Nick Lowe • User • The Register Forums

Sensitive Virgin Media web pages still stuck on weak crypto software

Wednesday 7th October 2015 10:11 GMT Nick Lowe

Re: Another one for the hall of shame

Try https://dev.ssllabs.com/ssltest/analyze.html?d=identity.virginmedia.com

0 0

Virgin Media takes its time on website crypto upgrade

Monday 30th March 2015 16:29 GMT Nick Lowe

Re: TLS 1.2 intolerant == not patched is Total rubbish

You have completely misunderstood and confused a server being intolerant to TLS 1.2 from actually supporting/implementing the TLS 1.2 protocol. They are entirely different concerns/things.

A server has to support TLS version negotiation correctly so that insecure TLS version fallback doesn't have to take place in a modern Web browser that supports TLS 1.2 for it to be accessible. The server can still happily only implement the TLS 1.0 protocol, it just has to do so correctly. The bug here is that Virgin's TLS 1.0-only servers do not respond correctly, per TLS 1.0 spec, to a TLS 1.2 Client Hello. Version negotiation fails.

Being version intolerant to TLS 1.2 Client Hellos definitely does therefore mean that a server has not been patched. It has been patched for years.

Firefox will remove insecure fallback in a forthcoming release. See https://bugzilla.mozilla.org/show_bug.cgi?id=1084025 and https://bugzilla.mozilla.org/show_bug.cgi?id=1126620

It is this intolerance that Chrome is calling out when you view details of the connection to Virgin Media's services, not the lack of TLS 1.2 support.

5 0

Monday 30th March 2015 16:28 GMT Nick Lowe

Re: Phew...

Virgin's Community Forum doesn't use HTTPS when you login either.

This is definitely something that needs addressing by Virgin Media and The Register.

2 0

Fatally flawed RC4 should just die, shout angry securobods

Wednesday 18th March 2015 20:56 GMT Nick Lowe

For anybody concerned about potential compatibility impacts of disabling RC4, CloudFlare's article should lay most fears to rest as they've already got rid of it:

https://blog.cloudflare.com/end-of-the-road-for-rc4/

3DES is the legacy alternative that should be used for any Windows XP stragglers for SCHANNEL consumers such as Internet Explorer.

(AES cipher suites didn't get added until Windows Vista and it's available as a hotfix for Windows Server 2003.)

Chrome and Firefox run with their own TLS library so won't use this legacy cipher suite.

1 0

Wednesday 18th March 2015 15:25 GMT Nick Lowe

1) CVE-2013-2566 has only just had its CVSS v2 Base Score raised to 4.3 with a revised exploitability Subscore of 8.6: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2566

This means that PCI compliant organisations cannot use the cipher as approved scan vendors will fail you if you have any vulnerabilities with a CVSS score >= 4.0

2) As others have said, the RFC now has a number, 7465 and it's in the final stages before standardisation: https://tools.ietf.org/html/rfc7465

3) The reason that we have such a problem today with RC4 is because many organisations enabled-and-prioritised cipher suites that use the cipher because of the BEAST attack.

BEAST was a client vulnerability that affected CBC with TLS 1.0 but not RC4, a stream cipher. By making RC4-based cipher suites prioritised at the server end, you could cajole most clients in to using it mitigating BEAST.

However, all major Web browsers have implemented 1/n-1 record splitting that resolves BEAST.

Some security scanners/auditors erroneously continue to flag this as an issue therefore.

4) We’re still also waiting for the details of:

https://www.blackhat.com/asia-15/briefings.html#bar-mitzva-attack-breaking-ssl-with-13-year-old-rc4-weakness

This is likely to be a bigger break than the one mentioned in the article.

2 0

NASTY SSL 3.0 vuln to be revealed soon – sources (Update: It's POODLE)

Tuesday 14th October 2014 08:49 GMT Nick Lowe

Should be moot. No need to offer SSL 3.0.

This should be moot as there is no need to offer the SSL 3.0 protocol these days, the only clients that need it are themselves broken and should be corrected, IE 6.0 or misconfigured later versions of IE against the defaults. Offering TLS 1.0, 1.1 and 1.2 is best practice, potentially even just 1.0 and 1.2 as 1.1 is unused.

4 0