Microsoft, Google move to tame Beast

By on
Microsoft, Google move to tame Beast

Microsoft calls for adoption of TLS 1.1, RC4.

Microsoft and Google have moved to secure users against the SSL Beast attack.

The attack made shock waves last week after researchers Thai Duong and Juliano Rizzo demonstrated they could tamper with cipher block chaining (CBC) used in SSL encryption.

It went further than a similar attack demonstrated in 2001 by Bodo Moeller which found guesses can be made against CBC to determine the contents of plaintext blocks.

The researchers showed the Beast (Browser Exploit Against SSL/TLS) attack could de-construct a PayPal cookie passing over SSL between the webserver and user, and was able to compromise restricted user accounts.

But security researchers said it was unlikely to be widely exploited. It required a target's network to be already compromised, and had relied on a Java plugin applet to mitigate the same-origin policy (SOP), a feature that prevents modification to web site data from external domains.

The Java applet would be blocked by default in Google's Chrome browser.

Yet the researchers said the Java applet was only one method of bypassing SOP. Security expert Moxie Marlinspike went further, and said the Beast attack was more akin to a SOP-bug.

The attack only affects SSL 3.0 version 1 and earlier of the proceeding protocol Transport Layer Security (TLS).

But later versions of TLS could be affected because SSL 3.0 was still required to be supported by browsers, more than a decade after the introduction of TLS.

That meant the attack could be launched against TLS version 1.1 by triggering  SSL 3.0 downgrade.

All cipher suites that use symmetric encryption algorithms in CBC including to popular AES were vulnerable to the attacks.

It does not affect the RC4 stream cipher.

Microsoft had called for users to activate TLS 1.1 in browsers and for RC4 deployments to be priortised.

"You can prioritise the RC4 algorithm in server software in order to facilitate secure communication using RC4 instead of CBC.," Microsoft said in an advisory.

"The client or server with which you are communicating must support the RC4 algorithm. If support for RC4 is not available, a different cipher suite will be used if one is available, and this workaround will be ineffective."

Mozilla published correspondence dating back to June between Duong as its researchers who discussed various methods to mitigate the attack.

Google was preparing a fix similar to a previous update introduced and then abandoned in 2002 to safeguard SSL against the attacks.

It would inject random plantext fragments into the CBC to confuse the Beast attack and was compatible with TLS 1.0.

The previous fix caused compatibility problems.

Researcher Adam Langley said the company's servers were largely unaffected because they preferred the RC4 cipher.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia


Most Read Articles

Log In

  |  Forgot your password?