Vendors respect the BEAST

Duong and Rizzo should totally use this as the logo for their app.Late last month we reported on the vulnerability in TLS 1.0 in Keep Calm and Carry On and over at our sister blog AllSpammedUp.com in  “Holy [Insert Expletive Here]! Et Tu, SSL?”. Security researchers Thai Duong and Juliano Rizzo developed an application, called the BEAST which demonstrated the ability to capture authentication cookies protected in transit using TLS 1.0. BEAST, which stands for Browser Exploit Against SSL/TLS, was demonstrated by the pair at the Ekoparty Security Conference, and apparently caught the attention of several vendors since the vulnerability that BEAST exploits has been known for years. Remember, we care about this both because webmail uses HTTPS, and many of our email protocols can be secured with TLS 1.0. BEAST may only attack web browser traffic today, but the flaw is in TLS, which means it affects everything that uses TLS.

BEAST uses a combination of JavaScript and a network sniffer to capture traffic, but can only decrypt traffic protected by TLS 1.0. Successors that are not vulnerable include TLS 1.1 and 1.2, which have limited support in most browsers as well as with most web servers. But now that the world has seen a practical attack against this vulnerability, major software companies are starting to devote resources to fixing this problem.
TLS 1.0 is broken; there is not a patch to fix its flaw. The best remediation is to stop using it, and to start using its more secure successors in the .1 or .2 version, but with so many incompatibilities in browser and webserver, this is easier said than done. The response from vendors has been mixed, with no clear and comprehensive fix in place yet, but here is what we’ve learned so far*.

Microsoft

Microsoft released Security Advisory 2588513 and has announced that they are working on an update that will disable TLS 1.0 in client operating systems, and enable 1.1 and 1.2. This can be done now manually, but may be beyond the typical home user and significant work for corporations with thousands of PCs. By making these changes in the operating system (instead of in Internet Explorer) any browser will be protected. They have also published a blog post that details how Windows admins can set TLS 1.0 to favour the RC4 cipher over the vulnerable CBC cipher in TLS 1.0. While not disabling the vulnerable cipher completely, this will protect the majority of clients, most of which will support this encryption suite. They also have automated ‘Fix it’s on that blog post, and a link to deploying this through a GPO.

Google

Google’s current version of Chrome does not support TLS 1.1 or 1.2, but the company has released both a dev and a beta version of their Chrome web browser designed to circumvent the vulnerability in TLS 1.0. It is likely this will move to the general release soon.

Mozilla

Mozilla maintains that their browser cannot be exploited by BEAST because of the way Firefox handles connections that originate in the browser, but they are also urging users to disable JavaScript.

Opera

Opera started to implement only TLS 1.1 and 1.2 in the latest release of their browser, only to find that it was incompatible with thousands of websites that can only use TLS 1.0. In a blog post they have shared the efforts that they are taking to find an appropriate work around that doesn’t require changes to websites, or that introduces incompatibilities with them.

Symantec

As the parent company of Verisign, one of the largest Certificate Authorities, Symantec is looking at ways they can leverage their leadership in the market to encourage other vendors to respond.

It appears that at this time, there is no easy way to fix this problem, but again, take heart in the following.

BEAST is proof of concept code; there is no indication that there is currently any “in the wild” attack that takes advantage of the vulnerability in TLS 1.0 using CBC.

Most experts agree that to successfully use BEAST, a significant degree of compromise would already have happened, or in other words, an attacker would already be on your network, able to inject JavaScript into your browser, and sniff your network traffic. If that is the case, you have more problems than compromised cookies.

Disabling JavaScript may not be a palatable answer, but is an effective one.

Closing all browser sessions before opening a new browser to access a secure website directly, and the closing that browser before accessing any other sites with another fresh browser session, is an effective protection.

We will continue to monitor developments and will post another article on this issue if anything significant is announced.

*Apple’s support site was down at the time this post was written, and I could find nothing specific elsewhere to indicate anything is being done around Safari or iTunes.

Written by Casper Manes

I currently work as a Senior Messaging Consultant for one of the premier consulting firms in the world, I cut my teeth on Exchange 5.0, and have worked with every version of Microsoft’s awesome email package since then, as well as MHS, Sendmail, and MailEnable systems. I've written dozens of articles on behalf of my past employers, their partners, and others, and I finally decided to embrace blogging and social media, so please follow me on Twitter @caspermanes if you enjoy my posts.

3 Comments

  1. Kelly Schmidt · October 6, 2011

    The dark side has done it again. It feels like we’re not safe anymore browsing the Internet. What’s the use of a high-paid anti-virus that even the most secured websites can be attacked? Gmail and PayPal are said to be susceptible to the Beast. This is scary.

    But I still have high hopes to Firefox (and Mozilla in general) about the Beast exploit. I’ve been using both Firefox and Thunderbird even since I was hooked to the World Wide Web.

  2. Kevin Love · October 7, 2011

    Good to see the troops have mobilized. This was definitely a very serious concern and one that had a lot of people ready to jump on board whatever browser fixed the problem first/best. These aren’t the best possible things to have in the here and now, but it’s a start.

  3. Casper Manes · October 7, 2011

    Kelly, I like Firefox and Thunderbird too, but just remember, it’s not the browser or even the website that is vulnerable here; it’s the TLS 1.0 protocol that all versions rely upon, even Firefox.
    The only way to be sure you are not vulnerable to this flaw is for ALL of the vendors to deploy working solutions that use TLS 1.2. BEAST is just the first app that can exploit this flaw…more are surely on the horizon. Fortunately, BEAST got those vendors’ collective attention.

Leave A Reply