Tag Archives: DROWN

TLS 1.0 and 1.1 Upcoming End of Support Announced

Early last week saw a coordinated effort from almost major browser vendor to follow the guidelines of the PCI-DSS standard and to end support for TLS 1.0 and 1.1

Why should this change be considered relevant?
Each of the browser vendors have worked together to create a definite timeline (starting in 2020 and complete by July 2020) for the end of support of these now obsolete security protocols. TLS 1.0 is almost 20 years old and is no longer PCI-DSS compliant.  Separately TLS 1.1 is more than 10 years old. They both contain known vulnerabilities e.g. BEAST (an attack), DROWN or FREAK (both downgrade attacks) etc. use insecure hash functions (e.g. MD5 and SHA-1) and receive very little use today:

0.4% from Apple Safari (<0.36% for all connections) (Source: WebKit)

0.5% for Google Chrome (Source: Google)

1.2% of Firefox Beta 62 during the time August-September 2018 (Source: Mozilla)

0.72% for Microsoft Edge (Source: Microsoft)

More modern standard e.g. TLS 1.2 offers improved performance when used with HTTP/2 and are PCI-DSS compliant. Moreover, it doesn’t suffer from all of the vulnerabilities affecting prior versions and includes stronger alternatives to older hash functions e.g. ECDHE_RSA_WITH_AES_128_GCM_SHA256 .

What does the future hold?
Following the recent deprecation of any standard of TLS older than 1.2 on the 30th of June this year due to the mandate set by the PCI Security Standard Council has steadily seen the increase of the recently ratified TLS 1.3 (in April 2018) but defined within (Request for Comments) RFC 8446 in August. This is in part due to a change by Mozilla to Firefox in April and the adoption of the newest standard by some popular websites e.g.:

Google’s Gmail (although the newer standard isn’t always enabled)

https://www.bleepingcomputer.com/

https://www.securityweek.com/

https://nakedsecurity.sophos.com

https://www.theregister.co.uk/

https://www.wordpress.com (which also includes this blog you are reading!)

The OpenSSL Foundation added full TLS 1.3 support to their popular cryptographic library OpenSSL with the release of version 1.1.1 in September 2018. OpenSSL are further driving adoption of the newest standard by ending support for the current long term support (LTS) version 1.0.2 by the end of 2019 (with it only receiving security updates after the 31st December 2018).

The increase in traffic is best illustrated by Mozilla showing approaching 6% usage for Firefox Beta 62 during the time August-September 2018. Such an increase is really good news for the security of the Internet specifically any online service that requests personal information and e-commerce websites in particular.

For more information on which web browsers support TLS 1.3, please see this link with a table from Salesforce illustrating browser support for TLS 1.2 here.

Thank you.

The DROWN Attack: What You Need To Know

With the release of scheduled security updates for OpenSSL earlier today details of a new high severity cryptographic vulnerability were disclosed.

This weakness relies upon an outdated encryption protocol namely SSLv2 (Secure Sockets Layer version 2). SSLv2 does not have the ability to defend against a known cryptographic attack specifically the Bleichenbacher attack. Using this method an attacker could obtain the RSA private key used to secure the connection between a client (usually a user/consumer) and the server (e.g. a website). If a server that uses a modern protocol such as TLS (TLS/SSL are discussed in a previous blog post and within this Sophos podcast) also uses SSLv2 this attack could be used to obtain the RSA private key (defined) used to secure the connection even when the user’s session is using TLS.

While the original Bleichenbacher attack would still take an impractical amount of computing power to complete; the researchers who responsibly disclosed (defined) this issue to the OpenSSL project (and others) have further refined the attack so that a much smaller number of secured connections would be needed to be set up in order to attempt to brute force (defined) the RSA private key. As OpenSSL explained in their blog post this attack could be completed in several hours using $440 USD of cloud computing power from Amazon’s EC2.

Why Should These Issues Be Considered Important?
It’s estimated that up to 3.5 million servers on the internet are vulnerable to the more general form of DROWN attack disclosed today. A further 2.5 million servers are vulnerable to a specific form of the DROWN attack (that was patched/addressed in March 2015).

This means that some of your favourite websites that use secured connections may be vulnerable to this issue and your private data being exchanged with that website has the potential to be no longer private.

Further technical details of this attack are available on the specifically created website detailing the attack. Background information and high level explanations of the attack are available from Matthew Green’s blog post, OpenSSL’s blog post and from Kaspersky ThreatPost. Very clear but short explanations are available from this Trend Micro blog post and this Sophos Security blog post.

How Can I Protect Myself from These Issues?
The DROWN attack can be further broken down into both general and special cases (thus my use of “These” in the above headings) described in Matthew Green’s blog post.

Update: 3rd March 2016:

With regard to the website vulnerability checker (mentioned below) that the DROWN attack website provides, you may want to read the explanation provided at the end of this Sophos Security blog post for an important clarification/explanation of how that tool works.

To check if your favourite websites are vulnerable you can review a compiled list here or enter the domain of the website you visit to test it e.g. example.com into the “Check for DROWN vulnerability” box found on the DROWN attack website. This blog hosted on WordPress.com is not vulnerable.

You should also review the Q&A page of the DROWN attack website and if you administer a webserver e.g., Apache you should follow the steps within OpenSSL’s blog post to resolve these issues. Steps are also provided for nginx and Postfix users. If you are using any version of OpenSSL prior to 1.0.1s or 1.0.2g, please strongly consider upgrading to the most appropriate updated version of OpenSSL for your environment as soon as possible. OpenSSL’s security advisory for these versions is available here.

Update: 6th March 2016:
Further information on the specific versions of Nginx, NSS, Postfix and Apache versions affected by DROWN are listed in Symantec’s blog post including further advice specific to those products. Qualys also provides insights on detecting/tracking the progress of patching your servers against this attack.

Update: 12th March 2016:
The Symantec link provided above also references Symantec’s CryptoReport tool which can be used to test your website or any website that you visit to check if it is affected by this vulnerability. This tool from Qualys offers similar functionality.

Moreover; U.S CERT provides comprehensive mitigations steps/advice in their vulnerability note on this attack.

Please note that the OpenSSL updates today address 7 other security issues (excluding DROWN) (CVEs, defined) of the following severities:

====================
1x high severity
1x moderate severity (assigned CVE-2016-0704: which also relates to the DROWN attack)
5x low severity
====================
To resolve these issues please update your OpenSSL installations to 1.0.1s or 1.0.2g (as appropriate).

  • FTP mirrors to obtain the necessary downloads are available from here.
  • Downloadable Tarballs (compressed/packaged code made for distribution) are available from here.

It should also be possible to use the package manager of a Linux/Unix operating system to update your OpenSSL installation as mentioned within the section titled “Installing updates for Linux distributions” on the “Protecting Your PC” page of this blog.

I hope that the above advice assists you in securing your servers and computer systems from this new attack. I will update this post as more information become available.

Thank you.

=======================
References:
Cellos: [2016/03/02] On the announcement of DROWN attack and CacheBleed

ThreatPost: DROWN Vulnerability Remains ‘High’ Risk, Firms Say