[BlueOnyx:17217] Re: 'FreakAttack' OpenSSL vulnerability?

[Michael Stauber]

Hi Ralf,

> I asked because this is a more bit serious than it might appear at 
> first. It has two sides that are possibly vulnerable, both the client 
> side (web browser asking to use an outdated cipher suite) and the server 
> side.

Absolutely. Both ends play a role here. If both the server *and* the
client don't allow downgrading of protocols and ciphers beyond a certain
point, then that enhances security. And prevents this attack vector. If
one side of the communication allows it, there is still an attack vector
possible, but technically it gets more complicated.

This is (again) done by government agencies via the use of dedicated
servers in the middle, which intercept, proxy and modify the traffic.
Just one well known example: The Iran and Facebook. Yet their approach
was a bit more complicated and naturally had to use faked SSL
certificates. There it of course helps if you have a CA-authority in
your pockets, which is something that run-of-the-mill criminals rarely
have access to.

> And going by the fact that in the list of web sites tested vulnerable 
> "high end" sites like americanexpress.com, bloomberg.com,
> businessinsider.com, groupon.com etc, I think it is
> better to be vigilant and check rather than just to assume that one 
> isn't effected.

Absolutely correct. But I'm not surprised that so many important sites
are still affected. A couple of months ago I had a talk with the IT
department of my bank. Actually it's a chain of regional banks in
Germany who have regional offices and country wide use the same backend
for the online-banking. They were still using RC4 based ciphers for
everything by default. When you actually disabled RC4 in your browser,
then it would downgrade to something even more horrible and much more
worthless. I asked them about it and got a noncommittal reply that they
still have to support IE6 on Windows XP and other horrible stuff. So to
make that happen they used the worst possible ciphers to begin with and
even didn't provide more secure alternatives. Which is something that
could easily be done.

Naturally: They're wide open to the 'FreakAttack'.

> I am not as much concerned that any of those security agencies that you 
> seem to have so much disdain for, are snooping around but this is 
> something that crooks are going to try and exploit

I'm not really worried about the dozen crooks that might be able to pull
it off against isolated single targets. The widespread usage of this
against millions of people per hour by the government crooks has me more
worried. But like said: As far as BlueOnyx is concerned, we did what we
could.

The only good thing that might come off it: It forces Apple, Google and
Microsoft to actually pro-actively raise the bar on ciphers and
protocols. Which might not be in the best interest of the NSA.

-- 
With best regards

Michael Stauber