back to article Hackers break SSL encryption used by millions of sites

Researchers have discovered a serious weakness in virtually all websites protected by the secure sockets layer protocol that allows attackers to silently decrypt data that's passing between a webserver and an end-user browser. The vulnerability resides in versions 1.0 and earlier of TLS, or transport layer security, the …


This topic is closed for new posts.
  1. ElReg!comments!Pierre

    I knew it

    I knew I was right to complain to my bank about their requirement for JS on their SSL pages... time to fire another, more menacing letter I guess.

    1. Mike Cardwell

      This is incorrect

      My understanding of the attack is that the attacker MITM's a random non secure http response body, and injects javascript into it, which initiates cross site requests from the target browser to the target https page. The attacker then watches the https traffic and can learn interesting information from it.

      The fact that your bank has javascript in their pages doesn't help or hinder the attack.

      As I use the Firefox addon RequestPolicy, I should be immune from this attack. The attacker wont be able to initiate the cross site requests unless I tell RequestPolicy to allow them.

      1. Robert Carnegie Silver badge

        In$ecure by de$ign

        I think Pierre (?) means that he can disable Javascript in his web browser and so have no exposure to client-scripting attacks, but that his bank's web site doesn't work unless Javascript is turned on.

        Opera - for one - can enable Javascript site-by-site, but I'm not sure if that's a cure.

      2. Adam 38

        I think he means he is unable to use the website without JS enabled, thus leaving him susceptible.

        1. Mike Cardwell

          I'm not convinced that the attack will *require* javascript to work. Will have to wait and see when it's demonstrated on Friday. If all it requires is lots of slightly different cross site requests, it can probably be initiated by injecting lots of hidden img tags or similar into the launch page, rather than injecting javascript.

          He will only be susceptible to this attack if he visits other sites at the same time as being logged into the bank website. You shouldn't be doing this anyway because of the prevalence of XSS and CSRF vulnerabilities. This attack just gives you another reason.

  2. Tom from the States

    Whither IE?

    Unless I am blind, I saw no mention of Internet Explorer in this piece. Does that mean it support TLS 1.1 and has no problem, or what?

    1. Anonymous Coward
      Anonymous Coward

      It depends..

      On your version of Windows no less.

      XP Professional with IE8 only supports TLS 1.0 and SSL 2.0 and 3.0. Windows 7 with IE8 on the other hand supports TLS 1.0, 1.1 and 1.2 where, as others said before me, 1.0 is the default. The SSL support hasn't changed.

      You can find this yourself by going to your control panel and pick internet options. Either directly or through some category layer. Or select this option from within IE.

      Then check the 'Advanced' tab (last one). In the list somewhere you'll find the checkboxes where you can select what you want to enable.

    2. Tom from the States

      OK, so I am blind. Thanks.

      I wonder now if IE 10 beta has/will have this option turned on.

      1. Dan 55 Silver badge

        It's not the version of IE, it's the version of the underlying OS

        You need to be running Windows 7 or Windows Server 2008 R2 to have TLS 1.1 and 1.2 support.

        IE9, 8, and possibly 7 just show what they're offered in the advanced settings.

  3. Remy Redert

    re: Wither IE

    From what I understand, TLS 1.1 is available (Uncertain on 1.2, it might be as well), but TLS 1.0 is the default.

    As noted, the only browser that both supports TLS 1.2 and uses it by default is Opera.

    1. Brian Miller

      re: Wither IE

      IE has TLS 1.2, but it isn't enabled by default. (Why, I don't know.)

      1. The Fat Man

        Because very few web sites have implemented it yet. Did you not read page 2 of the article?!?!

        1. Anonymous Coward
          Anonymous Coward

          Did you actually read the second page? it doesn't give a reason why it isn't enabled by default.

          Now, if you look at the one of MS' blogs you will find a post where they say they have left it disabled because some websites break. Let's try a few keywords on google: "internet explorer tls 1.2 disabled", OMG! it's magic!

          Now, have you READ this? "?!?!"

          1. Anonymous Coward
            Anonymous Coward

            Re: Why not default in IE

            Indeedely-doo, by the look of it,MS did not make it the default in IE to "not break the intarwubs" (or something to that effect). Let's assume that MS are not lying through their teeth as the sloppy spiteful sneaky snake they are, and that their implementation of TLS 1.+ is not actually full of bugs: I know that's a hell of an assumption for some of you beloved readers but bear with me for a sec. Breathe deeply, take your heart medication , an only then read the following.

            MS set the defaults in IE so that they don't break the websites that are not specifically built for IE.

            Spooky, huh? Told you so.

            OK, just kidding, you can start breathing again, they did that at the cost of security, they're still good old MS*. We have the tech and the reach to force-steer the sheeple** in the right direction, and maybe get some tech cred back, but no, it might temporarily startle the sheeple, let's have these Norse guys take the bold step and see what happens, we have dull patents and sharp lawyers, if it ever takes off we started it. Hey, it worked once with that Finn guy, half the industry still believes that we own his stuff***. Norse is a kind of Finn, right****? Let's do that again.

            Shit, that post sounds silly. But it still makes me chuckle like a nubile nun in a tickling contest. Oh well, Guy F. mask, here I come.

            * I know, right.

            ** Mistress Bee's away, some words might be allowed again.

            *** I know that, too

            **** and also that

            1. Tomato42

              You can initiate SSL transaction that will be compatible with both SSL and TLS at the same time, later on you act depending how the server answers (whatever it's a SSL or TLS response).

              The problem is that from TLS side it doesn't allow the server to choose TLS1.1 or TLS 1.2. Announcing TLS1.1 compatibility on client side breaks servers that can't deal with proper TLS requests. Even Opera did this for a long time because of that, only Opera 11 has enabled TLS1.1 and TLS1.2 by default, earlier versions required setting it manually and indeed made communication with broken servers impossible.

              What's worse, most "TLS vouln patched" web servers refuse connection if you try to connect using the (currently hypothetical) TLS2.0, so no, people implementing libraries haven't learned.

              On one hand, the more I read about current security problems the more I think that there should be some kind of a "computer programming/administration license". On the other hand I look at the morons that get licenses as architects and see there's just no hope for it to actually weed out the idiots. Holding the retards responsible for the damages they cause, along with their managers, and banning for any computer use more complicated than posting on Facebook would go a long way... probably.

              Still, as long as most of people are only a bit better than trained monkeys and three fourths of society is completely retarded as far as computers go, we're screwed.

  4. Anomalous Cowturd

    Opera remains the only browser that deploys TLS 1.2 by default...

    Why won't more people try it?

    It's been the best browser for years, and virtually all the new gizmos were seen first thanks to Opera Software. And its as fast as fsck.

    Bemused of Tunbridge Wells.

    1. Mark 65

      Although they are doing what they should (using more secure protocols) I'm not sure that's an overwhelming reason to use the browser given it'll have to negotiate down to 1.0 and therefore be susceptible to the same attack. Kind of a chicken and egg problem in that if nobody else implements higher versions of TLS in their browsers then websites won't use them for fear of losing customers so you get no real gain in the end. It's shit, but that's life. Hopefully, as noted in the article, this will force the browser vendor's hand seeing as changes only come through exploits existing.

    2. heyrick Silver badge


      And here we thread the same ground. Show me Opera offering something like NoScript, with a simple clicky interface and access controls to ALL included scripts, not just the ones on the current site. Plus auto blocking of Flash and PDF, easy to choose to allow. Based on a white list concept (it's a bit late disabling those you don't trust).

      BTW, it doesn't matter what protocols Opera provides if the sites don't use them. ;-)

      1. Anonymous Coward
        Anonymous Coward

        What is it about Opera?

        People seem so evangelical about it! I tried it- for quite a long time- and, well, I just didn't like it. You don't seem to get fundamentalist Chrome/Firefox/IE people, so why Opera? I just don't get it.

      2. Lee Dowling Silver badge

        Opera gets a bad rap, but most people honestly haven't tried it for a month.

        With my current Opera setup (migrated from something ridiculous like Opera 3.5 - nothing fancy or third-party), all flash and java apps appear as a big white play button. Until I click that, zero code of the appropriate plugin executes. And when I click it, ONLY that particular app runs, and no others on the same page.

        Why you'd want to sit and rely on a white-list to do such things, I have no idea. Most flash/PDF/Java compromise is via injection into known-good servers, or people wouldn't be viewing them in the first place. Better that you "play" only the apps you want on only the sites you want, when you want. Also - this means you remove the crap that runs on the same servers and run ONLY the game/advert/application that you want on a page (and NOT automatically - which is a BONUS).

        I'm not at all sure the point of seeing every script, either, to be honest, but there is work that way via Opera Dragonfly in the last few releases (but never seen the need for it, so never use it, but they're always talking about exactly that).

        The problem is not that you couldn't use Opera. It's that you're used to working a certain way, and defiant that it's the only way. Every time Opera upgrades I think "oh, damn it" because they'll have changed something about the way I work. 99.9% of the time I end up liking it better (their user-testing team must be GOOD, and that's coming from someone who's sticking with XP and Office 2003!), the rest I revert the changes using the built in config dialog.

        For years, I was a Netscape nut purely because it was the only half-decent user-browser of the age. Then it died and IE / Firefox cropped up again. Back then, Opera was scary and threatening but when their first ad-supported version came out, it was surprising comfortable using it compared to the other "ad-free" browsers. Now that all browsers are ad-free, Opera still hasn't left me and is also my primary email client too - mainly because, as a network manager, their forethought for security and standards is unsurpassed. They always get there before everyone else - the problem is that nobody thinks they will need it until it's too late, and by then the other browsers bolt-on the same code with lots more bugs.

        You just have the words "NoScript" plugged into your brain and unless you get exactly that on every browser, you're not interested. But, seriously, have you tried Opera for a month, migrating your email, using it exclusively, etc. for a half-recent version? Most Opera users have zero extra "plugins" or "scriptlets" or "widgets" running at all. Because you just don't need them with the default config.

        I honesty don't understand any more how people struggle through with IE or even Firefox. I have to support both, so use them all the time, but it feels the same to me as running Windows 95 in this day and age. They feel old, clunky, thoughtless, and their best features are outside-code that you have to install yourself.

        All I need is for Opera to do a deal with the Pidgin guys and incorporate their code into Opera's sadly under-used IM / IRC code and I'll never carry another program around with me when it comes to online communication.

        1. breakfast Silver badge

          Opera was amazing for a while, then somewhere around version 10 to 11 they seemed to lose track of the things that made the browser good - it got slow, clunky and it kept failing to work on sites I use regularly so after sticking with Opera since version 6 or thereabouts, I switched to Chrome.

          Then Chrome started getting slow and clunky - it seems like Chrome installations accumulate cruft like crazy and you have to just reinstall and lose all your profile data on a regular basis - and I went back to the old faithful to discover that as of 11.50 they seem to have bucked their ideas up and it's working nicely again.

          It may be annoying that most users ignore the most useful browser, but I guess it saves Opera users from being targeted by malevolant scripts...

        2. Anonymous Coward
          Anonymous Coward

          Maybe that's the problem- it's too obscure for the masses, yet slightly too complicated/quirky for the average technical user to make it work how they like it. I am a technical user, yet didn't manage to work out how to do the "white box until you click play" thing- and I was trying. Yes, it can be done, but if it takes longer than my attention span to figure out how because it's different from what I'm used to, then that's quite a big negative for me, and evidently many others. I know that probably sounds idiotic, but it's unfortunately how people work.

          It seems only power users willing to explore it in depth can get it working the way they want it (you admit yourself to being a network manager), and that is a very small market segment. Thus I think it falls between two stools. The people who get to know it properly seem to love it and tend to evangelise about it, but most people can't be bothered to put the time in when they're basically happy with Chrome/Firefox/god help us IE.

          On the plus side, I quite like Opera Mobile on my tablet. But that's a different thing altogether really.

        3. Greg J Preece

          It works the way I like. Why is that hard to understand?

          "Opera gets a bad rap, but most people honestly haven't tried it for a month."

          Couldn't get along with it for a full month. I've never called it a bad browser, though its fanbase are even more annoying than Apple's. The simple reason I use FF is that it works the way I want it to. I'm a developer, and as far as I'm concerned, Firefox has the most consistently accurate rendering of all the browsers. It's also a lot faster in recent versions, and once you start building on top of its base functionality, the plugins I have installed have made it invaluable as a development tool.

          For example, just the other day I discovered Poster, which is a tool for simulating POST/GET requests to APIs. Sure, there are other browsers and other add-ons which make this possible, but it's just such a well-made, nicely laid out and straightforward add-on that I've now installed it on every machine.

          Being able to customise FF to *exactly* how I want it is what makes it perfect for what I do. My downloads open in a tab because I want them to, I've changed some of the menus, Flash only plays when I want it to, I never see ads, and I can literally edit pages in place, enable/disable their various features, etc. Firebug is so awesome that other browsers have almost copy-pasted it into their own interfaces, and extending it for Drupal/Moodle/PHP is just damned handy.

          The awesome bar is also an absolute killer. It works better than anything I've used in any other browser, Chrome and Opera included. I almost never have to go directly into bookmarks or recent history, because it's just so good at finding what I'm looking for.

          The same thing has happened with my phone. I used to use Opera Mobile, but since FF mobile got its act together and sped up a bit, I now use it exclusively. It syncs, just like Opera, but it brings with it the same features that I love from the desktop version, like the awesome bar, and for fullscreen browsing it's the best damn mobile browser out there. It had a rocky start, but it's gotten really quite good.

          Opera's not bad, and if it wasn't for the spyware Chrome would be alright, but FF is just...better for me. Note: for me. You want to use Opera, that's dandy, but what you see in it isn't necessarily what's useful or right for other users.

          Seriously though, Opera's fanbase don't help. You don't see roving bands of Chrome users posting on every browser article and downvoting anyone that speaks out against it, do you?

          1. CD001


            Firefox has the most consistently accurate rendering of all the browsers.


            I'm not entirely, 100% convinced by that any more - FF does have the odd quirk I've found recently (some strange things happen when you style "buttons" or try to make anchor tags mimic those buttons in appearance).

            Still, as a web monkey, I tend to always fall back to FF for the Developer Toolbar, HTML Tidy (in view source), ColorZilla and a couple of accessibility testing plug-ins... for actually using the web browser as a web browser though - I think Opera is better (apart from the fact that it tends to render fonts a little smaller).

        4. CD001


          Most Opera users have zero extra "plugins" or "scriptlets" or "widgets" running at all.


          I've got a chess widget, does that count?

          Oh - and one that allows you to blow up the website with a little Asteroids style spaceship, you can shoot the HTML Elements to make them go boom - quite therapeutic :)

        5. heyrick Silver badge

          @ Lee Dowling

          Yes, actually I tried Opera for a while (I think two weeks, exclusively, and I didn't like it). I use it for downloading from fileshare sites because FDM doesn't work and Firefox has an annoying habit of dropping downloads early and then saying "completed". However I try to avoid it for the level of controls provided are insufficient for me.

          You know, NoScript is not a mantra for the paranoid. I guess if you think the things you've written about it, you really don't understand what it is for. It is more than script blocking. That big white play button? For an unapproved site (which is most of them), NoScript does the same thing.

          I am running Opera 9.something (v10 just will not work on my system, it dies on startup with no log file or message, and my request for help to Opera was met with silence, so I don't plan to continue any further - it is polite in the case of a DLL cockup (or whatever) to at least dump some sort of message to the user. Anyway, Opera 9, out of the box, default setup. Shows me ALL the adverts and ALL the annoying crap that I use plugins in Firefox to get rid of. That is one of the nice things about Firefox. I can "plug in" the functions I want. I have Rikaichan installed and available. Given it's a fairly complete Japanese dictionary system, I think most people here would be a bit annoyed if this was part of Firefox's core. But as it is not, it is something the can be added at will by the end user.

          I honestly don't understand why people rave so much about Opera which is a middle-of-the-road browser. Opera offers "widgets", but that's like a really basic plug-in with serious flexibility issues.

          1. Lee Dowling Silver badge

            Kudos to you for trying it. You can't ask for more than that.

            And actually, I know what NoScript does. Which is why I say that it's nothing that Opera can't do. If you're that paranoid that you only want scripts to run on certain sites (as we've established, all netscape-compatible plugins like Java and Flash are already handled this way in Opera with "play-button" mechanics), you would disable Javascript (F12, click the obvious highlighted option) and add sites one at a time to a whitelist (F12, Site Properties, Scripting tab and choose what you WANT the site to be able to do).

            It's not single-click but for the amount of times you should actually be whitelisting sites (if that's the way you want to play, rather than just, say, having it switched on) it's not a hassle in the least.

            While you're there, you can also configure site-specific options on the other tabs of the same dialog - cookie policy, popup policy, images, animated images, plugins, frames, individual groups of Javascript capabilities (e.g. Allow Script To Hide Address Bar), referrer info, proxies, whether to allow caching, user-agent-spoofing etc. On one menu, built-in, right in the default install of the browser, and with settings that transfer to all your machines if you so wish (you can even right-click instead of pressing F12, if that's too hard to remember). Or you can just override all sites with a blanket setting that applies to them all. Sure, there may be an option or two that NoScript and a handful of random plugins have on top but it won't be anything killer, and you don't need to worry about updating the damn thing every time the browser changes the plugin interface, and you don't need X amount of plugins to do so. It's literally out-of-the-box functionality and has been for a long time - and more importantly most of it was there BEFORE NoScript and others even existed.

            Your Opera 10 problems are your own, besides the fact that we're on 11.51 now. On all the machines I've ever managed (that's how long I've been installing it as the default) the only problem I have is on a single server that has a known procedure_entry_point error because of a MCVCRT file compatibility problem. It still runs, it just pops up a dialog first. Hell, it even works from a single shared network folder for dozens of users simultaneously - and a lot neater than trying to bundle Firefox MSI's onto corporate machines (Ick!) has been in the past. Whether a clean install or an upgrade (like I say, my Opera profile is carried forward from some ridiculously old original profiles).

            Now, the Japanese thing I'll have to concede - not because I know that Opera won't do it, but because I have never needed to install a non-western language into any installation, ever. But I'd be very surprised if there weren't half-a-dozen Opera "extensions" that did the same thing without executing native code, no need for the Netscape plugin API that's common to all the browsers, Opera included (how do you think we run the latest Flash, Java, VLC plugins, etc.?). (Opera Widgets are a security-sandbox for plugins that actually integrate into the browser much better - the equivalent of a Firefox extension rather than a plugin - and just as powerful).

            Opera isn't "middle of the road". It's quite often "cutting edge" and other browsers play catch-up. That's kind of the point that most Opera users will make. You say "Oh, the NoScript plug-in adds that functionality" and we say "We've had that in the default build since before that plug-in even existed".

            And that's BEFORE you even delve into a proper configuration dialog at opera:config (which does have EVERY option you can use, unlike Firefox which makes you plug some of the more obscure ones in yourself manually).

            I don't require people to USE Opera, I just think they should actually seriously trial it. There may be use-cases where it doesn't fit, but it's the only browser I trust for every job from giving it to computer-newbies (it's pretty damn hard to break your computer by viewing sites in Opera, even if you try - years of experience has taught me that it's the only "safe" option that people really have a hard time trying to mess up) right up to installing it across hundreds of machines, kiosk-mode internet terminals (built-in kiosk modes, automated slideshows, and URL filtering to keep people on your intranet, for example), home use and serious IT Office use. And strangely, that's because it *doesn't* compromise - my home setup is much more complicated than anything I use in work, which is locked down immensely.

            1. heyrick Silver badge

              @ Lee Dowling

              Thanks for the reasoned posting (I wonder why it was downvoted?). One of the big issues I have with Opera (I have JavaScript off by default) is that... let's say I want to access YouTube, and decide to thusly give permission ... the site only partly works because there's stuff pulled in from It isn't exactly obvious how to permit *plus* (unlike NoScript), you have to take the page apart to figure out what those other domains are.

              Paranoid? You call me paranoid? You *do* read El Reg regularly don't you? Look how many exploits are ultimately scripting, PDF, or Flash turning up when it isn't asked for. If being "proactive" about censoring what turns up on my system is "paranoid", then so be it.

              As we're up to Opera 11, I'll give it a whirl, see if it works. I just *wish* there was some sort of message. For the record, Opera 10.x is the *ONLY* program I have that "just dies" on startup without any sort of message. The other is the VB IDE if I dick around within the Windows API and stop the program using the Stop button instead of the proper exit handler function (which releases the pointers, etc).

              At work we have a SiteKiosk machine running IE6 with some *ancient* version of Flash on XP with no service packs nor built-in antivirus. I ran phpinfo() on my site and looked at the information provided by the client and almost died. How in this day and age...!?

              I concede that Opera seems to have a lot of out-of-the-box functionality, but then I think the Firefox mentality is ultimately different in that it is a fairly 'basic' browser core, to which you then add in the things you want, a pick'n'mix selection of what you like. For instance, I have (thanks to a recommendation here on El Reg) a plug-in called "BarTab" so I can keep my several-dozen tabs between sessions, but on startup, Firefox will load the last tab, not *all* of them. Speaking for Opera 9 (might have changed later), if I have a bunch of tabs open and I click the close button, the application closes. No prompting about the tabs. [I know this is correct, I just tried] Perhaps there is some option to alter this - if so, why isn't it on by default?

              Okay. I'll try Opera 11...

              1. heyrick Silver badge

                Follow-up: Opera 11 installs, then promptly dies on a fetch of ElReg with:

                Opera.exe 1087 caused exception C0000005 at address 0269F0D0 (Base: 400000)

                I've reported half a dozen crashes, Opera's own site works on Opera 11, El Reg always fails. I didn't bother trying much more, I'm writing this from the reverted Opera 9.64 (aka the one that works) having managed to find/recover my bookmarked stuff. I don't expect a reply, it's rhetorical, but just know that in some cases (sample of one ;) ), Opera is not the be-all. In fact, given my experiences, IE8 is *more* reliable! <stir!><stri!> As I said, the only reason I keep Opera around is because Firefox sometimes drops the end off of larger downloads and reports "done" instead of "incomplete"...

                Oh well.

    3. Anonymous Coward
      Anonymous Coward

      have you ever tried RUNNING fsck? its anything but fast.

  5. Dick Emery

    Firefox needs to fix this now!

  6. Chris Woollard


    It's a good job that Firefox and Chrome are chucking out new browser versions so quickly now :)

    1. Ken Hagan Gold badge

      Re: Browsers

      Pity that MS haven't chucked out a new version of IE8 for a while. Perhaps the 50% of their entire customer base who can't use IE9 are just going to be abandoned. Or perhaps MS will tweak IE8 to display the following message when you type https: in the address bar...

      "Internet Explorer does not support secure web connections.

      It's just for games, you know. It's not a proper browser.

      We recommend using Opera for anything involving money."

      1. Anonymous Coward
        Anonymous Coward

        How dare MS not support a decade old OS.....

        Of course there have been no announcements that they will no longer support it...

        Oh wait...

        End of mainstream support

        Windows XP Service Pack 3 April 14, 2009

        1. Ken Hagan Gold badge

          Re: support announcements

          Except that, if you recall, there was a small court case where MS swore blind that IE wasn't part of the OS, and XP embedded (also restricted in its browser support) is supported through to 2016, and vanilla XP is still in extended support.

          Oh, and regardless of what MS might *wish*, 50% of their customers still use it. So ... do MS give a rat's arse about their customers, or don't they? It will be instructive to see.

  7. konstructa

    Is this for real?

    Is it me or is this the biggest security news of the last 5 years? I am actually going to wait and see how other security researchers respond to this before reacting because it seems to big to be true. If its true then I think its a good reason why developers, IT admins and software companies need to slow the Fu#$ down.

    1. Anomalous Cowherd Silver badge

      I agree - if this is as it's described, it's just enormous.

  8. Anonymous Coward
    Anonymous Coward


    So if this hack takes half an hour on a legacy JS system like IE, maybe it can be optimized down to mere seconds with a C++ version on Google NaCl systems?

    Oh the irony.

  9. John F***ing Stepp

    Thinking. . .

    You know, not having a credit card or doing online banking (yes, I am a Luddite); I should not care.


    How long before some (less than nice) internet provider uses this to do deep packet inspections on the HTTPS sh*t that we had to go through hell to convince some of our cheap customers to purchase?

    Real world here, there do not seem to be any honest people on the trunk side of the internet*.

    *Yeah, like heavy breathing though a mask will help.

  10. vincent himpe

    Javascript is a PEST that needs eradication

    There should be no client side scripting or code running. Anytime you hear about a website infecting a computer in drive-by it is because of javascript. ( unless of course it is plain user stupidity by clicking and executing whatever link he/she is shown )

    No javascript would mean no popups , no fake antivir nagscreens and more of this nonsense.

    Anyone know a browser that does not support javascript ? ( no firefox doesn't count... being able to turn it off is not security, someone or something may find a way to turn it back on. I am talking about a browser that doesn't have javascript support. )

    1. Skrrp

      Browser with no JS support


    2. heyrick Silver badge

      Graphical browser without JavaScript

      Try NetSurf.

      There's apparently an incomplete port to Windows, but I can't locate a binary, so... I'll just have to run it on RISC OS under emulation. ;-)

    3. mark l 2 Silver badge

      source code

      Both firefox or chrome are open source so you could download the source code and remove the javascript parts and then compile a javascript free version yourself

    4. Daniel B.


      Yes, JavaScript is a pest. Unfortunately, all that weird AJAXy stuff means that browsers can't just get rid of it, and all this Web 2.0 crap is further extending JS use. Unfortunately, other client-side web code solutions have failed to get off the ground (Java Applets, JavaFX) or are even worse in the security dept (ActiveX) so it seems we're stuck with it.

      Then you've got Apple toting the "HTML5" banner, and it's going to be harder to get rid of JS...

      1. Anonymous Coward
        Anonymous Coward

        Blaming the wrong problem

        Saying Javascript is the problem, because it is used in exploits is similar to saying "the problem is browsers. If you didn't use a browser you wouldn't be compromised". Possibly true, but you wouldn't have much fun on the internet. Similarly turn off javascript and many many interesting websites don't work. And they're not all using it just to annoy you. For many the functionality is required.

    5. CD001

      No JavaScript would also mean many, many more page reloads to validate form data (rather than winging it around behind the scenes with AJaX).

      Still, I'd argue that on any website where you're actually trying to sell anything JavaScript _must_ be optional - which is a pain from a developer standpoint; for instance, I load in the address format based upon the country selected (postcodes are optional in Ireland for instance) ... if the customer changes country I need to load in a new address format - without using JS/AJaX that means a whole page reload. The whole step-by-step process of completing an order is a whole lot more clunky without JS... it works, but it's clunky.

      JS is a useful tool for hiding complexity in web applications from end users.

      1. vincent himpe


        why can't we have a server side push to update a single element on a page.

        it should be possible to create an updatable section of a page. Browser could respond to a change in a textbox or a pulldown list by sending a request to the source of the webpage. ( there would be no override )

        let's say you have a page with a pulldownlist a textbox and a submit button served from The definition of this textbox,list and button sits between special html tags <section='reply'>

        change the pulldownlist 'country'

        browser sends :'new zealand'

        This tiggers that the temporary user 'kdfjskdfhj' just changed his pulldown list to something new.

        The browser now pulls in

        where the server has posted the updated html code for that portion.

        you would not need scripting. html would be extended with 'area's that can be updated by the server. this would avoid full page reloads. only the html code for that portion is updated. since the layout does not change the browser is speedy too : it only needs to repaint that section.

        the mechanism woudl be made in such a way that there is no 'go-to' address avaialble. the browser can only send it back to the machine that served the page in the first place. so no spoofing there either.

        1. Tomato42

          because HTTP as a protocol is a kludge over bugs in UNIX kernel that were fixed 20 years ago.

  11. bazza Silver badge

    Time taken?

    "In an email sent shortly after this article was published, Rizzo said refinements made over the past few days have reduced the time required to under 10 minutes."

    What did he do, install the latest Chrome/Firefox/IE with their faster Javascript interpreters?

  12. Anonymous Coward
    Anonymous Coward

    Buried in paragraph 14

    ..."an attacker slips a bit of JavaScript into your browser"...

    If an attacker is slipping bits of javascript into your browser, on an encrypted page no less, you've already got bigger problems.

    You know how your browser pops up a warning if it's showing you a page composed of both encrypted and unencrypted content? Don't ignore those.

    1. Mike Cardwell

      You misunderstood the attack

      The javascript is being slipped into a http response from a site other than the target https site.

      The trouble is, people visit https and http sites at the same time. If the target is logged into a https page, and then visits a http page on a different site. You can inject stuff into that http page that will initiate requests against the target site.

      Eg, you could stick this bit of code in the http page if the target site is vulnerable to CSRF:

      <img src="">

      And if the target site doesn't use Strict-Transport-Security, and hasn't set the Secure flag on their cookie, you can cause the browser to initiate a non-ssl http request against the target to leak their cookie by simply slipping this into some unrelated http request to a different site:

      <img src="">

      You'll notice how both of those attacks work against browsers that have javascript disabled. This is why I use the Firefox addon RequestPolicy alongside NoScript.

      1. Anonymous Coward
        Anonymous Coward

        Well maybe, but...

        Give us an example of a high profile site which resets passwords as a GET, rather than a POST.

        If there aren't any that example doesn't work.

        1. Mike Cardwell


          Most sites don't check to make sure that the request was a POST rather than a GET. This is unimportant anyway, because creating cross-site POSTs is almost as easy as creating cross-site GETs:

          <form method="post" action="">

          <input type="hidden" name="newpassword" value="foo">

          <input type="submit" id="submit" value="submit">


          <script type="text/javascript">document.getElementById('submit').click();

          There are defenses against this attack, but 99% of sites don't use them. And before you go off on one about sites requiring you to enter your old password as well, stop attacking the particular example, and think about the "class" of attacks that are available.

          1. Anonymous Coward
            Anonymous Coward


            Not at all irrelevant, entirely relevant.

            Your POST example uses Javascript. Your GET example was to show this can be done without using Javascript.

            I'm unaware of sites which expect POST data which also accept the same data being submitted as a GET. Can you suggest any?

  13. Anonymous Coward
    Anonymous Coward

    @AC 22:20 GMT: Re Opera

    Yes just tried it and it does support TLS 1.2, though this is not enabled by default (TLS 1.0 is).

    Also Opera fails when to try "Check for updates" if you have TLS 1.0 disabled...

    1. Robert Carnegie Silver badge

      There's probably an alternative to "check for updates" in the app.

      Visit the product's web site and read the latest version number. But that isn't secure. Someone could set up a fake Opera site, and serve out trojan software.

    2. garbo


      Running Opera 11.10 with TLS 1.0 disabled (on Linux Mint 11). Check for Updates offers me Opera 11.51 at the Opera website. Could your problem be OS related?

  14. Steve 53

    Re AC 06:11

    Operas update servers are behind a load balancer which is currently only TLSv1 and not reneg patch, which has been a big source of frustration to the opera security team.

    If I'm right at guessing which load balancer they refer to, then they've just produced a new release with TLSv1.2 - suspect it'll need some testing before deployment

    Generally, on this subject, hmmm...

    Well I can't see the face of the world changing, but it is concerning.

    - The javascript injection would be to another page you're visiting at the same time, I suspect. So its relatively easy to say "Ok, I'll keep a separate browser for secure transactions"

    - The packet capture (In reality) is difficult for someone that isn't in direct control of the network (Who could therefore probably do nasty things in much easier ways).

    In the real world, I suspect it'll be considerably easier to for mass fraud to find yourself a nice drive-by zero day, drop a trojan and profit.

  15. Steve 53


    Looking at RFC5246..

    " IV

    The Initialization Vector (IV) SHOULD be chosen at random, and

    MUST be unpredictable. Note that in versions of TLS prior to 1.1,

    there was no IV field, and the last ciphertext block of the

    previous record (the "CBC residue") was used as the IV. This was

    changed to prevent the attacks described in [CBCATT]. For block

    ciphers, the IV length is of length

    SecurityParameters.record_iv_length, which is equal to the


    Which then references

    So further

    - Not a new attack, but the method of injecting chosen plaintext is

    - Block ciphers are affected, I'm guessing the venerable RC4 algorithm isn't

  16. LawLessLessLaw

    So it's BROWSERS that are broken NOT TLS ?

    Because TLS is used in other places than the web browser, in your Email connections for instance:

    Received: from ( [])

    (using TLSv1 with cipher AES128-SHA (128/128 bits))

    1. Mike Cardwell

      SMTP can already be trivally MITMd

      SMTP can already be trivially MITM'd because SMTP servers don't do any sort of certificate verification. Basically the majority of SMTP is unencrypted, and even that which is protected by TLS is "protected" by self signed certificates that aren't even checked/verified.

      SMTP TLS is good for defending against passive observers opportunistically, but if somebody can intercept the connection, on either the sending *or* receiving side, you're screwed.

      1. Vic

        SMTP can be protected against MITM

        > SMTP servers don't do any sort of certificate verification.

        That's a choice.

        You *can* enforce cert verification if you want. Most people choose not to, because OE - although susceptible to MITM - is better than a kick in the nads.

        But if you wanted to ensure that all mail to/from a particular server/domain is encrypted using a verified cert, you set your MTA up to enforce that. It's easy in sendmail - and I'm sure other MTAs can match that.


        1. Mike Cardwell

          "That's a choice."

          "That's a choice."

          I know that you *can* enable certificate verification. I've done it myself in Exim. That only happens in very limited and minor cases though. Where the two communicating systems know each other and the administrators of both systems have a reason to want to enforce it.

          I'd bet at least 99.9999% of SMTP traffic is either not encrypted, or encrypted without certificate verification.

    2. Ken Hagan Gold badge

      Re: So it's browsers that are broken, not TLS?

      Not by my reading, it isn't. The weakness is that TLS 1.0 doesn't use a "sufficiently random" encryption key. TLS 1.1 and 1.2 do, and most browsers support them. The problem is that most *web-sites* don't.

      But yeah, this doesn't necessarily affect any other use of SSL.

      1. bazza Silver badge

        @Ken Hagan. Title not optional

        "But yeah, this doesn't necessarily affect any other use of SSL."

        I'm half wondering if the basic technique is re-usable. These chaps have used Javascript as a way of targetting SSL/TSL sessions in use by a web browser. But I'm guessing (without any real knowledge) that the basic technique could be re-packaged as, for example, a trojan which might intercept any SSL/TSL traffic. Any thoughts?

        1. Tomato42


          As been said, the attack is used to guess the used HTTPS session cookie. You can't force a mail client or VPN client to repeatedly make new connections to a server with plaintext chosen by you before the interesting piece of information is exchanged (the password).

          Mail is insecure. If you want secure mail, use OpenPGP or S/MIME, TLS is there to protect passwords, not the messages.

          What's more, this attack is still highly theoretical for any non HTTP use of TLS.

  17. XMAN

    If these guys have worked it out..

    then I'm sure most governments have had this capability for many years

  18. max allan

    Doesn't NEED Javascript!

    For everyone getting het up about the existence of Java in this exploit, that is just an example of how it could be released into the wild. (If you can decrypt SSL, then you can probably add extra text into the connection to include your java)

    BUT I don't think you need it.

    I suspect you just need a packet sniffer and the code and away you go.

    So, for example, sit in a public place with a dodgy wifi AP and everyone surfs through you thinking "haha, I'm safe, I've got a green padlock". In the meantime you've captured all their login/password information etc. Presumably you can decrypt it all at your leisure and then login to their paypal/bank account a few days or weeks later and pay yourself a little bonus.

    If it takes java 10 minutes to decrypt, then a bit of nicely written OpenCL with a pile of GPUs will probably crack it realtime. That's something I'd like to see! (not on my connection)

    1. Daniel B.


      Java != JavaScript.

      That said, the JS piece is needed because it is a chosen-plaintext attack. It basically exploits the broken IV implementation used for TLSv1.0 to defeat CBC, so the JS thingy is needed...

    2. Loyal Commenter Silver badge

      Putting aside that Java != Javascript, as mentioned above.

      As I read it, this allows the attacker to glean the authentication information for the SSL session. provided they can do this in less time than the session exists for, they could use it to spoof the session from another machine / browser tab, etc.

      This would not automatically get them your user name and password. It _may_gain them access to the change password facility of the site in question, and would most lilely allow them to eavesdrop and/or control the session with that web site for as long as it is active. However, most sites when changing a password would require you to enter the old password, so you would only be vulnerable to leaking your password if you changed it during a compromised session.

      Most sites also only require the user name during log-on, and since the attack is not instantaneous (i.e. takes 10 minutes or so to crack the session authentication), you will most lilely have done the whole user name and password log on bit long before the attacker can compromise your session. The exception I can think of to this is if you leave your browser at on a login page with an established SSL session but don't log in for ten minutes.

  19. Ian Chard


    Sadly this will just make my bank even more eager for me to install this Trusteer dreck...

  20. DannyJr

    Opera may have TLS 1.1 and 1.2 on by default but almost no website support it. I tried using Opera with only 1.1 and 1.2 on, and almost every https website fails to load. We need to have the major websites like GMail to support 1.1 and 1.2 so that we can safely turn off 1.0 and SSL 3.

  21. RickDeckardt :

    Cryptology ePrint Archive: Report 2006/136

    A Challenging but Feasible Blockwise-Adaptive Chosen-Plaintext Attack on SSL


    It took them 5 years to create an exploit?

  22. I know better


    Would be nice to be able to sandbox a tab on your browser so that the site you're using can't be shared with another tab. No session information, cookies or anything. Like a private browsing session for a single tab. That would solve it? You'd just start a "secure" tab, go to PayPal, pay then logout out and close the tab. The other tabs would be oblivious and wouldn't be able to share any data.

    1. Boothy

      Around already, but not common (yet!)

      Secure tabs are already available on mobile devices, at least the default browser on my Android 3.2 tablet has this feature. Just select an new secure tab, rather than a normal tab.

    2. Loyal Commenter Silver badge

      I can't see how this would work.

      How does your browser know that a request from another tab to the same site should be blocked? How does the browser distinguish between traffic from the 'secure' tab and traffic from other tabs in terms of which sites it is allowed to send request to? As far as the server is aware, it is authenticated to a given IP, not an individual tab in a browser. As far as not leaking information between tabs goes, this should already be the case, presumably with the exception of cookies which relate to specific sites/resources, so are available for all to read if they know the cookie's 'name'. Of course, if a site is so badly written that it leaks important information into cookies left right and centre then you're pretty screwed anyway.

      1. I know better

        Agreed but

        ... if the attacker can't get any of the information (session cookie etc) from your session then all the attacker can really do is have a parallel session with their own session cookie.

      2. Mike Cardwell

        "How does your browser know that a request from another tab to the same site should be blocked?"

        It doesn't need to block anything. The "secure tab" gets its own cookie store. When you log into a site inside that secure tab, the secure tabs cookie store contains your session cookie. Any other tab that tries to launch an attack against the site, will be launching it against a site which it isn't logged into.

        This would also allow people with multiple accounts at the same site to log in multiple times from different secure tabs.

    3. CD001

      You can do that in the browser-that-shall-not-be-named-for-fear-of-being-accused-of-fanboyism (rather than the other browser that shall not be named because it's crap).

    4. Ken Hagan Gold badge

      Re: sandboxing

      For those browsers that actually *let* you start a second instance, I imagine that this would have a similar effect. On top of that, depending on your OS, you may have a mechanism to start the second browser in a restricted/safe context.

      Worst case scenario: just don't be doing any other browsing the next time you are shopping or fiddling with your bank account.

  23. ewil

    Best practice: HttpOnly

    When setting cookies, could use of the 'HttpOnly' flag resolve this vulnerability? (In supporting browsers, at least?)

    1. Mike Cardwell


      In this attack, the cookies aren't being read using JavaScript. HttpOnly doesn't help.

  24. The Alpha Klutz

    we need something other than general purpose web browsers

    for secure traffic.

    Using a general purpose web browser to do your banking is getting to be like cleaning your teeth with a shotgun. We need something much less powerful, with much more emphasis on safety.

    We need simple 'banking clients', based on the best available encryption technology, and everytime that technology gets patched, your client breaks until you download the update. Your bank should rightfully be seen as negligent if they too do not upgrade ASAP (yes, that means someone at the bank actually has to do some WORK once in a while, sorry to break it to you like that). It is a deriliction of duty to use the same shit that doesn't work for decades, then sit on your hands and blame everyone else when it goes wrong.

    Yes you can bitch and moan about having to install constant updates, but this is security we're talking about, not some fucking parlor game.

    A web browser is like a pub, different pubs are good for different reasons, but none of them are good for banking. Thats why you go to your local BANK, if they're not too busy closing it down so the CEO can pocket another hundred million.

    So in summary, bankers are the only people in the world who can afford to take on such a software project, and they're still not going to.

    which means the government has to do it, which means, guess what, that'll be another billion taxes straight to Microsoft. Maybe Microsoft should just buy HMRC. And, 25 years later, they might come up with some dicky bullshit software based on a phone tablet toaster PC that you can use on your flower arranging table on the moon. And it'll only cost a million pounds in the UK and 3 dollars in the US.

    1. Anonymous Coward
      Anonymous Coward

      Re: we need something other than general purpose web browsers

      .... and you can bet your arse that my OS won't be supported......

      No, I'm not going to switch to windows/OS X/Linux to use banking....

  25. Vladimir Nicolici


    I don't know why everyone belives Opera has TLS 1.1 and 1.2 by default.

    I just installed it, and both options were not enabled by default.

  26. hexx

    ok, i'm moving to a bunker. will store cash in the pillows and will live w/o net - wait, the last bit is already happening, been waiting for sky for 3 weeks

    1. I know better


      You're lucky, I've been living with mobile broadband in a rural area for over a year! Paris, because I can't see an icon of Scarlett anywhere...

  27. Anonymous Coward
    Anonymous Coward

    Call me back

    when you have a general MITM attack against the encrypted stream that does not require the client or server to be compromised. Malicious JS is not news.

  28. John F***ing Stepp

    I will try to explain my objection.


    Putting an ad into your webpage.

    Now doing it if you are using ssl.

    Now maybe over in the UK your ISP is too nice to do that but I live in the USA and these people are not as nice as BT et al.

  29. Tagware

    Goggle Search results based upon sites SSL level


    This would be easy. If Google and other search engined announced that the search rating would take account of the SSL level the site used. So, 1.2 gets highest rating.

    You would find rather a lot of Websites upgrading to the newest SSL.

    Dead simple really. Google and other search engines then get the credit making the internet a more secure place.

    1. Jeff 11
      Thumb Down


      Yeah great, force us all to use HTTPS for unsensitive content that requires no encryption. Ranking sites on that metric would be a printing press for the cartel of CAs.

  30. Dan Goodin (Written by Reg staff)

    Correction -- Opera doesn't support TLS 1.2 by default

    Dear readers,

    Contrary to what was published earlier, Opera doesn't support TLS 1.2 by default. Our apologies for the error.

  31. Oh my furry ears and whiskers

    A bonanza for Microsoft as users move from XP to Windows 7?

    If TLS 1.1 and 1.2 are unavailable on XP (and Microsoft and others don't change this), does this mean that XP has to be scrapped when this exploit becomes widespread? Will we have to move our XP boxes to Windows 7 (or another OS)? Presumably we can't fix the issue with Opera (or a fixed Firefox)?

    I'd have thought that most people wouldn't trust their ISPs (and others in the IP connection chain) not to listen in to their banking sessions. So most people would want to move to TLS 1.1 and 1.2, which means a lot of work for those running SSL sites and new OS's for machines that can't move to TLS 1.1 and 1.2.

    1. Richard Gadsden

      Opera is a fix

      It's only schannel on Windows XP that doesn't support TLS 1.1 / 1.2, not the entire OS.

      If, like IE and Safari, you use the OS' native crypto library, then the problem arises that you only get TLS 1.0 . Microsoft could release an updated schannel for Windows XP that included support for TLS 1.1 / 1.2 (but they won't).

      For the other browsers, Firefox and Chrome share a common open-source library (Network Security Services); that will need to be upgraded to incorporate support for TLS 1.2, or they will have to switch to a different library (NSS is developed by Mozilla, so Firefox won't switch, but Google could write their own crypto library in theory).

      Opera uses their own library, and Opera on Windows XP does support TLS 1.1 / 1.2 - you just have to enable it as it's disabled by default.

  32. This post has been deleted by its author

  33. Anonymous Coward
    Anonymous Coward

    Errrr - wasn't TLS 1.0 already at issue and superceeded

    I was under the impression TLS 1.0 was already a borken standard and why it was superceeded . IIRC it was broken and news over 5 years ago. Oh well

  34. Anonymous Coward
    Anonymous Coward

    How about contributing instead?

    What an unnecessary sensationalist article! OpenSSL is an open source project. Anyone is free to contribute code to the project. Maybe these so called researchers should contribute working code instead of trying to break everything.

  35. OrsonX


    Recon your advertisers will be dead chuffed with you running this story!

  36. tvdp

    OpenSSL does have a TLS 1.1/TLS 1.2 implementation

    Guys, in the article is stated that OpenSSL has yet to implement TLS 1.1 and TLS 1.2

    However, those versions of TLS have already been implemented as of OpenSSL 1.0.1

    Although OpenSSL advertises version 1.0.0e as latest stable version, a stable version with TLS 1.1 and TLS 1.2 seems to be right around the corner.

  37. Xeon

    I can't be 100% sure, but I've done work with SSL in the past and the encryption used during SSL is determined during the handshake process. That being said most sites use AES-256 industrial grade encryption as the primary encryption suite on SSL connections, so if this story is correct it could have more far reaching implications with regards to AES-256 encryption. That's why I feel this story might be bogus. If this BEAST tool had a valid certificate from a trust certificate authority it could launch a man-in-the-middle attack, but that's only as long as the certificate authority wasn't blacklisted. Again forgive me if my SSL/TLS knowledge is a little rusty, its been 2 years since I've had to code an application that dealed with the knitty gritty details.

This topic is closed for new posts.

Other stories you might like