Researchers Crack SSL Encryption

October 8, 2011

“Two security researchers, Thai Duong and Juliano Rizzo, are scheduled to demonstrate their BEAST (Browser Exploit Against SSL/TLS) at the Ekoparty security conference, but information about it was released previously and has created quite a stir in the security community, still rattled by the recent demonstration of fallibility of the CA trust system. BEAST is like a cryptographic Trojan horse -an attacker slips a bit of JavaScript into your browser, and the JavaScript collaborates with a network sniffer to undermine your HTTPS connection. It decrypts the cookies that carry the information – username and password – that allows users to access their accounts . Although TLS 1.1 has been available since 2006 and isn’t susceptible to BEAST’s chosen plaintext attack, virtually all SSL connections rely on the vulnerable TLS 1″, the media reported. Duong shared with The Register : “BEAST is different than most published attacks against HTTPS. While other attacks focus on the authenticity property of SSL, BEAST attacks the confidentiality of the protocol. As far as we know, BEAST implements the first attack that actually decrypts HTTPS requests .” Duong also claimed that with recently made improvements, it is able to decrypt a typical 1,000 to 2,000 characters long cookie in under ten minute.” What prevents people is that there are too many websites and browsers out there that support only SSL 3.0 and TLS 1.0. If somebody switches his websites completely over to 1.1 or 1.2, he loses a significant part of his customers and vice versa,” he added. And the experts say: “It means that encrypted transactions on PayPal, GMail, and many other websites are vulnerable to eavesdropping by hackers, or the Mullahs and other state thugs, who are able to control the connection between the end user and the website he’s visiting.”

qualys_tls_breakdown.png

The Register also adds: “Chief culprits for the inertia are the Network Security Services package used to implement SSL in Mozilla’s Firefox and Google’s Chrome browsers, and OpenSSL, an open-source code library that millions of websites use to deploy TLS . In something of a chicken-and-egg impasse, neither toolkit offers recent versions of TLS, presumably because the other one doesn’t. Ristic, who presented his findings at the Black Hat security conference in August, has found additional evidence that websites often delay deploying upgrades that fix SSL security holes. His analysis found that as much as 35 percent of websites had yet to patch a separate TLS vulnerability discovered in November 2009 that made it possible to inject text into encrypted traffic passing between two SSL endpoints . Researches said upgrading TLS is proving surprisingly difficult, mostly because almost every fix breaks widely used applications or technologies”. The media also added: “Also, that other applications that use the vulnerable TLS version – such as instant messaging and VPN programs -could be attacked with BEAST And if you’re wondering why a wide implementation of the newest versions of TLS has never happened even though they were released five and three years ago (respectively), the answer lays in the fact that updating it often means that other widely used technologies and popular applications won’t work as they should . This was corroborated by Duong, who say that they have been working with browser and SSL vendors since early May, but that every single proposed fix is incompatible with some existing SSL applications. The revelation that the last two versions (1.1 and 1.2) of the TLS cryptographic protocol are safe from such an attack gives almost no satisfaction, as the overwhelming majority of websites protected by it support version 1.0″, the media added. Now some Iranians ask: “Do the Mullahs use BEAST or the Mullah Beast ? Apparently the Mullah Beast is more dangerous than BEAST” And apparently Iranians only can have bad news in these days !


Albert Camus’s “The Plague”, 4

October 8, 2011

It’s the last part of our excerpts of The Plague, that is an allegorical story of our current world. Our excerpts are a very compact version of Albert Camus’s The Plague, and three parts have been published before, and here are the the last part :

The announcement that there had been 302 deaths in the third week of the plague did not stir the imagination . On the one hand, perhaps not all of them died of plague. And, on the other hand, no one in the town knew how many people died every week in ordinary times. The town had a population of two hundred thousand inhabitants. People had no idea if this proportion of deaths was normal … The fifth week produced 321 deaths and the sixth 345. These increases, at least, were convincing -but not enough for the townspeople, for all their anxiety, to abandon entirely the impression that it was merely an incident, annoying of course, but none the less temporary. So they went on walking around the streets and sitting on the cafe terraces. On the whole, they were not cowardly, joking with each other more often than bewailing their fate, and pretending to accept with good humor discomforts that would clearly not last. Appearances were saved. Yet around the end of the month, more or less during the week of prayer that is mentioned below, more serious transformations altered the face of the town. First of all the Prefect took steps to deal with traffic and supplies. Supplies were limited and petrol rationed. Measures were even taken to save electricity. Only essential goods would be brought by road or air to Oran. As a result, traffic decreased progressively until it almost disappeared altogether, some shops selling luxury goods shut down overnight and others hung ‘sold out’ notices in their windows, while queues of customers formed in front of their doors. So Oran took on an unusual appearance. The number of pedestrians rose and, at slack times, many people, who had been reduced to inactivity by the closing of shops and some offices, filled the streets and cafes … Of course the cinemas took advantage of this general holiday and did good business … Then, at the end of this same month, the ecclesiastical authorities of the town decided to wage war on the plague by their own means, by organizing a week of collective prayer… Whether this sermon had any effect on our townspeople is hard to say… Shortly after the sermon the warm weather began. It was approaching the end of June … The newspapers published decrees repeating the prohibition against going out and threatening the disobedient with prison. Patrols scoured the town … What is true of the ills of this world is also true of the plague. It may serve to make some people great. However, when you see the suffering and pain that it brings, you have to be mad, blind or a coward to resign yourself to the plague … The evil in the world comes almost always from ignorance, and goodwill can cause as much damage as ill-will if it is not enlightened. People are more often good than bad, though in fact that is not the question. But they are more or less ignorant and this is what one calls vice or virtue, the most appalling vice being the ignorance that thinks it knows everything and which consequently authorizes itself to kill … A lot of new moralists appeared in the town at this moment, saying that nothing was any use and that we should go down on our knees … And what precisely remains to be told before we come to the height of the plague, while the pestilence was gathering all its strength for an assault on the town, so that it could take hold of it for good, are the long, desperate, monotonous efforts that a few individuals like Rambert made to rediscover happiness and to preserve from the plague that part of themselves that they defended against all assault. This was their way of resisting the threat of slavery, and even though this resistance was evidently not as effective as the other, the narrator’s opinion is that it had its own logic and, in its very futility and contradictions, also bore witness to the element of pride in each of us at the time. Rambert struggled to prevent the plague from taking him. When it had been proved to him that he could not leave the town by legal means, he decided, as he told Rieux, to try the other sort … Rieux said: “You’re right, Rambert, quite right … But I have to tell you this: this whole thing is not about heroism. It’s about decency. It may seem a ridiculous idea, but the only way to fight the plague is with decency.’ ‘What is decency?’ Rambert asked, suddenly serious. ‘In general, I can’t say, but in my case I know that it consists in doing my job ‘, Dr. Rieux said. ‘I don’t know what my job is. Perhaps I really am wrong to choose love.’ Rieux stood in front of him. ‘No!’ he said emphatically. ‘You are not wrong.’ … Very early the next morning, Rambert telephoned the doctor: ‘Would you agree to let me work with you until I find the means to get out of town?’ There was a silence on the end of the line, then: ‘Yes, Rambert. Thank you’.

So, week in, week out, the prisoners of the plague struggled along as best they could. As we have seen, a few, like Rambert, even managed to imagine that they were acting as free men and that they could still choose. But in reality one could say, at that moment, in the middle of August, that the plague had covered everything. There were no longer any individual destinies, but a collective history that was the plague, and feelings shared by all . The greatest of these were feelings of separation and exile, with all that that involved of fear and rebellion. This is why the narrator feels it appropriate, at this high point of heat and sickness, to describe the general situation and, for the sake of examples, the violence of our living fellow-citizens, the burials of the dead and the suffering of parted lovers … It really is necessary to speak about burials, and the narrator apologizes for the fact … How can you avoid burials when the day comes when someone you love has need of one? Well, the main feature of our ceremonies at the start was speed! All the formalities were simplified and in general funerary pomp and circumstance were discarded … In time of plague, everything was sacrificed to efficiency. Moreover, while at the start the morale of the people was affected by such practices – because the desire to be decently buried is more widespread than you might think – luckily, after a short while, there was an urgent problem of food supplies and the attention of the inhabitants turned towards more immediate concerns … When the epidemic levelled out after August, the accumulated number of victims was far greater than the capacity of our little cemetery … The bodies were hastily thrown into pits … The narrator is perfectly well aware how unfortunate it is that he cannot here describe something truly spectacular, for example some reassuring hero or an impressive action, similar to those that one finds in old stories. The trouble is, there is nothing less spectacular than a pestilence and, if only because they last so long, great misfortunes are monotonous. In the memory of those who have lived through them, the dreadful days of the plague do not seem like vast flames, cruel and magnificent, but rather like an endless trampling that flattened everything in its path … Did our fellow-citizens, at least those who suffered the most from this separation, ever get used to the situation? … At the start of the plague they remembered the person whom they had lost very well and they were sorry to be without them … then they had memory but not enough imagination.And at the second stage of the plague the memory also went … No one among us experienced any great feelings any more, but everyone had banal feelings. ‘It’s time it ended,’ they said, because, in a period of pestilence, it is normal to wish for the end of collective suffering and because they really did want it to end. But the words were spoken without the anger or bitterness of the early days, and only with the few arguments that still remained clear to us, which were feeble ones. The great, fierce surge of feeling of the first weeks had given way to a dejection … The townspeople had adapted, they had come to heel, as people say, because that was all they could do. Naturally, they still had an attitude of misfortune and suffering, but they did not feel its sting … The truth must be told: the plague had taken away from all of them the power of love or even of friendship, for love demands some future, and for us there was only the here and now … But what did they look like, these separated people, you ask. Well, the answer is simple: like nothing. Or, if you prefer, they looked like everyone, part of the general scene … During the months of September and October the plague kept the town bent beneath it. As it was a case of marking time, many hundreds of thousands of people were still kicking their heels for endless weeks. Mist, heat and rain followed one another in the sky … Rieux and his friends now discovered how tired they were. Indeed, the members of the health teams could no longer overcome their tiredness. Dr Rieux noticed it when he observed the steady growth of a strange indifference in himself and in his friends … Discovering, seeing, describing, noting and then condemning – that was Dr. Rieux’s task. Wives would seize him by the wrist and scream: ‘Doctor, give him life!’ But he was not there to give life, he was there to order isolation. What use then was the hatred that he could read on people’s faces? ‘You have no heart,’ someone once told him … But the most dangerous effect of the exhaustion that gradually overtook all those who carried on this struggle against the affliction was not this indifference to outside events and the feelings of others, but the neglect to which they gave way. They tended at this time to avoid any gesture that was not absolutely necessary or which seemed to them to tax their strength too much. As a result, these men came increasingly to neglect the very rules of hygiene that they had drawn up, to overlook some of the various disinfecting procedures that they ought to apply to themselves; they would sometimes hurry to see patients suffering from pulmonary plague without taking the necessary precautions … This is where the real danger lay, because it was the very struggle against the plague that made them more vulnerable to the plague; in short, they were gambling on chance and chance is on nobody’s side.

Poor families consequently found themselves in a very difficult situation, while the rich lacked for practically nothing. Because of the efficient impartiality which it brought to its administrations, the plague should have worked for greater equality among our fellow-citizens through the normal interplay of egoism, but in fact it heightened the feeling of injustice in the hearts of men. Of course, no one could fault the equality of death, but it was not one that anybody wanted. … Naturally, the newspapers followed the order that they had been given, to be optimistic at any cost. Reading them you would think that the main characteristic of the situation was ‘the moving example of calm and courage’ shown by the people. But in a town shut in on itself, where nothing could remain secret, no one had any illusions about the ‘example’ given by the population . And, to get a correct notion of the calm and courage in question, one had only to go into a place of quarantine or one of the isolation camps that the authorities had set up … In his notebooks, Tarrou describes a visit that he made with Rambert to the camp situated in the municipal stadium … The stands were full of people, and the field was covered with several hundred red tents inside which one could see, from a distance, bedding and bundles … these are forgotten people and they know it. Their acquaintances have forgotten them because they are thinking about other things, and that is quite understandable. As for those who love them, they have also forgotten them because they must be exhausting themselves in appeals and schemes to get them out. The more they think about getting them out, the less they think about the person to be got out. That, too, is normal. And when it comes down to it, you realize that no one is really capable of thinking of anyone else, even in the worst misfortune. … There were several other camps of the same kind in the town … Rieux and Tarrou found Grand half-seated in his bed, and Dr. Rieux was horrified to see on his face the progress of the disease that was eating him up … After injecting the serum, Rieux told his friend that Grand would not survive the night and Tarrou offered to stay. The doctor accepted. Throughout the night Rieux was haunted by the idea that Grand was dying. Yet the following morning he found him sitting up in bed talking to Tarrou. His temperature was normal. He showed only the usual symptoms of complete exhaustion … By the evening Grand could be considered saved. Rieux could not understand this resurrection … The general statistics showed a decline in the disease … “Although this sudden decline in the disease was unexpected, the townspeople were in no hurry to celebrate. The preceding months, though they had increased the desire for liberation, had also taught them prudence and accustomed them to count less and less on a rapid end to the epidemic. However, this new development was the subject of every conversation and, in the depths of people’s hearts, there was a great, unadmitted hope. All else was secondary … And, in truth, the plague did not end in a few days … In reality, it was hard to decide whether this was a victory or not. All one could do was to observe that the sickness seemed to be going as it had arrived. The strategy being used against it had not changed; it had been ineffective yesterday, and now it was apparently successful. One merely had the feeling that the disease had exhausted itself, or perhaps that it was retiring after achieving all its objectives. In a sense, its role was completed … The population lived in this secret turmoil until January 25. In that week the figures fell so low that, after consulting the medical commission, the Prefecture announced that the epidemic could be considered under control … the gates of the town would remain closed for two more weeks and sanitary measures continued for a month … The gates of the town finally opened, at dawn one fine February morning, and the event was hailed by the people, the newspapers, the radio … They were dancing on every square. Traffic had increased considerably from one day to the next and the cars, of which there were now many more, had difficulty driving along the packed streets. The bells of the town pealed out continually throughout the afternoon, filling the blue and gold sky with their vibrations. In the churches, they were holding services of thanksgiving. But at the same time places of pleasure were full to bursting and the cafes were handing out their last supplies of spirits, with no thought to the future … the plague bacillus never dies or vanishes entirely, that it can remain dormant for dozens of years in furniture or clothing, that it waits patiently in bedrooms, cellars, trunks, handkerchiefs and old papers, and that perhaps the day will come when, for the instruction or misfortune of mankind, the plague will rouse its rats and send them to die in some well-contented city