deja foo
[webmasterworld.com...]

There appear to be two short term solutions - please correct me if I am wrong.

1. Turn off JavaScript.

"An attacker slips a bit of JavaScript into your browser, and the JavaScript collaborates with a network sniffer to undermine your HTTPS connection."

2. Switch to the Opera browser.

"Opera remains the only browser that deploys TLS 1.2 by default."

(3. Enable TLS 1.2 in Internet Explorer, which is off by default I read. I don't know how you do that.)

Another way appears to be not using encrypted and unecrupted connections simultaneously.

Opera remains the only browser that deploys TLS 1.2 by default.

The only major browser, certainly.

GnuTLS supports TLS 1.2, so browsers that use it may support TLS 1.2, but a bit of searching reveals that some browsers have it disabled because of backward compatibility issues with some sites. I wonder how Opera deals with these?

That's my worry, that Opera will only use TLS 1.2 if the website also uses it. Otherwise won't it drop down to TLS 1.0?

In opera, there are checkboxes for security for
SSL 3.0
TLS 1
TLS 1.1
TLS 1.2

If I uncheck everything except tls 1.2, then neither [amazon.com...] nor [paypal.com...] will load. However if I check both TLS 1.1 and TLS 1.2, both work. Though a large bank site doesn't.

However, if I check only TLS 1.1, neither amazon nor paypal will load. So I don't really trust that Opera is doing what it's supposed to do when I check TLS 1.1 and TLS 1.2

They might be using a mix of 1.1 and 1.2 across different servers.

For the paranoid among us - something to consider is to just use a certain browser (for example, Opera) ONLY for very secure things like online banking. Never visit any other sites with it. Then your chances of being exposed to these sorts of exploits are reduced (though not eliminated).

nothing new, typical man in the middle attack I've been bitching about for years and suddenly it's a problem?

Funny, when I pointed out how easy it was people scoffed, too bad

(3. Enable TLS 1.2 in Internet Explorer, which is off by default I read. I don't know how you do that.)

Tools, Internet Options, Advanced, tick TLS 1.2


From what I've read so far about this exploit is that "This attack requires that the attacker be able to sniff the traffic and run code on the victims machine to inject the chosen-plaintext into the stream." If you can run code on the victims machine, why bother trying to crack the encryption? Just intercept the data before it is encrypted. I suppose we will have to await further details

Firefox 6.0.2 only has TLS 1.0 & SSL 3.0 (Options, Options, Advanced, Encryption tab)

This is definitely interesting, but it's easy to over exaggerate the risk of this happening in reality.

Provided I understand how this works...

First, you need access to a point between the user's computer and the target site. Generally speaking this means either compromising a major internet node, or hacking a work network. I'm leaving out unsecured wi-fi because, well, it's unsecured wi-fi :-)

If you manage to accomplish this impressive feat you then need to wait for a user passing through the network to access a site that has value to you (i.e. PayPal).

Now... (from the original article)

That means authentication cookies of 1,000 to 2,000 characters long will still take a minimum of a half hour

You have a half hour or so to decrypt a cookie, assuming of course it's under 2k, which isn't guaranteed by any means. It could end up taking you a lot longer.

If the user logs out or the session expires before you've decrypted the cookie it's useless. Which is likely, I imagine only a small percentage of visits to financial websites last more than a half hour. At PayPal it would be even less time since the majority of transactions are 2 clicks.

But suppose you manage it, even then, if the cookie in question uses an extra layer of security (a hash of the user agent and IP for example), it's useless even if you decrypt it before they log out. Of course you could get around this if you were expecting it, I'm just picking one example of how easy it is to make this exploit more difficult.

So, it's a real threat, but the chances of it effecting any of us are virtually nil.

I have been using a separate browser for certain trusted and important sites for years.

@IanKelly reassuring, but there are probably also much shorter authentication cookies around as well.

At a financial site the cookie is going to be encrypted by the back end before SSL gets to it, and it's probably going to contain more than just a password, which pretty much guarantees that it will be long.

Tools, Internet Options, Advanced, tick TLS 1.2

There is no TLS 1.2 box in IE9. There is only TLS 1.0 box.

There is no TLS 1.2 box in IE9. There is only TLS 1.0 box.

My office workstation only has the TLS 1.0 option as well, but at home IE9 has TLS 1.1 & TLS 1.2 options as well. You may want to check with your system administrator about that.

However, checking TLS 1.1 & TLS 1.2 in IE has been known to make certain sites unreachable...

It does not matter if you are using Opera, if the server you are connecting to is not using TLS 1.2 as well.

it's probably going to contain more than just a password

Why would a cookie contain a password, and why would contain anything more than a session identifier?

However, checking TLS 1.1 & TLS 1.2 in IE has been known to make certain sites unreachable

That sounds like the problem with GnuTLS, and its even more of a problem if you disable TLS1 (and, of course, all SSL versions as well).

DO you want complete security, or everything working? Tough choice.

You're right I should have typed session identifier instead of password.

Tools, Internet Options, Advanced, tick TLS 1.2

There is no TLS 1.2 box in IE9. There is only TLS 1.0 box.

There is in mine, maybe it it dependent on the operating system you are running?
I see TLS 1.0, 1.1, 1.2

[theregister.co.uk...]

Google has prepared an update for its Chrome browser that protects users against an attack that decrypts data sent between browsers and many websites protected by the secure sockets layer protocol.

@graeme p: "I have been using a separate browser for certain trusted and important sites for years."

Which browser is that?

From the article:

I happen to know the details of this attack since I work on Chrome's SSL/TLS stack. The linked article is sensationalist nonsense, but one should give the authors the benefit of the doubt because the press can be like that.
Fundamentally there's nothing that people should worry about here. Certainly it's not the case that anything is 'broken'.

Remember the UK beef scare? When politicans said there was nothing to worry about when eating beef? Then mad cow disease took hold and they were proved wrong. I'm just saying...

"Mad Cow disease" took hold of the UK in '79 ..when she came to power.

There is in mine, maybe it it dependent on the operating system you are running?
I see TLS 1.0, 1.1, 1.2

There is SSL 2.0, SSL 3.0 but only TLS 1.0. There are no options for TLS 1.1 or 1.2. It is IE9 on Vista Home Premium SP2. What is interesting, I've deselected the TLS 1.0 box but it is still able to load ssl pages. Obviously it is programmed to use only one TLS version irrespective of user choices but isn't clear which one?

@Hester, its changed over the years: Opera, Chromium, Epiphany, Midori, and now back to Opera because of this issue.

My reasoning is that using a separate browser for important sites, makes a cross site attack much harder.