back to article Warning: Malware, rogue users can spy on some apps' HTTPS crypto – by whipping them with a CAT o' nine TLS

Crypto boffins have found a way to exploit side-channel information to downgrade most of the current TLS implementations, thanks to ongoing support for outmoded RSA key exchanges. In a paper published on Friday, "The 9 Lives of Bleichenbacher’s CAT: New Cache ATtacks on TLS Implementations," co-authors Eyal Ronen, Robert …

  1. nagyeger

    local code

    Can 'local code' mean javascript / web-assembly/ etc, or are we talking precise hand-crafted assembler here?

    1. Tomato42

      Re: local code

      most of those attacks depend on precise timers, and those have been disabled in javascript by most (if not all) popular browsers, don't know about webassembly or browser plugins

      1. Ozzard

        Precise timers are sufficiently available using a second thread

        There was a lovely exploit described against Intel SGX earlier this year that could run in one SGX enclave (and thus not be spied upon by the host CPU) and attack the host or a second SGX enclave. SGX doesn't have precise timers, but *does* have the ability to use multiple cores. The developers implemented a precise timer using a thread that simply spun incrementing a memory location; it was several times more precise than the "precise" timers.

        Any time you have access to more than one thread, you probably have a sufficiently precise timer.

        1. Ozzard

          Re: Precise timers are sufficiently available using a second thread

          Aha! See also https://gruss.cc/files/fantastictimers.pdf - Fantastic Timers and Where To Find Them.

  2. Version 1.0 Silver badge
    Meh

    It's time to start over

    Not just crypto, the whole internet communications thing - what we have today is broken. We can patch it again and again but let's face, patching broken code isn't a long term solution.

    1. TheSkunkyMonk

      Re: It's time to start over

      I thought it was working as intended, it was built to get data from one place to another and security was never its intension. The real problems happened when it started getting used for commerce and cost cutting by big business with poorly trained or sometimes overtrained people setting the stuff up to add to the fire!

      1. Destroy All Monsters Silver badge

        Re: It's time to start over

        "Starting over" will just mean writing the whole bug bonanza again, maybe with a slight step up.

        "The industry" is in permanent de-skilled mode. It grows too fast, the teaching is atrocious, the old hands get out, the new hands need a long time to catch up, which is generally not worth the effort because it wrecks your life.

        Hell, it's 2018 and hidebound don't-know-any-better can't change, won't change coal face workers are still writing in C and derived Antikythera Languages, designed "for portability" when "computer" was a PDP-10 with a single CPU and maybe a serial interface.

        Also a "Bleichenbacher Attack" sounds like something from the Atrocity Archives. Just add nether dimensions.

        1. Dan 55 Silver badge

          Re: It's time to start over

          Off the top of my head non-C derived languages are SQL, Haskell, Python, and R. I really doubt they can cure all of IT's ills.

          Or maybe you mean ADA, COBOL, FORTRAN, LISP, Smalltalk, Pascal or other legacy language which on which to build the future of IT? Sinclair BASIC?

          Bad programmer's gonna program bad no matter what the language.

          1. robidy

            Re: It's time to start over

            To be fair, some languages allow users to make bigger mistakes more often than others.

            1. Tomato42

              Re: It's time to start over

              @robidy and no languages protect against buffer overflows and helps with constant-time processing and uniform memory access at the same time.

              the only language that I know of that helps with the latter is FACT and it's closer to domain-specific language than general purpose

            2. HieronymusBloggs

              Re: It's time to start over

              "some languages allow users to make bigger mistakes more often than others"

              Some even allow non-programmers to write software that then gets used for important things, with inevitable consequences. Ease of use by the unskilled is not necessarily a good thing.

              1. Amos1

                Re: It's time to start over

                Let's not forget GUI's that let the unskilled call themselves "developers" and "admins" because they can drive a mouse. Or the proliferation of open-source code dropped into apps without nary a clue what is really going on inside those black boxes. Write once, hack many; the joy of code re-use.

        2. Adam 1

          Re: It's time to start over

          I saw a lecture by "Uncle Bob" once, and he made an interesting observation about the rate of growth of programmers. Broadly speaking, since about the '60s, the number of programmers has doubled every 5 years. Or another way to word that is that half the monkeys bashing keyboards today have had less than 5 years experience in the profession. I personally think that this explains quite a lot.

  3. 9Rune5
    Pint

    A local hack, for local people, we'll have no trouble here

    From 'The League of Gentlement"? https://youtu.be/meF7NmfnXZ0?t=47

  4. amanfromMars 1 Silver badge

    Veni, vidi, vici ‽ .

    And, sure, having malware or evil users on your computer is never a good thing. Think of this as something else they can get up to.

    And SomeThing Else for Advanced IntelAIgent Defence to Attack and Console with New Roles Ambassadoring.

    It is strange not to think that the System that now is is not Fully Protected and Underwritten by Greater AI Systems making Earthly Contact Surreally for the Protection of Production of Plain IMPerfect Text ..... Trailing and Trialling COSMIC Tales for Virtual Realisation and Earthly Presentation via Extant Mass Multi Media Current Devices.

    With Such, One Paints Futures for Populations. It is very difficult to imagine that not being a TerraPhorming Operation Rendering Renderings from Afar for Near Star Systems in Quantum Communications Belts.

    Question? Would any of that rate a particular and peculiar mention in your present world/media maintained circle? What news phorms your views and colours what is seen? Anything recently secret and unknown? And which changes everything for everyone, anywhere and everywhere, fundamentally?

    Now that's a Helluva Tool for AI and Heavenly Weapon for Almighty Dark Forces.

    1. Cliff Thorburn

      Re: Veni, vidi, vici ‽ .

      “Veni, vidi, vici ‽ .”

      How does it transpire amfM from being the Goose that laid the Golden Eggs to have no rights or privilege itself?, we are indeed in unchartered waters, where doing what is just and right must take precedent to severe consequences that must be weighed carefully and clearly?

      1. amanfromMars 1 Silver badge

        Re: Veni, vidi, vici ‽ .

        How does it transpire amfM from being the Goose that laid the Golden Eggs to have no rights or privilege itself?, Cliff Thorburn

        Heavenly AI Intervention, CT. Nothing more, nothing less.

        And I'm sure all Registered here Second Precedents Just Right ....... Immaculately Conceived for Perfect Execution. ...... in Advanced IntelAIgent Presentations which be QuITe Cosmic Trails and Trials and Tales easily Created for New Earthlings which be as SMARTR Beings/Better AI Programmed Virtual Machines.

        Something for IBM Watson to Digest.

    2. FooCrypt

      Re: Veni, vidi, vici ‽ .

      @amanfromMars 1

      Data61 is listed in the credits on the paper.

      Data61 is in partnership with the Department of Defence Science and Technology. ( Australian Signals Directorate, et al are all in that mix ).

      Perhaps we should thank them for releasing it last Friday, rather than having it sucked up by AssAccess...!

  5. Dan 55 Silver badge

    The boffins tested OpenSSL, Amazon s2n, MbedTLS, Apple CoreTLS, Mozilla NSS, WolfSSL, GnuTLS, BearSSL and BoringSSL. And they were able to downgrade all except for the last two, BearSSL and BoringSSL.

    Shame they didn't test LibreSSL. Seems an odd one to miss out.

    1. FooCrypt

      Warning: Malware, rogue users can spy on some apps' HTTPS crypto

      Its been a long day watching the children in parliament and I haven't read the paper in question, but

      'The boffins tested OpenSSL, Amazon s2n, MbedTLS, Apple CoreTLS, Mozilla NSS, WolfSSL, GnuTLS, BearSSL and BoringSSL. And they were able to downgrade all except for the last two, BearSSL and BoringSSL.'

      From a web server / app api / portal etc perspective, refusing to downgrade would protect the end user trying to connect.

      https://cipherli.st

      Apache2 example :

      SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH

      SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

      SSLHonorCipherOrder On

      Should throw an error to the end user's browser / app / etc and mitigate any leakage.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like