No, Websites Shouldn't Roll Their Own Encryption

from the just-use-ssl dept

Ben Adida calls out Apple for the poor security of its MobileMe web applications and AppleInsider for its misguided defense of Apple's design. Most users know that a special "lock" icon in the corner of their browser is a signal that the contents of the current website is encrypted in transit, protecting it from third-party eavesdropping. Evidently, users of MobileMe have been alarmed that MobileMe applications don't take advantage of this feature, even when sensitive information is being transmitted. Appleinsider says this is no big deal because Apple uses "authenticated handling of JSON data exchanges" to ensure security, and as a result SSL is unnecessary. Moreover, "if Apple applied SSL encryption in the browser, it would only slow down every data exchange without really improving security, and instead only provide pundits with a false sense of security that distracts from real security threats."

As Adida points out, this is way off base. A malicious individual may discover a security hole in the unencrypted part of the site that Apple's engineers didn't think of. Encrypting the entire session, rather than just the parts that Apple thinks are security-sensitive, provides an important extra layer of protection. There's also a more fundamental problem with AppleInsider's argument: without SSL, the user has no real assurances that he's talking to Apple, rather than a third party executing a man-in-the-middle attack (perhaps using a poisoned DNS cache). SSL requires servers to present a certificate signed by a recognized certificate authority in order to prove that it's the website it claims to be. That makes it difficult for a third party to masquerade as a legitimate SSL-encrypted website.

The scheme works because the authentication algorithm is baked into the browser and can't be changed by the website being visited. In contrast, if the authentication is performed by JavaScript code that was supplied by the server you're trying to authenticate, the "authentication" process is completely useless. A man-in-the-middle attacker can simply substitute his own bogus authentication script for the real one, and no one will notice the difference. So even if you have complete faith in Apple's ability to write secure authentication algorithms, you can't trust a non-SSL website purporting to be from Apple because there's no way to be sure it's actually an Apple server.

Training ordinary users to follow good security practices is notoriously difficult. Widespread user understanding and acceptance of the "lock" icon in their browsers is arguably the most significant improvement in web security since the web was created. It's extremely counterproductive to undermine use confidence in SSL by telling users to put their faith in Apple's magical homebrew crypto algorithms instead.



Reader Comments (rss)

(Flattened / Threaded)

  •  
    identicon
    Michael Janke, Aug 25th, 2008 @ 6:08pm

    JSON - Security

    They've apparently decided that session encryption is unnecessary.

    From JSON.org:

    "Any time you are transmitting confidential information or requests for confidential information, use SSL. It provides link encryption so that your secrets are not revealed in transit."

    So the service is vulnerable to session hijacking. Unfortunately so are many other similar services.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Lawrence D'Oliveiro, Aug 25th, 2008 @ 6:24pm

    Use SSL and use it properly, dammit!

    The ones saying you don't need SSL are just as clueless as those attacking Firefox for refusing to accept self-signed SSL certificates. Encryption not used properly is worthless, people!

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Jesse McNelis, Aug 25th, 2008 @ 8:17pm

      Re: Use SSL and use it properly, dammit!

      "Encryption not used properly is worthless, people!"

      Encryption not used properly is worse than worthless, it's actually dangerous because it gets people the impression that their data is actually safe.

      I'm surprised that a big company like apple is doing something stupid like this.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        chris (profile), Aug 26th, 2008 @ 6:39am

        Re: Re: Use SSL and use it properly, dammit!

        I'm surprised that a big company like apple is doing something stupid like this.

        the germans in WWII thought their encryption was perfect too. i wonder if that is a side effect of reality distortion fields.

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    Coyote, Aug 25th, 2008 @ 6:52pm

    Peter Gutmann once said:

    "Whenever someone thinks that they can replace SSL/SSH with something much better that they designed this morning over coffee, their computer speakers should generate some sort of penis-shaped sound wave and plunge it repeatedly into their skulls until they achieve enlightenment."

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Mike, Aug 25th, 2008 @ 8:12pm

    this is only a concerno over WiFi

    There is inherent encryption in the cellular network, and throught he shear amount of connections it is virtually impossible to hack a cellular data connection. I realize that SSL would be more secure, but how much is too much. There are MANY other less secure ways we give out our credentials. think of prison imates taking creditcard orders over the phone. Social hacking and the like are still the wosrt threat to personal information security.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Aug 26th, 2008 @ 5:23am

      Re: this is only a concerno over WiFi

      I'm not sure what you mean by this. If you're looking at websites on your phone, that data's hitting the Internet at some point and any encryption inherent on the cellular network becomes inconsequential. If there's a man-in-the-middle attack leveraging a poisoned DNS, you're going to be giving that data to someone who isn't who you think they are. And as most such attacks are not done manually, the fact that there are a large amount of connections isn't a problem (so long as the hacker's attack scales well).

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      Jon (profile), Aug 26th, 2008 @ 9:13am

      Re: this is only a concerno over WiFi

      And everyone always forgets about the insider... Who cares about encryption if you are on the inside of the encrypted network.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    inc, Aug 25th, 2008 @ 8:54pm

    Tim, I couldn't agree with you more. One just needs to run tcpdump with the -s0 -A switch to see what kind of data is available in plain text to understand how important SSL is. Sniff your own network and see what kind of data you are leaking out. It may surprise you.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    orb, Aug 25th, 2008 @ 10:54pm

    It's the blind faith that appleinsider affords apple that is really scarry. A lot of sites are guilty of this sort of pandering, and it's not just apple fanboys either. When I see companies abuse the privacy of it's cutomers then I expect those with an audience to hold there feet to the fire. Always remain skeptical, a good philosophy to live your life to. ESL

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Chris Brenton, Aug 26th, 2008 @ 12:22am

    Couple of points

    The little lock icon on the browser does not actually mandate encryption. It only specifies that HTTPS (HTTP over SSL) is being used as a transport. SSL V2, V3 & TLS all include two supported negotiations which provide authentication without encryption. The only way to be sure your sessions are always encrypted is to check your browser settings to ensure authentication only is disabled as a possible negotiation.
    As pointed out above, the flaw in Apple's system is that it provides encryption without any initial authentication. It relies on DNS being secure which history shows is *not* a proper assumption. Most of the industry figured out seven years ago that proprietary solutions are typically flawed. Apple needs to get with the times.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    John Doe, Aug 26th, 2008 @ 1:28am

    Shame on Apple, another reason to switch to Blackberry Thunderbird ....

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Nicholas Iler, Aug 26th, 2008 @ 10:34am

    Encryption is all you need - There are different ways to implement.

    SSL is not the only way to encrypt data, although, it does appear to be the only way for the user to be fully assured that their data is secured due to the presence of the lock icons and green search bars.

    I can understand the developers point of view. In some cases technology won't work as intended when you add layers that bottle neck its performance. JSON objects are just data strings and keys, if you encrypt these objects it should show up as the same garbled text as it would on SSL if someone where to sniff it out. Also, why constantly encrypt all data on the page when maybe only 5% of the data needs encrypting. Performance is very important to Americans, we wait for nothing.

    Unless someone can prove other forms of encryption not SSL specifically are worthless and text is readable to sniffers, this topic is off.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Aug 26th, 2008 @ 11:24am

      Re: Encryption is all you need - There are different ways to implement.

      "...this topic is off."

      Go stuff yourself.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Aug 26th, 2008 @ 12:35pm

      Re: Encryption is all you need - There are different ways to implement.

      "why constantly encrypt all data on the page when maybe only 5% of the data needs encrypting."

      I tend to agree, it just seem like bad practice. Personally I have big problems with what Apple is doing here, the only real issue I can see is it does make the ability to spoof it easier.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Lawrence D'Oliveiro, Aug 28th, 2008 @ 7:06pm

        Re: Encryption is NOT all you need

        "why constantly encrypt all data on the page when maybe only 5% of the data needs encrypting."

        It's not just about confidentiality (ensuring nobody else can snoop the data), it's also about authentication (being sure the data comes from who you think it does). SSL/TLS does both. It's common-or-garden, off-the-shelf technology. Implemented properly, it works. Use it! Don't try reinventing your own inferior substitute!

         

        reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Aug 26th, 2008 @ 6:17pm

      Re: Encryption is all you need - There are different ways to implement.

      Unless someone can prove other forms of encryption not SSL specifically are worthless and text is readable to sniffers, this topic is off.
      If you're asking the public to trust your home-brew encryption then I think it is incumbent on you to show that it is trustworthy, not the other way around.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Nicholas Iler, Aug 27th, 2008 @ 10:07am

        Re: Re: Encryption is all you need - There are different ways to implement.

        Its quite difficult to screw up PHP's built-in encryption for example | PHP Encrypt Function | Most programming languages have Cryptography functions for this purpose. The same type used to encrypt SSL connections. You won't know when it's being used unless a developer tells you it is none-the-less it is still effective in preventing snoopers, although, very ineffective in proving it to the web user.

         

        reply to this | link to this | view in chronology ]

    •  
      identicon
      Lawrence D'Oliveiro, Aug 28th, 2008 @ 7:02pm

      Re: Encryption is NOT all you need

      Nicholas Iler spouted the following bullshit:

      Unless someone can prove other forms of encryption not SSL specifically are worthless and text is readable to sniffers, this topic is off.

      Unless and until you go away and read up a bit about "man-in-the-middle" attacks, you have no idea what you're talking about.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Nicholas Iler, Aug 31st, 2008 @ 12:59am

        Re: Re: Encryption is NOT all you need

        Attack servers setup to fool users into thinking they are on a Bank of America site for example and acting as a proxy to the real destination server. Because the "middle" attack server has authenticated the user the attacker can view your encrypted text as clear text. I got it!

        There is allot of attention shown to the naive web user not the websites being spoofed. Bottom line, if you reach a website that has a certificate error or warning, you should not enter anything private. SSL or not you can be victim.

        And why does Apple have to change to SSL when they may still be susceptible to "man-in-the-middle" attacks anyway? Don't answer that. What's the point? Don't answer that either.

        I admire your depth Lawrence, but I'm not sure the solution is forcing all to use SSL for everything either way (but that's not your point, I know. You stated "Use SSL and use it properly, dammit!"). Banks sure, I want exploding computers and homing missiles protecting my account. But emails, you are wasting your time spoofing anything of mine not financial related. Good job Firefox for not accepting self-signed certificates.

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    Kevin, Aug 27th, 2008 @ 6:45pm

    Re: Encryption

    The sad thing is that most all of this encryption is virtually useless as the encryption protocols are out there for everyone who wants to know and use. Granted most of the "hackers" or "bad people " out there are not smart enough to use them.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Kaelyn, Jan 13th, 2009 @ 4:33pm

    Hey i am just commenting on your web site i am at school but it is Club house it is so much fun

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Marius, Feb 22nd, 2010 @ 12:35pm

    I think server side encryption is definitely necessary when sensitive information is being handled. Some people mistakenly think the presence of encryption software denotes a suspicious website, but in most cases the opposite is actually the case

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This