SSL.com’s Security Roundup – January 8, 2016

SSL_com_logo

Happy birthday, David Bowie!

Before there was, uh, whatever you kids are listening to, there was a kid from Brixton named David Robert Jones. He’s been in the music business for an eon or two – he started so long ago that he changed his name from Jones to Bowie to avoid confusion with one of the Monkees. (No, you look it up – we’re not goin’ there.)
bowie_brixton_tenner

Before there was Bitcoin, there were other alternative currencies, mostly local affairs like BerkShares, Ithica Dollars, and the Brixton Pound – the latter of which put Mr. Bowie’s face on their tenner as a tribute to a local boy made good.

Connection with digital security? Minimal at best!

Excuse for the Security Roundup to salute “the best-dressed Briton in history“? Taken!

Here’s some of what we’ve been following this week at SSL.com – enjoy!


JUNIPER PATCHES SCREENOS…TO PREVIOUS, BROKEN VERSION

The hottest cryptography story this week is the ongoing Juniper Networks cluster-fiesta. The story first broke last month and is a dizzying maze  – backdoors within backdoors within backdoors, ten-million-dollar NSA contracts, textbook cases of how not to implement crypto – and is still unfolding. There are plenty of disturbing elements, but one in particular caught our attention. Juniper did issue a patch to close a particular backdoor (the US Department of Defense has been recommending applying it). However, the patch only returns devices to a previous, still-deeply-suspect version. It thus fixes one non-Juniper backdoor – but apparently leaves other existing backdoors in place.

STATUS: Puzzling at best, deeply suspicious at worst. The Juniper landscape is being explored by some very savvy security researchers, and we’re teasing the story apart ourselves. Look for our own brave attempt to break down the Juniper story for you next week.


SLOTH ATTACK!

All cryptographic functions age out, and MD5 (already mostly removed from modern ciphersuites) and SHA1 (slated for early retirement) are only the latest such. Both are however still in use, and a recent technical paper from researchers at miTLS.org describes a line of attack that targets the older MD5 and SHA1 signature algorithms (as opposed to the ciphersuites that do actual encryption). Dubbed SLOTH (Security Losses from Obsolete and Truncated Transcript Hashes), this exploit can allow impersonation attacks and worse.

STATUS: Previous worries about MD5 and SHA1 revolved around breaking the actual encryption of messages. SLOTH reminds us that there are vulnerable attack surfaces beyond ciphersuites (client authentication, in this case) – and that a completely secure environment means blocking every path to explotation.


…BUT KILLING SHA-1 PROVING TRICKIER THAN HOPED

Although Mozilla is leading the march towards SHA1 retirement, there are as many stumbles in removing old tech as in introducing new tech. The latest version of Firefox (version 43) started rejecting SSL/TLS certificates signed with SHA1 on January 1, 2016. Unfortunately, slow (even SLOTHful) uptake for SHA1 retirement by some security and antivirus software providers broke HTTPS access for their users.

STATUS: Mozilla’s made a tactical retreat and patched Firefox to re-accept SHA1 certs – but they’re still aiming to retire SHA1 as soon as possible, and state (through clenched teeth, no doubt) that “vendors of TLS man-in-the-middle systems should be working to update their products”.


GOOGLE TO AVG: SEE US AFTER CLASS

Those “TLS man-in-the-middle systems” essentially bypass your established security design by an agreed-upon impersonation attack – that’s how antivirus providers like AVG can inspect even encrypted data for malignant payloads. However, if your business model involves a MitM exploit, don’t do what AVG did in their Web TuneUp extension for Chrome. Google security researcher Tavis Ormandy found scads of broken or poorly written JavaScript APIs in AVG’s code, allowing arbitrary code execution, exposing personal data and browsing history and in general “disabling web security for 9 million Chrome users“. The (corrected) extension is now blocked from auto-installation in the Chrome Web Store…and a vexed Google is “investigating AVG for possible Web Store policy violations“.

STATUS: “AVG” stands for “Anti-Virus Guard”. “QA” stands for “quality assurance”. Any questions?


DUTCH GOVERNMENT BUCKS GLOBAL TREND, CALLS FOR SANE CRYPTO

In the wake of horrific acts by some very bad people, authorities in several nations have been calling for encryption with “golden keys” enabled – they’re asking for magic backdoors that only legitimate authorities would ever use. As the Juniper saga shows, there is no such thing. Backdoors get opened, and not always by the theoretically trusted keyholder. Thus it’s heartening that the government of the Netherlands has come out in favor of strong encryption (i.e., uncompromised by backdoors) for “the protection of privacy for citizens, companies, the government, and the entire Dutch economy”.

STATUS: Happy to end on a positive note, for once. As we’ve noted before, math is a tough thing – despite the fond wishes of law and order types, it just doesn’t allow for the kind of magic backdoors they’re wishing for. Mad props to the Dutch authorities for their tough and rational stance – and for putting their money behind their words with a half-million-euro investment in the OpenSSL Project.


As usual, plenty of interesting items we didn’t have room to address this week – the hacking of Ukraine’s power grid, XFinity’s deeply broken home security software, the newly-theorized HTTPS Bicycle attack – it’s a pretty interesting security universe these days, and chock-a-block with stuff we’re happy to bring to your attention.

And as always we appreciate your reading these words, and remind you what SSL.com truly believes –  a safer internet is a better internet.