SSL is in the hot seat again: A new, free tool is now circulating
that can take down an HTTPS Web server in a denial-of-service
attack using a single laptop via a DSL connection.
Researchers with a hacker group called The Hackers Choice (THC)
yesterday released the so-called THC-SSL-DOS tool that abuses the
SSL renegotiation feature, which basically reperforms the
encryption handshake.
The tool lets an attacker use a single connection to relentlessly
perform the renegotiation with the SSL server, eventually
overwhelming it. "It's a constant renegotiation. Instead of forming
new connections over and over again ... it increases the overhead
of the server," says Tyler Reguly, manager of security research and
development with nCircle.
It all comes down to an SSL feature -- SSL renegotiation -- that
isn't typically needed for Web servers. "Unless you wanted to
change the encryption level, it's not a necessity. Some SSL VPNs
make extensive use of it, but it's not needed in the Web browsing
world," Reguly says.
The hackers who wrote the tool recommend disabling SSL
renegotiation. But even that won't completely prevent such a
denial-of-service attack. "It still works if SSL Renegotiation is
not supported but requires some modifications and more bots before
an effect can be seen," the THC hackers said in a statement.
For the tool to take down server farms with SSL load balancing, it
requires using about 20 "average size" laptops and 120 Kbps of
traffic, they said.
The new tool is reminiscent of the Slowloris attack tool that keeps
connections open by sending partial HTTP requests and sends headers
at regular intervals to prevent the sockets from closing, and
OWASP's Slow HTTP Post tool. There's also the open-source
slowhttptest tool that checks a server's vulnerability to a
Slowloris-type attack.
nCircle's Reguly was initially skeptical of the attack, but
downloaded the tool and gave it a spin. Much to his surprise, it
worked well -- too well. "It definitely took down the server I
tested it on. My laptop versus the HTTPS server was a success," he
says. "It was kind of scary."
SSL has been under heavy scrutiny during the past couple of years
for its vulnerability to man-in-the-middle attacks and for the high
volume of SSL-based websites that are improperly configured. Some
80 percent, for example, are vulnerable to a Firesheep or similar
attack, according to data from SSL Labs, Qualys' community project.
And 70 percent of SSL servers handle credential login in plain
text, while 55 percent submit passwords in plain text.
On top of that, there are this year's attacks of certificate
authorities Comodo and DigiNotar, for instance. "We warned in 2002
about giving hundreds of commercial companies (so-called
Certification Authorities) a master key to ALL SSL traffic," said
Fred Mauer, a senior cryptographer at THC, in a post. "Only a real
genius can come up with such an idea. And last but not least the
immense complexity of SSL Renegotiation strikes again in 2011 with
the release of THC-SSL-DOS. It’s time for a new security
model that adequately protects the citizens."
THC also dismissed the idea of renegotiating encryption.
"Renegotiating Key material is a stupid idea from a cryptography
standpoint. If you are not happy with the key material negotiated
at the start of the session then the session should be
re-established and not re-negotiated," the group said.
Source:
DarkReading