No, Websites Shouldn't Roll Their Own Encryption

from the just-use-ssl dept

Ben Adida calls out Apple for the poor security of its MobileMe web applications and AppleInsider for its misguided defense of Apple’s design. Most users know that a special “lock” icon in the corner of their browser is a signal that the contents of the current website is encrypted in transit, protecting it from third-party eavesdropping. Evidently, users of MobileMe have been alarmed that MobileMe applications don’t take advantage of this feature, even when sensitive information is being transmitted. Appleinsider says this is no big deal because Apple uses “authenticated handling of JSON data exchanges” to ensure security, and as a result SSL is unnecessary. Moreover, “if Apple applied SSL encryption in the browser, it would only slow down every data exchange without really improving security, and instead only provide pundits with a false sense of security that distracts from real security threats.”

As Adida points out, this is way off base. A malicious individual may discover a security hole in the unencrypted part of the site that Apple’s engineers didn’t think of. Encrypting the entire session, rather than just the parts that Apple thinks are security-sensitive, provides an important extra layer of protection. There’s also a more fundamental problem with AppleInsider’s argument: without SSL, the user has no real assurances that he’s talking to Apple, rather than a third party executing a man-in-the-middle attack (perhaps using a poisoned DNS cache). SSL requires servers to present a certificate signed by a recognized certificate authority in order to prove that it’s the website it claims to be. That makes it difficult for a third party to masquerade as a legitimate SSL-encrypted website.

The scheme works because the authentication algorithm is baked into the browser and can’t be changed by the website being visited. In contrast, if the authentication is performed by JavaScript code that was supplied by the server you’re trying to authenticate, the “authentication” process is completely useless. A man-in-the-middle attacker can simply substitute his own bogus authentication script for the real one, and no one will notice the difference. So even if you have complete faith in Apple’s ability to write secure authentication algorithms, you can’t trust a non-SSL website purporting to be from Apple because there’s no way to be sure it’s actually an Apple server.

Training ordinary users to follow good security practices is notoriously difficult. Widespread user understanding and acceptance of the “lock” icon in their browsers is arguably the most significant improvement in web security since the web was created. It’s extremely counterproductive to undermine use confidence in SSL by telling users to put their faith in Apple’s magical homebrew crypto algorithms instead.

Filed Under: , ,
Companies: apple

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “No, Websites Shouldn't Roll Their Own Encryption”

Subscribe: RSS Leave a comment
27 Comments
Michael Janke (profile) says:

JSON - Security

They’ve apparently decided that session encryption is unnecessary.

From JSON.org:

“Any time you are transmitting confidential information or requests for confidential information, use SSL. It provides link encryption so that your secrets are not revealed in transit.”

So the service is vulnerable to session hijacking. Unfortunately so are many other similar services.

Jesse McNelis (user link) says:

Re: Use SSL and use it properly, dammit!

“Encryption not used properly is worthless, people!”

Encryption not used properly is worse than worthless, it’s actually dangerous because it gets people the impression that their data is actually safe.

I’m surprised that a big company like apple is doing something stupid like this.

Jon (profile) says:

Re: Peter Gutmann once said:

Speaking of replacing.. err.. enhancing SSL/SSH, I just posted about Perspectives on my blog. There is also a link to the article on Ars where I came across it.

http://www.nnbfn.net/2008/08/26/additional-protection-from-man-in-the-middle-attacks/

http://arstechnica.com/news.ars/post/20080826-network-notary-system-thwarts-man-in-the-middle-attacks.html

Mike says:

this is only a concerno over WiFi

There is inherent encryption in the cellular network, and throught he shear amount of connections it is virtually impossible to hack a cellular data connection. I realize that SSL would be more secure, but how much is too much. There are MANY other less secure ways we give out our credentials. think of prison imates taking creditcard orders over the phone. Social hacking and the like are still the wosrt threat to personal information security.

Anonymous Coward says:

Re: this is only a concerno over WiFi

I’m not sure what you mean by this. If you’re looking at websites on your phone, that data’s hitting the Internet at some point and any encryption inherent on the cellular network becomes inconsequential. If there’s a man-in-the-middle attack leveraging a poisoned DNS, you’re going to be giving that data to someone who isn’t who you think they are. And as most such attacks are not done manually, the fact that there are a large amount of connections isn’t a problem (so long as the hacker’s attack scales well).

orb says:

It’s the blind faith that appleinsider affords apple that is really scarry. A lot of sites are guilty of this sort of pandering, and it’s not just apple fanboys either. When I see companies abuse the privacy of it’s cutomers then I expect those with an audience to hold there feet to the fire. Always remain skeptical, a good philosophy to live your life to. ESL

Chris Brenton says:

Couple of points

The little lock icon on the browser does not actually mandate encryption. It only specifies that HTTPS (HTTP over SSL) is being used as a transport. SSL V2, V3 & TLS all include two supported negotiations which provide authentication without encryption. The only way to be sure your sessions are always encrypted is to check your browser settings to ensure authentication only is disabled as a possible negotiation.
As pointed out above, the flaw in Apple’s system is that it provides encryption without any initial authentication. It relies on DNS being secure which history shows is *not* a proper assumption. Most of the industry figured out seven years ago that proprietary solutions are typically flawed. Apple needs to get with the times.

Nicholas Iler says:

Encryption is all you need - There are different ways to implement.

SSL is not the only way to encrypt data, although, it does appear to be the only way for the user to be fully assured that their data is secured due to the presence of the lock icons and green search bars.

I can understand the developers point of view. In some cases technology won’t work as intended when you add layers that bottle neck its performance. JSON objects are just data strings and keys, if you encrypt these objects it should show up as the same garbled text as it would on SSL if someone where to sniff it out. Also, why constantly encrypt all data on the page when maybe only 5% of the data needs encrypting. Performance is very important to Americans, we wait for nothing.

Unless someone can prove other forms of encryption not SSL specifically are worthless and text is readable to sniffers, this topic is off.

Anonymous Coward says:

Re: Encryption is all you need - There are different ways to implement.

“why constantly encrypt all data on the page when maybe only 5% of the data needs encrypting.”

I tend to agree, it just seem like bad practice. Personally I have big problems with what Apple is doing here, the only real issue I can see is it does make the ability to spoof it easier.

Lawrence D'Oliveiro says:

Re: Re: Encryption is NOT all you need

“why constantly encrypt all data on the page when maybe only 5% of the data needs encrypting.”

It’s not just about confidentiality (ensuring nobody else can snoop the data), it’s also about authentication (being sure the data comes from who you think it does). SSL/TLS does both. It’s common-or-garden, off-the-shelf technology. Implemented properly, it works. Use it! Don’t try reinventing your own inferior substitute!

Anonymous Coward says:

Re: Encryption is all you need - There are different ways to implement.

Unless someone can prove other forms of encryption not SSL specifically are worthless and text is readable to sniffers, this topic is off.

If you’re asking the public to trust your home-brew encryption then I think it is incumbent on you to show that it is trustworthy, not the other way around.

Nicholas Iler says:

Re: Re: Encryption is all you need - There are different ways to implement.

Its quite difficult to screw up PHP’s built-in encryption for example | PHP Encrypt Function | Most programming languages have Cryptography functions for this purpose. The same type used to encrypt SSL connections. You won’t know when it’s being used unless a developer tells you it is none-the-less it is still effective in preventing snoopers, although, very ineffective in proving it to the web user.

Lawrence D'Oliveiro says:

Re: Encryption is NOT all you need

Nicholas Iler spouted the following bullshit:

Unless someone can prove other forms of encryption not SSL specifically are worthless and text is readable to sniffers, this topic is off.

Unless and until you go away and read up a bit about “man-in-the-middle” attacks, you have no idea what you’re talking about.

Nicholas Iler says:

Re: Re: Encryption is NOT all you need

Attack servers setup to fool users into thinking they are on a Bank of America site for example and acting as a proxy to the real destination server. Because the “middle” attack server has authenticated the user the attacker can view your encrypted text as clear text. I got it!

There is allot of attention shown to the naive web user not the websites being spoofed. Bottom line, if you reach a website that has a certificate error or warning, you should not enter anything private. SSL or not you can be victim.

And why does Apple have to change to SSL when they may still be susceptible to “man-in-the-middle” attacks anyway? Don’t answer that. What’s the point? Don’t answer that either.

I admire your depth Lawrence, but I’m not sure the solution is forcing all to use SSL for everything either way (but that’s not your point, I know. You stated “Use SSL and use it properly, dammit!”). Banks sure, I want exploding computers and homing missiles protecting my account. But emails, you are wasting your time spoofing anything of mine not financial related. Good job Firefox for not accepting self-signed certificates.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...