Browser Exploit Against SSL/TLS (BEAST)—Another Blow to Browser Security
Aside from crisis situations involving now-defunct Certificates Authorities, other SSL news has been making waves in the security community the past week. The Browser Exploit Against SSL/TLS (BEAST) demonstrated by Juliano Rizzo and Thai Duong this past Friday was proof that under a complex set of circumstances, 'secure' information can, in fact, be decrypted by an attacker. While the complexities of this attack are likely to be prohibitive for just any attacker to leverage, the reality of its possibility is enough to take a deep breath and question "what's next?" in the litany of failures for our system of [supposedly] secure web browsing.
In response to this situation, Microsoft has already published an advisory and subsequently, their Knowledge Base article which provides a fix by enabling the non-vulnerable TLS 1.1 implementation if available. On the Google Chrome side of things, there's a submitted patch which will provide a backwards-compatible workaround for the issue. The fix is seemingly the same as what Tor does by using, "OpenSSL's "empty fragment" feature, which inserts a single empty TLS record before every record it sends. This effectively randomizes the IV of the actual records, like a low-budget TLS 1.1." (Tor and BEAST).
What should irk people more than the fact that they continually have a new fear about using their web browser to conduct personal or business-sensitive matters is the reality that this vulnerability has been solved already. The lack of wide-spread, default implementation of updated versions of TLS is a real concern if we are going to keep going down this path. TLS 1.1 (SSL 3.2) was defined in RFC 4346 April of 2006. TLS 1.2 (SSL 3.3) was defined in RFC 5246 August 2008. Despite those lengthy timelines, we're still caught shocked that this vulnerability exists in a version of TLS from January 1999. More so, in the case of Apple, we don't even know for sure what version of TLS is implemented in Safari!
The every-day user shouldn't be fearful of BEAST, but they should be fearful of the lack of follow-through by browser vendors to adhere to newer standards which are the foundation of the web. Generally when there is an improved version of some technology, people are seen as negligent if they don't update in a timely fashion. With TLS, we've had the technology, and we've done nothing with it in a measurable way. That's the real failure and story of this entire situation. We can do better and should ask that of our browser vendors.