Archive for October 15, 2014

Wednesday, October 15, 2014

POODLE

Daniel Fox Franke (via Hacker News):

This post is meant to be a “simple as possible, but no simpler” explanation of POODLE. I’ve tried to make it accessible to as many readers as possible and yet still go into full and accurate technical detail and provide complete citations. However, as the title implies, I have a second goal, which is to explain not merely how POODLE works, but the historical mistakes which allow it to work: mistakes that are still with us even though we’ve known better for over a decade.

[…]

The problem stems from browser vendors’ desire to be able to cope with buggy servers and middleboxes which advertise a protocol version that they can’t actually support. To work around such broken behavior, when an SSL handshake fails most browsers (all but Opera[5]) will fall back to an earlier protocol version and retry. This browser behavior, called the “downgrade dance”, makes it trivially vulnerable to downgrade attacks.

[…]

This is the basis of the Vaudenay padding-oracle attack. An attacker who can get the server to reveal whether a ciphertext decrypts to something with valid padding or not, can then guess the contents of any block of plaintext one character at a time, and get confirmation when the guess is correct.

[…]

Vaudenay also originally believed that the fact that TLS treats all padding errors as fatal, shutting the connection and discarding the session key, meant that the full attack wasn’t possible: that the attacker got to take one guess at one byte and nothing more. POODLE, using ideas already foreshadowed by BEAST, shows that in the browser context, this isn’t necessarily so.

[…]

Within the confines of SSL v3.0, POODLE cannot be fixed. However, the downgrade dance which enables it can be.

[…]

Now, though, I am going to step onto my soapbox and say: disabling SSL v3.0 does not go far enough. It is time to aggressively deprecate as many old versions of TLS as possible.

Matthew Green:

The rough summary of POODLE is this: it allows a clever attacker who can (a) control the Internet connection between your browser and the server, and (b) run some code (e.g., script) in your browser to potentially decrypt authentication cookies for sites such as Google, Yahoo and your bank. This is obviously not a good thing, and unfortunately the attack is more practical than you might think. You should probably disable SSLv3 everywhere you can. Sadly, that’s not so easy for the average end user.

Update (2014-10-15): Poodlebleed:

The below form can be used to test if your server is running with SSL 3.0 enabled. Although disabling SSL 3.0 may cause failed connections to your ssl service for small portion of users running older browsers, this action prevents the large portion of modern browsers from being eavesdropped while attempting to access your services in a secure manner.

Update (2014-10-19): Glenn Fleischman:

Poodle may finally put IE6 to death, because IE6 can’t use modern web security protocols. […] Despite the introduction of TLS in 1999 and the fact that the last version of SSL (SSLv3) was released in 1996, web servers generally have continued to support SSLv3 to this day because it’s the latest version that IE6 supports.

Remembering Macworld Expo

Christopher Breen:

In its early and middle years, Macworld Expo was, in some ways, the world’s greatest Mac user group gathering. As the World Wide Web had yet to become the source of the globe’s information, Mac users depended on books; publications such as Macworld, MacUser, and MacWEEK; and, importantly, face-to-face interaction with other enthusiasts for their Apple fix. While users groups served this latter need on a local level, if you wanted to be surrounded by others of your ilk from across the country (and world), you went to Expo.

Adam C. Engst:

With this announcement coming on the heels of Macworld putting its print edition to rest, it has never been more clear that the massive changes engendered by the Internet have reshaped the world we live in. While at the Çingleton conference last weekend, I was reminiscing about my first Boston Macworld Expo in 1989 and the many pounds of paper I collected. Picking up brochures and handouts from every vendor was an essential task back then, since it was the only way to create a reference database of product information. When Tonya and I moved to Seattle in 1991, we brought four file drawers full of paper with us; when we returned to Ithaca in 2001, we didn’t even bring the empty filing cabinets back.

[…]

The other sea change that hurt Macworld Expo is one that I still don’t fully understand. In the early days of the show, money flowed like water. Big companies paid tens of thousands of dollars for spacious booths and flashy parties, and while products cost significantly more back then, the overall market was far smaller. Now, even with Apple posting record profits every quarter and hundreds of millions of people using Apple devices, few Apple developers approach the size of the firms that filled multiple exhibition halls during the biannual Macworld Expos. The parties dried up even earlier, and while I can’t say that a party or even a booth was a worthwhile marketing expense, clearly people thought so back in the day.

I attended the East Coast ones from (I think) 1993 through 1999. Here are some old ATPM reports from Macworld Expo:

Invisible iOS Home Screen Icons

David Smith:

Since getting my iPhone 6 a few weeks ago I’ve been continuously trying to optimize the configuration of my home screen. The larger screen means that I now have an extra row of icons to fit onto the screen, but the physical size of device means that I can’t actually comfortably reach them.

Since you can’t arbitrarily place icons on your home screen this means the situation is actually worse. I now have to fill in the top row of icons with ‘stuff’ just so that I can easily reach my main icons without stretching.

Begemann’s Backblaze Review

Ole Begemann (Twitter comments):

There is this saying that a backup system that requires manual work is not a reliable backup. That’s Backblaze if you have to deal with external drives.

[…]

The Backblaze client has no restore functionality. All restores (be it a single file or your entire archive) start on the website and require you to send your private passphrase to Backblaze’s servers where the data will be decrypted before you can download it. Needless to say, this is not at all ideal from a security perspective.

[…]

This may sound like an obscure limitation that is largely irrelevant in real life, but it means you won’t be able to move data between drives without risking the loss of your backup state for weeks or potentially months (until the initial backup is complete).

Also, it sounds like moving a file causes its backup history to be lost, which is not the case with CrashPlan or Arq.