(LiveHacking.Com) – Juliano Rizzo and Thai Duong have released details of a vulnerability in TLS (Transport Layer Security) 1.0, the encryption mechanism used in HTTPS (Secure Hypertext Transfer Protocol). TLS is the successor to SSL (Secure Sockets Layer) and is widely used on the Internet. The vulnerability resides in versions 1.0 and earlier of TLS, but not in versions 1.1 and 1.2, however they remain almost entirely unsupported in browsers and websites.
At the Ekoparty security conference in Buenos Aires, Juliano and Thai released a tool, known as BEAST (Browser Exploit Against SSL/TLS), that compromises TLS by exploiting the vulnerability that has actually been known about for years but which has been regarded as just theoretical until now.
The problem is all to do with block ciphers and Cipher Block Chaining (CBC). With CBC, each ciphertext message starts with a single extra random block, or IV (“initialization vector”). TLS <= 1.0 uses CBC but has a problem in that instead of using a new random IV for every TLS message sent, it uses the ciphertext of the last block of the last message as the IV for the next message. This means that the IV is now something an attacker can predict. A more detailed look at how the attack works can be found here.
The two-factor authentication service PhoneFactor has suggested websites use the RC4 cipher to encrypt SSL traffic instead of algorithms such as AES and DES, as RC4 is not vulnerabile to this CBC/IV problem.
According to Sophos, the pair reported their findings to the major browser vendors a month ago. However so far Google is the only company to respond with a fix (which can currently be found in the beta test versions of the browser).