New research has uncovered flaws in the encryption certificates used to protect the websites of hospitals, banks, and even top-secret government spy agencies, raising questions about whether they are complying with regulations requiring them to adequately safeguard their online visitors. Rodney Thayer, a security researcher with …
Dear pen testers...
It's possible to configure an app that will accept a weak cipher if only to tell the user that they're using an 'insecure' connection and are unable to interact further i.e. they cannot login to the application and they should upgrade their browser - The alternative being a rather anonymous SSL handshake or browser error.
And yes - some people still use Netscape 4 and IE5 or whatever the old export/non-export browsers were...
Flippin pen testers and their overpriced nessus scans.
... are we going to see Mr Thayer being arrested and prosecuted for "causing damage" to those computers?
Time to put on my surprised face
*GASP* No way!
Obviously no one realizes the problem are still the ones who point out that there are flaws, fire them and hire and idiot quick! It's done so many wonderful things for the industry so far, and people who know what they are doing ask for too much :P
i thought firefox, opera and ie7 all disabled ssl2?
We realise that many webservers have the capability to accept ciphers at the TLS layer only to provide more intelligent feedback to the user than a browser's "could not complete SSL handshake" error message at the application layer by accepting the cipher and then serving the user different content. It's actually relatively simple to cause this behaviour using many products: eg http://support.microsoft.com/kb/937293. We realise too that some (although not many) devs specifically add code into their applications to cause this behaviour.
The majority of us understand how SSL and web applications work and do check for stuff like this before reporting on your weak SSL ciphers. The majority of us don't just run nessus and then copy and paste what it says into a word doc. If your pentesters do, consider dropping them for some who're less shit. :)
The majority of you don't (as described) reject ciphers at the application layer after first having accepted them at the transport layer. When you do, we'll be sure to take it into account. ;)
Two reasons for SSL
SSL is used for two distinct reasons, and this piece is only relevant to the first reason. That is, to validate that a web site is actually controlled by a specific entity. Yes, this is why SSL was created in the first place, and it most certainly *should* still be used that way. But most of the time, it isn't.
Unfortunately, people wanted to conduct commerce on the Internet, and the webmasters and/or their companies didn't want to pay the fees to get SSL certificates. So instead, a new SSL industry was born. One in which the controlling entity is irrelevant. One in which the only controlling-entity check is that the IP address of the web server matches the certificate. This second reason for SSL is simply to provide encryption for the connection (for the commerce transaction), not to confirm identity. This reason is simply to make sure that the data transferred between the two endpoints cannot be easily deciphered/read if intercepted. Go try to buy a cheap SSL certificate, and you'll see that you can easily get one without having to prove your identity at all.
But speaking of SSL security, shouldn't anyone seriously concerned with security be using 256-bit AES at this point instead of 128-bit RC4?
Anyone want to expand on how a certificate can be "misconfigured" ....?
Blame the NSA
for saddling the world with goofy browsers using toy encryption (DES) with useless keylengths (40-bit? 56-bit?) in the name of "national security". And this predates Bush; however I do have to commend the Clinton administration on shooting down the stupid restriction during its final year (2000).
However, those poor sods who are still using OS/2 are stuck with Netscape 4, which means they can't use the strong crypto themselves. Some large organizations have these cases.
Add up those who can't be arsed on generating a new, SSLv3 cert and you're in for trouble. *sigh*
@Chris C - We aren't using 256-bit AES because of the revised export restrictions imposed by the NSA. 128-bit crypto is exportable; 256-bit isn't. So unless a European-based web browser comes out, we're stuck with 128bit. :(