Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Progress being made on the TLS renegotiation attacks

Add to del.icio.us     Digg this story Digg this

November 26, 2009

According to Netcraft November's SSL Survey, on average, twenty-four of the one-hundred or so most popular HTTPS websites appear to be safe for now from the recently documented TLS renegotiation flaws. However, the other 76 sites are still vulnerable to TLS renegotiation attacks, which allow a so-called man-in-the-middle attacker to inject data into secure communication streams.

A TLS renegotiation attack is one that allows a client and server who already have a TLS connection to negotiate new parameters, generate new keys, etc. Renegotiation is carried out in the existing TLS connection, with the new handshake packets being encrypted along with application packets.

Click here to order the best dedicated server and at a great price.

The difficulty is that they're not otherwise tied to the channel, which gives the attacker a window of opportunity. In order to mount the attack, the attacker first connects to the TLS server. He can then communicate with the server as much as he wants, including making an arbitrary number of requests/responses, etc.

The traffic is all encrypted, so when the attacker is ready, he simply hijacks the client's connection to the server and just proxies the client's traffic over the encrypted channel. The client then negotiates with the server and from that point the client and the server communicate directly.

Note that the client is communicating with the attacker in the clear but the second handshake is encrypted and goes over the attacker's channel, so client doesn't know that he is renegotiating.

But the server thinks that the initial traffic with the attacker is also from the client. There are also other variants where both sides see a renegotiation but of different connections.

In and by itself, TLS is just a security protocol, so the impact of this attack depends on the application protocol running over TLS. The most important of these protocols is of course HTTP over TLS (HTTPS). Most Internet applications do initial authentication via a username/password pair and then persist that authentication state with HTTP cookies.

An attacker might exploit this issue by sending a partial HTTP request of his own that requested some resource. This then gets prefixed to the client's real request.

To simply demonstrate the seriousness of the issue, Anil Kurmus published details of a potential attack scenario that showed how the security hole could be used to steal passwords from vulnerable sites such as Twitter and others.

Among the top 100 HTTPS websites, there are several banks and eCommerce sites that still remain very vulnerable and that is worrisome to many security experts. A few of these sites give the appearance of being intermittently vulnerable, as client requests are load balanced among a mixture of vulnerable and non-vulnerable servers.

Ben Laurie of Google was working on the renegotiation flaw around six weeks before it was made public, so it is perhaps unsurprising that 7 of the 24 safe sites are owned by Google.

Surprisingly, a further seven websites are running Microsoft IIS 6.0, which is currently believed not to be vulnerable, to the great surprise of some security experts.

Since discovering the TLS renegotiation issue, PhoneFactor has created a Status of Patches list, showing which vendors have already responded to the problem. A few were quick to act by disabling renegotiation support in their products, and some vendors have already implemented Eric Rescorla's proposed fix.

Netcraft's November SSL Survey found 1,217,395 distinct valid third-party SSL certificates in use on the Internet.

Add to del.icio.us     Digg this story Digg this

Source: Netcraft.

Get the best Linux or Windows Web hosting plan for your website.
Get the lowest rate and the best tech support on any Linux or Windows hosting plan. Learn more by clicking here.

Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.


You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.

Click here to order your Proxy Sentinel™ Internet security server today!

Proxy Sentinel™ is the most secure Internet proxy server on the market today. Click here for more information.
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing

| Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact |
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer



Install your server in Sun Hosting's modern colocation center in Montreal. Get all the details by clicking here.


Get your Linux or Windows dedicated server today.


The industry's best and most accurate tool to find out EXACTLY what your CORRECT keywords are. Click here to learn more.