Over the past few years, we’ve seen a variety of TLS vulnerabilities steadily surface. In general, we brand each one as “just another TLS vulnerability,” but the intricacies of each are rather distinct, though not horribly convoluted. Let’s walk through a few together.
2014: Heartbleed and POODLE
Heartbleed affects the OpenSSL library’s implementation of a TLS extension—the TLS heartbeat. A TLS heartbeat works as follows: The client (or server) sends some amount of data in a heartbeat request to its peer to verify the peer’s presence or keep the connection alive. The peer then echoes the data back to the sender to verify that the peer is reachable and alive. If you want the nitty-gritty details of the heartbeat extension, feel free to read the IETF’s description. Exploitation of Heartbleed, a faulty heartbeat implementation, can allow an attacker to read up to 64 KB of memory at a time from a peer running a vulnerable version of OpenSSL. Here’s how:
Posted in Software Architecture and Design | Comments Off on Attacks on TLS vulnerabilities: Heartbleed and beyond
The weekend of Friday the 13th took a frightening turn—even for those of us who aren’t superstitious—when detrimental weaknesses were discovered in Wi-Fi Protected Access II (WPA2), the protocol responsible for securing Wi-Fi networks. WPA2 was first made available back in 2004 and has been required on all Wi-Fi branded devices since March 2006. My home’s Wi-Fi network is protected by WPA2, and if you’re reading this, yours probably is too.
Before we answer that question, let’s do some quick high-level Crypto 101. The Advanced Encryption Standard (AES) has been around for over a decade. It’s a symmetric-key cipher, which means the same key is used for both encryption and decryption. While AES traditionally functions as a block cipher that encrypts 128-bit chunks of plain text at a time, it can also be used as a stream cipher—which is how it is implemented in WPA2. Now, the thing with stream ciphers is that reusing a nonce-key pair can result in the complete decryption of traffic. A nonce should never be used with the same key twice. In the WPA2 standard, a nonce is basically a packet counter. Essentially:
Posted in Data Breach, Software Architecture and Design | Comments Off on KRACK: Examining the WPA2 protocol flaw and what it means for your business
SHA-1 (Secure Hash Algorithm 1) is broken. It has been since 2005. And yet, that hasn’t stopped its continued use. For example, until early 2017 most internet browsers still supported SHA-1. As though to confirm that SHA-1 was really, truly dead, researchers from CWI Amsterdam and Google announced at the end of February 2017 they had performed a successful collision attack against SHA-1.
Posted in Software Architecture and Design, Web Application Security | Comments Off on Forging a SHA-1 MAC using a length-extension attack in Python