Re: Tomcat config question: 'compression' versus 'SSLDisableCompression'

Fri, 09 Aug 2013 09:18:32 -0700 

On 8/9/2013 8:10 AM, Mark Thomas wrote:

On 09/08/2013 15:28, Christopher Schultz wrote:

Mark,

On 8/9/13 9:14 AM, Mark Thomas wrote:

On 09/08/2013 14:50, Christopher Schultz wrote:



It's too bad it took a researcher a year to figure out that
compression of any kind makes encryption (where the attacker can
force random probing attacks) weak. It's not like SSL+compression
and SSL-compression+compression is that different.



It didn't. The original CRIME presentation covered this topic. I
fail to understand why such a fuss is being made of this
re-hashing.


I wouldn't say this constitutes a "fuss".


"fuss" was a reference to how some folks are reacting to this "new"
attack, "BREACH". First it isn't new, second it isn't (in my view)
practical.


The original CRIME presentation also (correctly) pointed out that
any attack based on this is entirely theoretical and not currently
at all practical.


Coffee shop + XSS? Perhaps a stretch.


To succeed, the attacker requires:

a) The victim is using a site that uses HTTP-level compression on responses
b) The site echoes user input in HTTP response bodies
c) The response bodies contain a constant secret (eg. CSRF token)

So far, not too hard. c) is a little unusual. Session IDs are normally
in cookie headers, CSRF tokens should change on every request. That
said, there are plenty of sites that meet a) to c).

d) The attacker has the ability to view the victim's encrypted traffic.
e) The attacker has the ability to cause the victim to send HTTP
requests to the vulnerable web server.

e) is where I think this attack becomes impractical. This may change
over time but at the moment the coffee shop scenario would require
social engineering the victim or subverting the router if the site mixed
HTTP and HTTPS. A malicious ISP / $work sysadmin is another option with
mixed HTTP/HTTPS.
I was reading about the pineapple wifi mark iv the other day. It looks to be a particularly powerful piece of pen testing equipment. This tool in a coffee shop would probably be all you need to have a good chance at e).
In short, don't do banking (or other sensitive work) at a coffee shop when the pages are a mix of HTTP and HTTPS. 


The point is that folks are starting to chip-away at certain aspects
of TLS. Just like they did with hashing algorithms. MD5 was great when
it came out. So was SSL. There's nothing wrong with looking toward the
future, even if the current crop of problems aren't exactly catastrophic.


Indeed. If only everyone was approaching this with the same sense of
perspective. I agree the attacks will only get better / easier / more
practical but right now there are some big obstacles and I don't see any
obvious roots to getting over them.

Mark


I'm not a security person, nor do I play one online.

. . . . just my two cents
/mde/


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to