiGPRxPTQ74Kp0v1ATxEbmbgYcJNdZ1T7h5XrcD3TlCgg2gkxPvoQC/uD
> e1RFSVsoUg6gVsJciZozufPPUUzqsDzK+66GrAk1OhbbOR/ivDUe06J9hkb9OYs0
> fgNk3IFKCp87E7zB9qfcIBoK6wvbrsjeE7ZgsNk9ejo4RR1X9FFxtmQrhzL6Hyka
> PPC95z30GRmKkMm7HLuWccHtqQPyypalXAmYX++BCXRYqZRMptgfQTgyN3Ypq8mA
> FR0EAkkjW0K3UJ7ikuNxBF7xWt+oCy/lBxbalnA2vk9u3VdbMo0oGboIuDGL+B4=
> =LxBI
> -----END PGP SIGNATURE-----




More information about the Public mailing list