Michael Coates mcoates@mozilla.com michael-coates.blogspot.com



Similar documents
SSL and Browsers: The Pillars of Broken Security

SSL BEST PRACTICES OVERVIEW

SSL/TLS and MITM attacks. A case study in Network Security By Lars Nybom & Alexander Wall

Criteria for web application security check. Version

A Study of What Really Breaks SSL HITB Amsterdam 2011

Lesson 10: Attacks to the SSL Protocol

New Tricks For Defeating SSL In Practice. Moxie Marlinspike

Securing the SSL/TLS channel against man-in-the-middle attacks: Future technologies - HTTP Strict Transport Security and Pinning of Certs

Breaking the Myths of Extended Validation SSL Certificates

Implementation Vulnerabilities in SSL/TLS

Software and Web Security 2 Session Management

Breaking the Security Myths of Extended Validation SSL Certificates

Internet Banking System Web Application Penetration Test Report

SSL implementieren aber sicher!

SSL/TLS: The Ugly Truth

Project X Mass interception of encrypted connections

SSL Interception Proxies. Jeff Jarmoc Sr. Security Researcher Dell SecureWorks. and Transitive Trust

Client configuration and migration Guide Setting up Thunderbird 3.1

Recommended Browser Setting for MySBU Portal

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

Two Factor Authentication in SonicOS

SSL: Paved With Good Intentions. Richard Moore

Hosted Microsoft Exchange Client Setup & Guide Book

What s Your HTTPS Grade? A Case Study of HTTPS/SSL at Mid Michigan Community College. Brandon bkish@midmich.edu

Maximizing Performance with SPDY & SSL. Billy Hoffman

More on SHA-1 deprecation:

SSL-TLS VPN 3.0 Certification Report. For: Array Networks, Inc.

The Evil Twin problem with WPA2-Enterprise. Ludwig Nussel SUSE Linux Products GmbH

Configuration Manual for Lime Domains

Dashlane Security Whitepaper

Transport Layer Security Protocols

Web Application Report

Asia Web Services Ltd. (vpshosting.com.hk)

Basics of SSL Certification

Configuring Internet Explorer for Voyager on Client Computers

Reverse Proxy Guide. Version 2.0 April 2016


Web Application Guidelines

Fast, Scalable And Secure Web Hosting For Entrepreneurs

Novell Identity Manager

Chapter 17. Transport-Level Security

Topics in Network Security

Is Your SSL Website and Mobile App Really Secure?

Secure Open Wireless Networking. Backup Talk for Blackhat USA 2011 Christopher Byrd, Tom Cross, & Takehiro Takahashi

DOSarrest Security Services (DSS) Version 4.0

Extended SSL Certificates

Best Practice Guide (SSL Implementation) for Mobile App Development 最 佳 行 事 指 引. Jointly published by. Publication version 1.

HTTPS HTTP. ProxySG Web Server. Client. ProxySG TechBrief Reverse Proxy with SSL. 1 Technical Brief

Proto Balance SSL TLS Off-Loading, Load Balancing. User Manual - SSL.

Chapter 7 Transport-Level Security

General tips for increasing the security of using First Investment Bank's internet banking

SSLSmart Smart SSL Cipher Enumeration

Workday Mobile Security FAQ

Preparing for the Cross Site Request Forgery Defense

How to check if I care for the safety of my Clients?

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Startup guide for Zimonitor

Using EMC Unisphere in a Web Browsing Environment: Browser and Security Settings to Improve the Experience

Solution of Exercise Sheet 5

Online signature API. Terms used in this document. The API in brief. Version 0.20,

InternetVista Web scenario documentation

Installing Logos SSL Certificates on Mobile Devices

Set Up Instructions

RoomWizard Synchronization Software Manual Installation Instructions

SSL Enforcer Documentation

ArcGIS Server Security Threats & Best Practices David Cordes Michael Young

Deploying RSA ClearTrust with the FirePass controller

Installation Procedure SSL Certificates in IIS 7

Recommended readings. Lecture 11 - Securing Web. Applications. Security. Declarative Security

Ethical Hacking as a Professional Penetration Testing Technique

Payius. Guide to SSL certicates in ecommerce

Security Protocols/Standards

Infor Xtreme Browser References

Bugzilla ID: Bugzilla Summary:

Verify LDAP over SSL/TLS (LDAPS) and CA Certificate Using Ldp.exe

The Devil is Phishing: Rethinking Web Single Sign On Systems Security. Chuan Yue USENIX Workshop on Large Scale Exploits

TIBCO Spotfire Platform IT Brief

Certified Secure Web Application Security Test Checklist

Lepide Active Directory Self Service. Configuration Guide. Follow the simple steps given in this document to start working with

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

Secure Messaging Server Console... 2

BEGINNER S GUIDE TO SSL CERTIFICATES: Making the best choice when considering your online security options

Requesting a JIAT Account. Joint Integrated Analysis Tool (JIAT)

Secure Web Appliance. SSL Intercept

How To Secure A Website With A Password Protected Login Process (

INTEGRATE SALESFORCE.COM SINGLE SIGN-ON WITH THIRD-PARTY SINGLE SIGN-ON USING SENTRY A GUIDE TO SUCCESSFUL USE CASE

Analyzing DANE's Response to Known DNSsec Vulnerabilities

NeoMail Guide. Neotel (Pty) Ltd

Running head: SSL CERTIFICATE AUTHORITY ISSUES 1. Investigating Implementations Designed. to Resolve SSL Certificate Authority Issues.

Working Folder Linkage Setup Guide

Whitepaper : Using Unsniff Network Analyzer to analyze SSL / TLS

Deployment Guide Jan-2016 rev. a. Deploying Array Networks APV Series Application Delivery Controllers with Oracle WebLogic 12c

CS5008: Internet Computing

Transcription:

Michael Coates mcoates@mozilla.com michael-coates.blogspot.com

Who am I? Web Security Engineer @ Mozilla Contributor OWASP 2010 Top 10 Author OWASP TLS Cheat Sheet Creator & Leader OWASP AppSensor Security Blogger http://michael-coates.blogspot.com 2

SSL: Super Shiny Locks 3

Padlock!= Secure 4

SSL Growth > 1 Million SSL Certificates 5

The Good Confidentiality Integrity Replay Protection End Point Authentication 6

Problem: Usability 7

Problem: User Expectations How did you get to the site? Is HTTPS in the URL? Are those 0 s or O s? Did you get any browser warning messages? Did you click ok or accept to any popup boxes? 8

Scenario: Insecure Landing Page http://mybank.com <form method="post" action="https://mybank.com/login" > Username: <input type="text" name="user"> <br> Password: <input type="password" name="pass"> <br> </form> 9

Exploiting Insecure Landing Page mybank.com HTTP REQUEST GET http://mybank.com http://mybank.com Steven Steven ******* ******* <form method="post" action="https://mybank.com/ action="http://mybank.com/ login" > HTTP Response POST http://mybank.com user:steven&pass:joshua 10

Problem: Insecure Redirects http://mybank.com https://mybank.com 11

Insecure Redirects Behind The Scenes mybank.com Get http://mybank.com 302 Redirect Location: https://mybank.com Get https://mybank.com SSL 200 Found 12

Exploiting Insecure Redirects mybank.com Get http://mybank.com 302 Redirect Location: http://mybank.com https://phishmybank.com http://malware.com 13

Insecure Redirects via Google Bank of America http://www.bankofamerica.com/ Chase http://www.chase.com/ Wachovia http://www.wachovia.com Cookie set on HTTP response too! Wells Fargo http://www.wellsfargo.com/ 14

Scenario: Insecure Content Request SSL Response mybank.com Request Response scripts.com Request Response 15

Exploiting Insecure Content Request SSL Response mybank.com Request Response scripts.com Request Response <script>badness </script> 16

Scenario: HTTP after Login mybank.com Request SSL Response Set SessionID: 5593 scripts.com Welcome! Update Profile Request Request Response Response 17

Exploiting HTTP after Login mybank.com Request SSL Response Set SessionID: 5593 Welcome! Update Profile Request SessionID: 5593 Request SessionID: 5593 Response Response scripts.com 18

Problem: Cookie Forcing 19

Problem URL Leakage Transition SiteA.com to SiteB.com Expectation Result HTTP- >HTTP Referrer Leaked Referrer Leaked HTTP- >HTTPS Referrer Leaked Referrer Leaked HTTPS- >HTTP Referrer Secure Referrer Secure HTTPS- >HTTPS Referrer Secure Referrer Leaked 20

Exploiting URL Leakage https://secure.com?sessionid=55769 Viewing Charlie s Profile Favorite Movie: Sneakers Favorite Food: spam Personal Blog: Click Here <a href= https://charlieblog.com >Click Here</a> 21

Exploiting URL Leakage secure.com Request SSL Response Viewing Charlie s Profile Favorite Movie: Sneakers Favorite Food: spam Personal Blog: Click Here charlieblog.com SSL Request GET charlieblog.com HTTP/1.0 Referrer: https://secure.com?sessionid=55769 22

Problem: False Internal Trust Internal Network SSL mybank.com SSN, Credit Card, Pin, PII 23

Problem: Not all SSL is equal View Ciphers by Strength openssl ciphers <strength> -v Test Server: openssl s_client -connect site.com:443 - cipher <strength> Test Client: openssl s_server -www -cert cacert.pem - key cakey.pem <strength>=null LOW MEDIUM HIGH FIPS FIPS Approved Ciphers ADH-AES256-SHA DHE-RSA-AES256-SHA DHE-DSS-AES256-SHA AES256-SHA ADH-AES128-SHA DHE-RSA-AES128-SHA DHE-DSS-AES128-SHA AES128-SHA ADH-DES-CBC3-SHA EDH-RSA-DES-CBC3-SHA EDH-DSS-DES-CBC3-SHA DES-CBC3-SHA LOW Strength Ciphers ADH-DES-CBC-SHA EDH-RSA-DES-CBC-SHA EDH-DSS-DES-CBC-SHA DES-CBC-SHA DES-CBC-MD5 24

More Problems MD5 Collision Rogue CA Creation Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de Weger http://www.win.tue.nl/hashclash/rogue-ca/ SSLstrip Null Prefix Attacks Against SSL/TLS Certificates Moxie Marlinspike http://www.thoughtcrime.org/software/sslstrip/ http://www.thoughtcrime.org/papers/null-prefix-attacks.pdf 25

MD5 Collision Attacker requests legitimate cert from CA Exploits MD5 Collision to create legitimate CA Issues legit certs from authorized CA 26

MD5 Collision Rogue CA Root CA Root CA CA CA CA CA SSL Cert amazon.com 27

MD5 Collision Rogue CA Root CA Root CA CA SSL Cert CA CA MD5 Collision Attacker CA CA SSL Cert amazon.com 28

Null Prefix Attack CA Verifies Root Domain Ownership www.foo.com www.blah.foo.com nonexistent.a.b.c.foo.com amazon.com\0.foo.com foo.com Browser SSL Verification Microsoft CryptoAPI - \0 is eos amazon.com == amazon.com\0.foo.com 29

SSLstrip MitM SSL Connections ARP Spoofing IP Tables Auto Strip SSL -> HTTPS to HTTP Execute Null Prefix Attack Block Certificate Revocation Messages OCSP Attacks 30

Is There Hope? Average User == Not Technical Most Deployments Vulnerable Specialized Attack Tools Available 31

Doing It Right The Application SSL only No HTTP - > HTTPS redirects : HTTP shows User Education message No SSL errors or warnings The User Bookmark the HTTPS page Stop if any SSL warnings/errors presented The Browser Set realistic user expectations Support STS/ForceTLS 32

Solution: Strict Transport Security Server Side Option Header tells browser to only send HTTPS requests for site Blocks Connection w/any Errors HTTP/1.1 200 OK Server: Apache Cache- Control: private Strict- Transport- Security : max- age=500; includesubdomains 33

Resources TLS Cheat Sheet Rule - Use TLS for All Login Pages and All Authenticated Pages Rule - Use TLS on Any Networks (External and Internal) Transmitting Sensitive Data Rule - Do Not Provide Non- TLS Pages for Secure Content Rule - Do Not Perform Redirects from Non- TLS Page to TLS Login Page Rule - Do Not Mix TLS and Non- TLS Content Rule - Use "Secure" Cookie Flag Rule - Keep Sensitive Data Out of the URL http://www.owasp.org/index.php/transport_layer_protection_cheat_sheet 34

Resources - ssllabs.com (Ivan Ristic) 35

Resources sslfail.com (Tyler Reguly, Marcin Wielgoszewski) 36

Questions? lobby -or- mcoates@mozilla.com -or- http://michael-coates.blogspot.com 37

38

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information