• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
SSL: limitations, bad practices  and how to do it right
 

SSL: limitations, bad practices and how to do it right

on

  • 1,265 views

SSL is widely accepted as a technology that protects site users from certain attacks. But does it really protect them? Are we deploying it right? Probably not. I will show you why ...

SSL is widely accepted as a technology that protects site users from certain attacks. But does it really protect them? Are we deploying it right? Probably not. I will show you why

Presented at Just4Meeting, 02/07/11 Cascais.

More info at www.just4meeting.com.

note: this is the third version of this presentation.

Statistics

Views

Total Views
1,265
Views on SlideShare
1,262
Embed Views
3

Actions

Likes
0
Downloads
42
Comments
0

1 Embed 3

http://www.linkedin.com 3

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • \n
  • \n
  • SSL 2.0 problems\n- vulnerável a MiTM (dumb-down attack to 40bits) - SSL 3.0 previne enviando última msg do handshake com hash das msgs anteriores\n- campo padding-length não é autenticado, logo é possível alterar e “reduzir” o tamanho das mensagens a partir do fim\n\nSSL 3.0 new features\n- renegociação a meio duma ligação, por iniciativa do cliente (o servidor já podia)\n- record compression\n- 3.0 detects 2.0 and fallsback\n
  • Definido pela IETF \nchangelog 1.1 \n- protege contra ataques ao CBC (cipher block chaining)\n- handling of padding errors changed\nchangelog 1.2\n- MD5-SHA1 da pseudorandom function e da mensagem finished substituído por SHA-256\n- MD5-SHA1 da assinatura substituído por SHA1 (negociável)\n- added support por authenticated encrypted ciphers, como AES\n- TLS extensions defined\n\n
  • - TLS 1.0/SSL 3.0 can be downgraded/upgraded to SSL 3.0/TLS 1.0\n- Quote by Brad Hill at Black Hat Briefings USA 2007\n- () versions -> value of the field version as specified in the TLS RFC\n
  • \n
  • \n
  • SSL + UDP = Datagram Transport Layer Security (DTLS).\n
  • SSL + UDP = Datagram Transport Layer Security (DTLS).\n
  • SSL + UDP = Datagram Transport Layer Security (DTLS).\n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • user privacy is lost: CAs know which sites are being visited\n
  • \n
  • verificar frequência dos pedidos OCSP\nusers regain privacy regarding OCSP site leaking\n
  • verificar frequência dos pedidos OCSP\nComodo RA compromise: 15 de Março\nfake certs:\n- mail.google.com\n- www.google.com\n- login.yahoo.com\n- login.skype.com\n- addons.mozilla.org\n- login.live.com\n- global trustee\n
  • verificar frequência dos pedidos OCSP\nComodo RA compromise: 15 de Março\nfake certs:\n- mail.google.com\n- www.google.com\n- login.yahoo.com\n- login.skype.com\n- addons.mozilla.org\n- login.live.com\n- global trustee\n
  • Update the OS, browser and browser plugins\n
  • \n
  • \n
  • \n
  • \n
  • \n
  • Não sabemos qual o device para enviar os certs certos, porque ainda não houve HTTP nenhum (no user-agent)\n
  • \n
  • \n
  • \n
  • \n
  • CA’s out of business? No, only CAs do real life verifications -> EV\nDNSSEC client ability:\n- clients need full DNSSEC chain\n\nDNSSEC signatures are short lived (1 week)\nDNSSEC stapling -> Chrome Dev (beta via cmd line flag)\n
  • CA’s out of business? No, only CAs do real life verifications -> EV\nDNSSEC client ability:\n- clients need full DNSSEC chain\n\nDNSSEC signatures are short lived (1 week)\nDNSSEC stapling -> Chrome Dev (beta via cmd line flag)\n
  • \n
  • \n
  • \n
  • \n
  • Android requires jailbreaking\n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • includeSudomains: if a subdomain is created it cannot function without the proper certificate\n
  • problem: visit after expiration date\n
  • \n
  • “Chrome's HSTS database stores only the hashes of sites” -> thus, is not possible to list them\n
  • viaverde.pt não está com SSL, daí só o clientes.viaverde.pt. Não navegar para viaverde.pt\n
  • \n
  • \n
  • \n
  • \n
  • Safari only warns when posting from HTTP to HTTPS\n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n

SSL: limitations, bad practices  and how to do it right SSL: limitations, bad practices and how to do it right Presentation Transcript

  • SSL: limitations, bad practices and how to do it right Versão 2.0 - 02/07/2011 Tiago  Mendo   +ago.mendo@telecom.pt
  • Summary • History – SSL – TLS – SSL  vs  TLS • Protocol – Objec9ves – Applica9ons • How  it  works  -­‐  the  2  minutes  version • How  it  works  -­‐  the  30  minutes  version – Cer9ficate  valida9on – Cer9ficate  revoca9on  check – Cer9ficate  chain  of  trust  check – Fetching  content – Redirec9ng  from  HTTP  to  HTTPS – Full  HTTPS  browsing – Mixed  content  browsing • Recommenda9ons • Conclusions • Ques9onsSAPO  Websecurity  Team 2
  • History > SSL • SSL  -­‐  Secure  Sockets  Layer • 1994  -­‐  SSL  1.0  created  by  Netscape,  never                          released • 1995  -­‐  SSL  2.0  released  in  Netscape  Navigator                              1.1.  Mul9ple  security  flaws  found • 1996  -­‐  SSL  3.0  releasedSAPO  Websecurity  Team 3
  • History > TLS • TLS  -­‐  Transport  Layer  Security • 1999  -­‐  TLS  1.0  defined  in  RFC  2246,  using  SSL                          3.0  as  basis • 2006  -­‐  TLS  1.1  defined  in  RFC  4346 • 2008  -­‐  TLS  1.2  defined  in  RFC  5246SAPO  Websecurity  Team 4
  • History > SSL vs TLS SSL TLS 1.0 2.0 3.0 (3.1) 1.0 (3.2) 1.1 (3.3) 1.2 • SSL  3.0  and  TLS  1.0  are  equivalent  in  security,   but  incompa9ble • “Everybody  knows  SSL.  TLS  is  more  technically   accurate  but  sounds  like  a  cable  TV  network  or   a  disease"SAPO  Websecurity  Team 5
  • Protocol > Objectives • Why  SSL?SAPO  Websecurity  Team 6
  • Protocol > Objectives • Why  SSL? • To  protect  the  communica9ons  between  two   hosts: – content  confiden9ality – integrity – authen9citySAPO  Websecurity  Team 6
  • Protocol > Objectives • Why  SSL? • To  protect  the  communica9ons  between  two   hosts: – content  confiden9ality – integrity – authen9city • Host  iden9ty  is  not  protected  (requires  IPSEC) • Normally  only  the  server  is  authen9cated  SAPO  Websecurity  Team 6
  • Protocol > Applications Applica+on HTTP Transport TCP Network IP Data  link 802.11  -­‐  WLAN Physical AirSAPO  Websecurity  Team 7
  • Protocol > Applications Applica+on HTTP HTTP  /  SSL Transport TCP TCP Network IP IP Data  link 802.11  -­‐  WLAN 802.11  -­‐  WLAN Physical Air AirSAPO  Websecurity  Team 7
  • Protocol > Applications HTTP Applica+on HTTP HTTP  /  SSL SSL Transport TCP TCP TCP Network IP IP IP Data  link 802.11  -­‐  WLAN 802.11  -­‐  WLAN 802.11  -­‐  WLAN Physical Air Air AirSAPO  Websecurity  Team 7
  • Protocol > Applications HTTP Applica+on HTTP HTTP  /  SSL SSL Transport TCP TCP TCP Network IP IP IP Data  link 802.11  -­‐  WLAN 802.11  -­‐  WLAN 802.11  -­‐  WLAN Physical Air Air Air • On  top  of  any  Transport  layer  (including  UDP) • Used  with  any  Applica9on  layer  protocol • HTTP,  SMTP,  XMPP,  SIP,  etc. • Used  in  OpenVPNSAPO  Websecurity  Team 7
  • How it works - the 2 minutes version • Type  hdps://www.facebook.com  and  hit  enterSAPO  Websecurity  Team 8
  • How it works > Traffic without SSLSAPO  Websecurity  Team 9
  • How it works > Traffic with SSLSAPO  Websecurity  Team 10
  • How it works - the 30 minutes version • Type  hdps://www.facebook.com  and  hit  enter • Browser  connects  to  www.facebook.com:443 • SSL  handshake  is  ini9ated • Server  sends  its  X.509  cer9ficate  to  the  client • The  client  starts  the  valida9on  processSAPO  Websecurity  Team 11
  • How it works > Certificate validation • CN  matches  URL • For  each  cert.  in  the  chain – Has  not  expired – Was  not  revoked – Was  emided  by  a   trusted  CASAPO  Websecurity  Team 12
  • How it works > Certificate validation • CN  matches  URL • For  each  cert.  in  the  chain – Has  not  expired – Was  not  revoked – Was  emided  by  a   trusted  CASAPO  Websecurity  Team 13
  • How it works > Certificate validation • CN  matches  URL • For  each  cert.  in  the  chain – Has  not  expired – Was  not  revoked – Was  emided  by  a   trusted  CASAPO  Websecurity  Team 14
  • How it works > Certificate validation • CN  matches  URL • For  each  cert.  in  the  chain – Has  not  expired – Was  not  revoked – Was  emided  by  a   trusted  CASAPO  Websecurity  Team 15
  • How it works > Certificate revocation check • CRL  -­‐  Cer9ficate  Revoca9on  List • The  CRL  is  a  list  of  revoked  serial  numbers • The  cer9ficate  specifies  a  CRL  URL • CRL  managed  by  the  issuing  CA • Answer  can  be  cached  for  a  few  months • The  CRL  can  be  very  large:  enter  OCSP – expired  certs.  are  removed  from  the  CRLSAPO  Websecurity  Team 16
  • How it works > Certificate revocation check • OCSP  -­‐  Online  Cer9ficate  Status  Protocol • The  cer9ficate  specifies  a  OCSP  server • Browser  asks  the  server  if  a  specific  cert.  is   s9ll  valid • OSCP  server  managed  by  the  issuing  CA • Answer  can  be  cached  for  a  few  days • A  cert.  can  specify  both  the  CRL  and  OCSPSAPO  Websecurity  Team 17
  • How it works > Certificate revocation check • What  can  go  wrong?SAPO  Websecurity  Team 18
  • How it works > Certificate revocation check • What  can  go  wrong? • CRL  and  OCSP  servers  can  be  unreachable – Browsers  will  allow  user  to  con9nue – You  may  or  may  not  be  warned  about  this – Moxie  Marlinspike  found  that  OCSP  “try  again”   message  (error  code  3)  is  not  signed – Adack:  MiTM  with  a  revoked  cert.  and  reply  3  to   the  OCSP  requests.  SAPO  Websecurity  Team 18
  • How it works > Certificate revocation check • How  to  mi9gate  this  problem?SAPO  Websecurity  Team 19
  • How it works > Certificate revocation check • How  to  mi9gate  this  problem? • OCSP  Stapling  -­‐  Kerberos  style  9cket – Cert.  owner  frequently  asks  the  OCSP  for  a  9cket – Ticket  says  “I,  CA  guarantee  with  my  signature   that  this  cer9ficate  is  valid  for  a  few  hours” – Site  presents  this  9cket  to  reques9ng  browser • Fallback  to  OCSP • Support:  Chrome  on  Windows  Vista  or  higherSAPO  Websecurity  Team 19
  • How it works > Certificate revocation check • How  to  mi9gate  this  problem?SAPO  Websecurity  Team 20
  • How it works > Certificate revocation check • How  to  mi9gate  this  problem? • CRL  and  OCSP  cacheSAPO  Websecurity  Team 20
  • How it works > Certificate revocation check • How  to  mi9gate  this  problem? • CRL  and  OCSP  cache • Which  introduces  another  problem – If  a  cert.  is  compromised,  there  may  a  significant   window  of  vulnerability  (months  for  a  CRL) – Remember  the  Comodo  RA  compromise? – 9  certs.  were  issued  to  7  domains – certs.  were  revoked  in  15  minutes – Browser  vendors  immediately  issued  browser   updatesSAPO  Websecurity  Team 20
  • How it works > Certificate revocation check • What  can  go  wrong?SAPO  Websecurity  Team 21
  • How it works > Certificate revocation check • What  can  go  wrong? • Browsers  have  vulnerabili9es – OS  X  v10.6.8  June  2011  update  changelog – “An  error  handling  issue  existed  in  the  Cer?ficate   Trust  Policy.  If  an  Extended  Valida?on  (EV)   cer?ficate  has  no  OCSP  URL,  and  CRL  checking  is   enabled,  the  CRL  will  not  be  checked  and  a   revoked  cer?ficate  may  be  accepted  as  valid.  This   issue  is  mi?gated  as  most  EV  cer?ficates  specify   an  OCSP  URL.” – Update,  update,  update.SAPO  Websecurity  Team 21
  • How it works > Certificate validation • CN  matches  URL • For  each  cert.  in  the  chain – Has  not  expired – Was  not  revoked – Was  emi?ed  by  a   trusted  CASAPO  Websecurity  Team 22
  • How it works > Certificate chain of trust check • The  server  sends  the   whole  cer9ficate  chain • For  each  cert.  in  the  chain  verify – is  properly  signed  by  the  CA  cer9ficate   immediately  higher  in  the  hierarchy – last  cer9ficate  is  explicitly  trusted  by  the  browser,   so  no  signature  verifica9on  is  doneSAPO  Websecurity  Team 23
  • How it works > Certificate chain of trust check • What  can  go  wrong?SAPO  Websecurity  Team 24
  • How it works > Certificate chain of trust checkSAPO  Websecurity  Team 25
  • How it works > Certificate chain of trust checkSAPO  Websecurity  Team 26
  • How it works > Certificate chain of trust check • What  can  go  wrong? • The  browser  does  not  know  the  root  CA – can  happen  if  you  are  using  an  old  browser/deviceSAPO  Websecurity  Team 27
  • How it works > Certificate chain of trust check • What  can  go  wrong? • The  browser  does  not  know  the  root  CA – can  happen  if  you  are  using  an  old  browser/device • How  to  mi9gate  this  problem?   • Mul9-­‐roo9ng  CAs – Server  sends  a  longer  chain  with  more  CA   cer9ficates  higher  in  the  hierarchy – Both  CAs  trusted  by  FirefoxSAPO  Websecurity  Team 27
  • How it works > Certificate chain of trust check • What  can  go  wrong?SAPO  Websecurity  Team 28
  • How it works > Certificate chain of trust check • What  can  go  wrong? • The  server  did  not  sent  the  whole  chain – sending  the  domain  cer9ficate  is  not  enoughSAPO  Websecurity  Team 28
  • How it works > Certificate chain of trust check • What  can  go  wrong? • The  server  did  not  sent  the  whole  chain – sending  the  domain  cer9ficate  is  not  enough • How  to  mi9gate  this  problem?   • Send  the  whole  chain – Using  Apache: SSLEngine on SSLCertificateFile <path_to_your_cert> SSLCertificateKeyFile <path_to_your_private_key> SSLCACertificateFile <path_to_the_CA_chain>SAPO  Websecurity  Team 28
  • How it works > Certificate chain of trust check • What  can  go  wrong?SAPO  Websecurity  Team 29
  • How it works > Certificate chain of trust check • What  can  go  wrong? • The  cer9ficate  is  self  signed – you  are  being  cheapSAPO  Websecurity  Team 29
  • How it works > Certificate chain of trust check • What  can  go  wrong? • The  cer9ficate  is  self  signed – you  are  being  cheap • How  to  mi9gate  this  problem?   • Get  a  cer9ficate  signed  by  a  trusted  CA! – StartSSL:  free – GoDaddy:  €36.99/year  SAPO  Websecurity  Team 29
  • How it works > Certificate chain of trust check • What  can  go  wrong?SAPO  Websecurity  Team 30
  • How it works > Certificate chain of trust check • What  can  go  wrong? • The  cer9ficate  is  self  signedSAPO  Websecurity  Team 30
  • How it works > Certificate chain of trust check • What  can  go  wrong? • The  cer9ficate  is  self  signed • How  to  mi9gate  this  problem?   • DNSSEC – CERT  /  TLSCERT  /  TXT  RR  holds  cert.  (or  its  hash) – trust  the  DNSSEC  chain,  trust  the  cer9ficate – DNS  clients  need  to  be  DNSSEC  aware – stapling:  DNSSEC  chain  in  a  cer9ficate  extensionSAPO  Websecurity  Team 30
  • How it works > Certificate chain of trust check • What  can  go  wrong?SAPO  Websecurity  Team 31
  • How it works > Certificate chain of trust check • What  can  go  wrong? • You  do  not  trust  what  your  browser  trusts – Firefox  ships  with  162  CAs • Chunghwa  Telecom  Co.,  Ltd • Türkiye  Bilimsel  ve  Teknolojik  AraşSrma  Kurumu  -­‐   TÜBİTAK – Are  all  of  them  secure  and  properly  managed?SAPO  Websecurity  Team 31
  • How it works > Certificate chain of trust check • What  can  go  wrong? • You  do  not  trust  what  your  browser  trusts – Firefox  ships  with  162  CAs • Chunghwa  Telecom  Co.,  Ltd • Türkiye  Bilimsel  ve  Teknolojik  AraşSrma  Kurumu  -­‐   TÜBİTAK – Are  all  of  them  secure  and  properly  managed? – “I  have  not  been  able  to  find  the  current  owner  of   this  root.  Both  RSA  and  VeriSign  have  stated  in   email  that  they  do  not  own  this  root.”  said  one  of   the  maintainers  of  Mozilla  CA  list  (early  2010)SAPO  Websecurity  Team 31
  • How it works > Certificate chain of trust check • What  can  go  wrong? • You  do  not  trust  what  your  browser  trusts – Recent  request  to  add  a  CA  to  Firefox • “This  is  a  request  to  add  the  CA  root  cer?ficate  for   Honest  Achmeds  Used  Cars  and  Cer?ficates.” • “Achmeds  uncles  all  vouch  for  the  fact  that  hes   honest.” • “The  purpose  of  this  cer?ficate  is  to  allow  Honest   Achmed  to  sell  bucketloads  of  other  cer?ficates  and   make  a  lot  of  money.” – It  was  not  granted.  This  9me.SAPO  Websecurity  Team 32
  • How it works > Certificate chain of trust check • What  can  go  wrong?SAPO  Websecurity  Team 33
  • How it works > Certificate chain of trust check • What  can  go  wrong? • You  do  not  trust  what  your  browser  trusts – PKI  is  adacked  from  all  sides • VeriSign  issued  2  “MicrosoZ  Corpora+on”  cer+ficates   to  an  unknown  person  (January  2001) • MD5  collision:  rogue  CA  created  (December  2008) • COMODO:  9  cer+ficates  issued  (March  2011) • StartSSL:  cer+ficate  issuance  suspended  (June  2011)SAPO  Websecurity  Team 33
  • How it works > Certificate chain of trust check • How  to  mi9gate  this  problem?   • Remove  trust  or  delete  CAs – they  might  come  back  aper  sopware  updates – how  do  you  evaluate  if  a  CA  can  be  trusted? • by  country?  name?  company? • by  security  audit?  Reports  are  available,  but  they  all  say   the  same:  “approved”. – can  you  do  this  in  your  smartphone?SAPO  Websecurity  Team 34
  • How it works > Fetching content • At  this  point  the  browser  trusts  the  site   cer9ficate • No  HTTP  request  was  made  yet! • First  HTTP  request  is  made  only  now GET / HTTP/1.1 Host: www.facebook.comSAPO  Websecurity  Team 35
  • How it works > Fetching contentSAPO  Websecurity  Team 36
  • How it works > Redirecting from HTTP to HTTPS • Lets  go  back  a  lidle • Imagine  you  type  hdp://www.facebook.com   instead  of  hdps... • Hit  enter!SAPO  Websecurity  Team 37
  • How it works > Redirecting from HTTP to HTTPS • Lets  go  back  a  lidle • Imagine  you  type  hdp://www.facebook.com   instead  of  hdps... • Hit  enter! • Browser  connects  to  www.facebook.com:80SAPO  Websecurity  Team 37
  • How it works > Redirecting from HTTP to HTTPSSAPO  Websecurity  Team 38
  • How it works > Redirecting from HTTP to HTTPSSAPO  Websecurity  Team 39
  • How it works > Redirecting from HTTP to HTTPSSAPO  Websecurity  Team 40
  • How it works > Redirecting from HTTP to HTTPS • What  can  go  wrong?SAPO  Websecurity  Team 41
  • How it works > Redirecting from HTTP to HTTPS • What  can  go  wrong? • Moxie  Marlinspike  and  his  sslstrip  toolSAPO  Websecurity  Team 41
  • How it works > Redirecting from HTTP to HTTPS • What  can  go  wrong? • Moxie  Marlinspike  and  his  sslstrip  toolSAPO  Websecurity  Team 41
  • How it works > Redirecting from HTTP to HTTPS • sslstrip  func9oning – MiTM  tool – maps  HTTPS  links  to  HTTP – maps  redirects  to  HTTPS  back  to  HTTP – maps  HTTPS  links  to  homograph-­‐similar  HTTPS   links – can  supply  a  lock  favicon – logging!SAPO  Websecurity  Team 42
  • How it works > Redirecting from HTTP to HTTPS • sslstrip  func9oningSAPO  Websecurity  Team 43
  • How it works > Redirecting from HTTP to HTTPSSAPO  Websecurity  Team 44
  • How it works > Redirecting from HTTP to HTTPS • You  type  hdp://www.facebook.com  and  get   redirected  to  hdps://www.facebook.com GET / HTTP/1.1 Host: www.facebook.com HTTP/1.1 302 Found Location: https://www.facebook.com/ • These  requests  are  not  protected  with  SSL!SAPO  Websecurity  Team 45
  • How it works > Redirecting from HTTP to HTTPS • How  to  mi9gate  this  problem?SAPO  Websecurity  Team 46
  • How it works > Redirecting from HTTP to HTTPS • How  to  mi9gate  this  problem? • Make  site  available  only  in  HTTPS – Does  not  work:  most  users  type  HTTP  and   redirects  are  dangerousSAPO  Websecurity  Team 46
  • How it works > Redirecting from HTTP to HTTPS • How  to  mi9gate  this  problem? • Make  site  available  only  in  HTTPS – Does  not  work:  most  users  type  HTTP  and   redirects  are  dangerous • Use  HSTS:  HTTP  Strict  Transport  Security – Formerly  STS – Server  defined  policy  that  browsers  must  honor – Server  sends  HTTP  header  with  policySAPO  Websecurity  Team 46
  • How it works > Redirecting from HTTP to HTTPS Strict-Transport-Security: max-age=15768000;includeSubdomains • This  header  says  two  things: – “Browser,  convert  all  requests  to  my  domain  to   HTTPS” – “Browser,  if  there  is  any  security  issue  with  the   connec9on  do  not  allow  progress” • Consequences: – the  user  types  hdp://www.facebook.com  and  the   browser  requests  hdps://www.facebook.com – any  HTTP  link  in  the  response  turns  to  HTTPSSAPO  Websecurity  Team 47
  • How it works > Redirecting from HTTP to HTTPS • S9ll,  there  is  a  problem:SAPO  Websecurity  Team 48
  • How it works > Redirecting from HTTP to HTTPS • S9ll,  there  is  a  problem: • We  have  never  visited  the  site  or  policy   expired – browser  does  not  know  the  site  HSTS  policy – if  the  user  types  hdp://www.facebook.com  the   request  is  done  using  HTTP – TOFU:  Trust  On  First  Use • Recommenda9ons – first  visit  using  a  safe  wired  network – manually  instruct  the  browser  to  use  HSTS  SAPO  Websecurity  Team 48
  • How it works > Redirecting from HTTP to HTTPS • Server  support:  all,  just  send  the  header • Browser  support – Chrome  4.0.211.0  (with  preloaded  domain  list) – Firefox  4 • Plugins – Safari  SSL  Everywhere – Firefox  EFF  HTTPS  Everywhere – Firefox  ForceTLS  (simple  list  edi9ng)SAPO  Websecurity  Team 49
  • How it works > Redirecting from HTTP to HTTPSSAPO  Websecurity  Team 50
  • How it works > Redirecting from HTTP to HTTPSSAPO  Websecurity  Team 51
  • How it works > Full HTTPS browsing • At  this  point  we  have  all  the  contents  of  the   site  served  over  HTTPS.   • How  can  we  be  sure? • No9ce  the  green  hdps  textSAPO  Websecurity  Team 52
  • How it works > Mixed content browsing • How  about  this  situa9on? • No9ce  the  red  strikethrough  hdps  textSAPO  Websecurity  Team 53
  • How it works > Mixed content browsing • Chrome  console  output:SAPO  Websecurity  Team 54
  • How it works > Mixed content browsing • What  is  the  problem?SAPO  Websecurity  Team 55
  • How it works > Mixed content browsing • What  is  the  problem? • Sensi9ve  informa9on  can  be  captured – images:  your  last  night  weird  photos – javascript:  can  be  replaced  with  malicious  code – cookies:  sent  in  every  request! – full  browsing  informa9on • Browser  warnings – can  affect  site  reputa9on – most  users  ignore  thisSAPO  Websecurity  Team 55
  • How it works > Mixed content browsingSAPO  Websecurity  Team 56
  • How it works > Mixed content browsing • How  to  mi9gate  this  problem?  SAPO  Websecurity  Team 57
  • How it works > Mixed content browsing • How  to  mi9gate  this  problem?   • HSTS – you  have  to  specify  all  domains  used  by  the  site – some  links  might  not  work  over  HTTPS – not  a  solu9on  for  all  sitesSAPO  Websecurity  Team 57
  • How it works > Mixed content browsing • How  to  mi9gate  this  problem?   • HSTS – you  have  to  specify  all  domains  used  by  the  site – some  links  might  not  work  over  HTTPS – not  a  solu9on  for  all  sites • Use  only  HTTPS  links  :) – use  a  proxy:  make  your  server  fetch  the  HTTP   content  and  serve  it  over  HTTPS – do  not  forget  the  faviconSAPO  Websecurity  Team 57
  • How it works > Mixed content browsing • How  to  minimize  this  problem?  SAPO  Websecurity  Team 58
  • How it works > Mixed content browsing • How  to  minimize  this  problem?   • Secure  Cookies – the  server  can  set  the  secure  flag  for  the  cookie – a  secure  cookie  is  only  sent  over  HTTPS – beware:  this  does  not  prevent  the  mixed  content   warning,  it  ONLY  prevents  cookies  from  being  sent   over  HTTPSAPO  Websecurity  Team 58
  • How it works > Data in transit vs at rest • Using  SSL  we  protected  the  data  in  transit • What  happens  aper  it  reaches  the  browser?SAPO  Websecurity  Team 59
  • How it works > Data in transit vs at rest • Using  SSL  we  protected  the  data  in  transit • What  happens  aper  it  reaches  the  browser? • It  gets  cached. • What  is  the  problem? – sensi9ve  data  is  stored  in  clear – computers  are  shared,  sold,  lost  or  stolenSAPO  Websecurity  Team 59
  • How it works > Data in transit vs at rest • Using  SSL  we  protected  the  data  in  transit • What  happens  aper  it  reaches  the  browser? • It  gets  cached. • What  is  the  problem? – sensi9ve  data  is  stored  in  clear – computers  are  shared,  sold,  lost  or  stolen • How  to  mi9gate  this  problem?   Cache-Control: no-cache, no store Pragma: no-cacheSAPO  Websecurity  Team 59
  • Recommendations • A  few  more  recommenda9onsSAPO  Websecurity  Team 60
  • Recommendations • A  few  more  recommenda9ons • Make  a  bookmark  with  the  HTTPS  link  for  the   site  (specially  homebanking  sites) – avoids  requests  using  HTTP – avoids  adacks  caused  by  typos • Use  a  plugin  that  warns  you  if  the  cer9ficate   has  changed – Perspec9ves  (www.networknotary.org) – Cer9ficate  PatrolSAPO  Websecurity  Team 60
  • Conclusions • Conclusions – SSL  3.0  and  TLS  1.0+  are  the  way  to  go – Use  HSTS  and  manually  add  your  important  sites – Update  your  browser  open  or  automa9cally – Do  not  visit  sites  which  the  first  page  is  HTTP  using   public  wireless  networks – Do  not  allow  HTTP  access  to  sensi9ve  pages – Do  not  create  sites  with  mixed  HTTP(S)  content – If  your  site  is  HTTPS  only,  use  secure  cookiesSAPO  Websecurity  Team 61
  • Questions Any  ques9ons? 9ago.mendo@telecom.ptSAPO  Websecurity  Team 62