[Logjam]HTTPS-crippling attack threatens tens of thousands of Web and mail servers

Discussion in 'other security issues & news' started by ronjor, May 20, 2015.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,790
    Location:
    Texas
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,790
    Location:
    Texas
    http://www.cso.com.au/article/575396/new-encryption-flaw-logjam-puts-web-surfers-risk/
     
  3. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
    A lot of articles say disabling export-grade crypto fixes the problem. IT DOES NOT!
    Note that there are 2 separate weaknesses:
    -The Logjam attack can abuse support for export-grade crypto to downgrade to 512 bit
    -Due to millions of HTTPS, SSH, and VPN using the same prime numbers for DH key exchange, the key exchange is weaker than assumed, even if Forward Secrecy is used. It is estimated that a nation-state can break a 1024 bit prime and thus the transport encryption of millions of servers using the same prime number.
     
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,790
    Location:
    Texas
    http://blogs.wsj.com/digits/2015/05/20/what-you-need-to-know-about-the-new-logjam-bug/
     
  5. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    658
    Location:
    Italy
  6. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
  7. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
  8. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From The Logjam (and Another) Vulnerability against Diffie-Hellman Key Exchange:
     
    Last edited: May 21, 2015
  9. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I got "vulnerable" for Firefox 38.0.1. If you're using NoScript, be sure to allow all of the domains that the test needs.
     
  10. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    658
    Location:
    Italy
    Immagine.JPG
     
  11. wshrugged

    wshrugged Registered Member

    Joined:
    Jun 12, 2009
    Posts:
    202
    For me (like @MrBrian) with Fx 38.0.1, I also got "vulnerable". What explains the discrepancy with @Sampei Nihira's result(s)?
     
  12. SouthPark

    SouthPark Registered Member

    Joined:
    Jun 13, 2012
    Posts:
    261
    Location:
    USA
  13. SouthPark

    SouthPark Registered Member

    Joined:
    Jun 13, 2012
    Posts:
    261
    Location:
    USA
    Also to note, my up-to-date IE 11 on Windows 7 HP 64-bit shows as vulnerable.

    Edit to add: I found out that I'm missing MS15-055, which fixes the problem but wasn't part of the IE cumulative update for May.
     
    Last edited: May 21, 2015
  14. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,969
    Location:
    U.S.A.
    If you look at Sampei Nihira's screen capture, 3 out of 5 scripts are being blocked (weakdh.org, bootstrapcdn.com, jquery.com). You can achieve the same result, as shown in the image, if you deselect "Cascade top document's permissions to 3rd party scripts" in NoScript's Options > Advanced > Trusted tab, which is what MrBrian is saying.
     
  15. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    658
    Location:
    Italy
  16. wshrugged

    wshrugged Registered Member

    Joined:
    Jun 12, 2009
    Posts:
    202
    Thank you, but that isn't it. "Cascade top...." is deselected. I'm using NoScript 2.6.9.22. The only other extensions I have are ublock origin (which I disabled to test) and wot.




    ETA : zmap.io also had been allowed in NoScript. That was the culprit. After disallowing I got the same result as Sampei. Thanks again.
     
    Last edited: May 21, 2015
  17. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    @ronjor , thanks, and I'd note that some SSH and VPN servers are also affected. The following link provides some guidance for what-to-do about it (the % of systems affected in SSH and IPsec-VPN were substantial)

    https://weakdh.org/sysadmin.html

    Seems like the general sense is to use elliptic curve based versions of DH.
     
  18. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
    You can also check for LogJam vulnerability on SslLabs:
    https://www.ssllabs.com/ssltest/viewMyClient.html
    Take note that it may be shown as not vulnerable when it is in fact vulnerable when the check is blocked by your firewall because it uses non-standard ports.
     
  19. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
  20. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  21. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    The statement "We’re expecting Mozilla to ship Firefox 39 final by disabling the above preferences." from the link in my last post might be incorrect. From https://addons.mozilla.org/en-US/firefox/addon/disable-dhe/:
     
  22. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  23. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    318
    Nice article MrBrian, did you examine the image illustrating the NSA system for attacking IPsec ? After looking at that I did some searching and came across this article.
    https://nohats.ca/wordpress/blog/2014/12/29/dont-stop-using-ipsec-just-yet/
    I assume most of what is said about IPsec is also true for TLS.

    I also looked up the NSA spec for their own internet traffic encryption.
    I wonder how many vpn's and email providers are meeting those standards.
     
    Last edited: Jun 5, 2015
  24. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    318
  25. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
    You can also disable all DHE ciphers in about:config:
    security.ssl3.dhe_*
    Note that you'll lose Forward Secrecy if a site only offers DHE and RSA ciphers, so it's best to enable them again as soon as the downgrade attack is fixed.(Planned for Firefox 39)
     
Loading...