After Apple's "goto fail", GNU TLS library has similar bug

The_Assimilator

Apparently this bug colossal fuckup has been there since 2005. Which is nearly a decade. GOGO LINUX SECURITY, how's that "many eyes" thing working out for you?

This time, instead of a single misplaced "goto fail" command, the mistakes involve errors with several "goto cleanup" calls. The GnuTLS program, in turn, prematurely terminates code sections that are supposed to establish secure TLS connections only after the other side presents a valid X509 certificate signed by a trusted source. Attackers can exploit the error by presenting vulnerable systems with a fraudulent certificate that is never rejected, despite its failure to pass routine security checks. The failure may allow attackers using a self-signed certificate to pose as the cryptographically authenticated operator of a vulnerable website and to decrypt protected communications. It's significant that no one managed to notice such glaring errors, particularly since they were contained in code that anyone can review.

Matt Green, a Johns Hopkins University professor specializing in cryptography, characterized the vulnerability this way: "It looks pretty terrible."

My favourite part of that code (not related to the vulnerability):

if (result == 1)
{
  result = 1;
  goto cleanup;
}

Gotta make sure that 1 is 1... after all, when it comes to security, you can never make any assumptions!

edit: yes I realise this topic was posted before but that thread failed to elicit the appropriate amount of disdain, so let's try another round. Also morbs is back now.

Weng

 At this point, I'm assuming all the TLS implementation libraries have elementary programming errors.

bstorer

Something, something NSA.

The most galling thing in this entire article is the image. Look at that fucking thing, a dickhead acting out an extremely tenuous connection to the article's contents. I want to stab everyone involved in its creation repeatedly.

Guest

@The_Assimilator said:

Apparently this bug colossal fuckup has been there since 2005.

Matt Green, a Johns Hopkins University professor specializing in cryptography, characterized the vulnerability this way: "It looks pretty terrible."

These articles are always so much better when the experts weigh in.

Ben L.

@bstorer said:

Something, something NSA.

The most galling thing in this entire article is the image. Look at that fucking thing, a dickhead acting out an extremely tenuous connection to the article's contents. I want to stab everyone involved in its creation repeatedly.

LoremIpsum

@Ben L. said:

@bstorer said:

Something, something NSA.

The most galling thing in this entire article is the image. Look at that fucking thing, a dickhead acting out an extremely tenuous connection to the article's contents. I want to stab everyone involved in its creation repeatedly.

 

boomzilla

Has there been any reporting on actual exploits of this or the Apple thing? We hear about terrible bugs like these two, and terrible breaches (e.g., Target), but those seem to be something other than an epic bug like this stuff.

dkf

@boomzilla said:

actual exploits of this

Surely that would depend on having actual users of GNU TLS? I don't recall ever seeing anyone actively choose it for their code.

boomzilla

@dkf said:

@boomzilla said:

actual exploits of this

Surely that would depend on having actual users of GNU TLS? I don't recall ever seeing anyone actively choose it for their code.

Fat drunk and stupid is no way to go through life, son (but it can make for a pretty awesome spring break). Though I also asked about Apple. Seriously...are these serious problems that lead to serious breaches, or just potentially serious things that sound really awful but never amount to anything (like newlines in file names)?

KattMan

@boomzilla said:

@dkf said:

@boomzilla said:

actual exploits of this

Surely that would depend on having actual users of GNU TLS? I don't recall ever seeing anyone actively choose it for their code.

Fat drunk and stupid is no way to go through life, son (but it can make for a pretty awesome spring break). Though I also asked about Apple. Seriously...are these serious problems that lead to serious breaches, or just potentially serious things that sound really awful but never amount to anything (like newlines in file names)?

I think the response somewhat fits. No one of any note using Apple products either. When your market share is so low, you don't get hacked so often. Now if Apple had 80% of the market this would have been fixed years ago.

dkf

@boomzilla said:

Fat drunk and stupid is no way to go through life, son (but it can make for a pretty awesome spring break).

I didn't mean the list of packages where some nutty maintainer had forced the software to use a dependency it wasn't intended for originally, but rather the list of things that really depend on it necessarily.

bstorer

@boomzilla said:

@dkf said:

@boomzilla said:

actual exploits of this

Surely that would depend on having actual users of GNU TLS? I don't recall ever seeing anyone actively choose it for their code.

Fat drunk and stupid is no way to go through life, son (but it can make for a pretty awesome spring break). Though I also asked about Apple. Seriously...are these serious problems that lead to serious breaches, or just potentially serious things that sound really awful but never amount to anything (like newlines in file names)?

NOOO! Not elinks and mutt! How will I ever use the internet 20 years ago?!

Frosh

@The_Assimilator said:

My favourite part of that code (not related to the vulnerability):

if (result == 1)
{
  result = 1;
  goto cleanup;
}

Gotta make sure that 1 is 1... after all, when it comes to security, you can never make any assumptions!

I don't see any issue here. For we know, they've redefined the = operator with some kind of side effect. What if it's some kind of home-brewed reference counter?

dkf

@Frosh said:

For we know, they've redefined the = operator with some kind of side effect.

I know that's legal C++ and all, but if someone's done that then they need to die horribly.

For the good of mankind.

LoremIpsum

@dkf said:

@boomzilla said:

Fat drunk and stupid is no way to go through life, son (but it can make for a pretty awesome spring break).

I didn't mean the list of packages where some nutty maintainer had forced the software to use a dependency it wasn't intended for originally, but rather the list of things that really depend on it necessarily.

What about filezilla and chromium-browser? Or are these not what I think they are? Because both of those sound pretty important.

boomzilla

@dkf said:

@boomzilla said:

Fat drunk and stupid is no way to go through life, son (but it can make for a pretty awesome spring break).

I didn't mean the list of packages where some nutty maintainer had forced the software to use a dependency it wasn't intended for originally, but rather the list of things that really depend on it necessarily.

I can't figure out what the heck you're talking about. At least bstorer cherry picked some lame-o stuff to make fun of. How does software " really depend on it necessarily" as opposed to whatever you think stuff like chromium and apache and curl and vnc are doing with it? Or are you saying that the Debian maintainers are re-writing the stuff to depend on gnu tls instead of whatever homebrew cryptography the original authors wanted to use?

I mean, RMS has a lot of things going against him, but when you're targeting a system based on GNU, why wouldn't you use the stuff that's there (and the same goes for MS and Apple systems, of course)?

DCRoss

@LoremIpsumDolorSitAmet said:

What about filezilla and chromium-browser? Or are these not what I think they are? Because both of those sound pretty important.

 

And even more importantly, how did I not know that Debian had a web browser called "XXXTerm"?

 

 

Snooder

@DCRoss said:

@LoremIpsumDolorSitAmet said:

What about filezilla and chromium-browser? Or are these not what I think they are? Because both of those sound pretty important.

 

And even more importantly, how did I not know that Debian had a web browser called "XXXTerm"?

?? Please elaborate.

 

morbiuswilters

Dear God, a vulnerability in GnuTLS!? Think of all the MUDs that were probably compromised by this!

morbiuswilters

@Frosh said:

@The_Assimilator said:

My favourite part of that code (not related to the vulnerability):

if (result == 1)
{
  result = 1;
  goto cleanup;
}

Gotta make sure that 1 is 1... after all, when it comes to security, you can never make any assumptions!

I don't see any issue here. For we know, they've redefined the = operator with some kind of side effect. What if it's some kind of home-brewed reference counter?

Um, did I miss the part where GnuTLS is in C++? Or where overloading the = operator in C++ for something like this would be non-asinine? Or where using C++ in the first place isn't a WTF?

morbiuswilters

@Weng said:

 At this point, I'm assuming all the TLS implementation libraries have elementary programming errors.

Now I feel even more reassured that Go decided to implement their own fucking SSL library.

Go: For when one gaping SSL security hole in your system isn't enough.

derp

@bstorer said:

Something, something NSA.

The most galling thing in this entire article is the image. Look at that fucking thing, a dickhead acting out an extremely tenuous connection to the article's contents. I want to stab everyone involved in its creation repeatedly.

Ars is about as fucking pretentious as it gets.  I stopped reading when one of their editors did some fluff peice on how she can do all her work on an iPad.  Everyone commented that she is an idiot and out of touch, and all the males working an Ars jumped in to defend her like a bunch of horny high school nerds .  They started banning people from commenting for fuck sake.  Just rediculous.  Fuck Ars and the horse it rode in on.

 

morbiuswilters

@pauly said:

Ars is about as fucking pretentious as it gets.

What, a site whose name is "technical art" in Latin has pretensions? Get the fuck out.

morbiuswilters

Oh, and:

@pauly said:

I stopped reading when one of their editors did some fluff peice on how she can do all her work on an iPad.

Maybe she can. I mean, apparently all Randi Zuckerberg does in her job is post baby photos to Facebook and write whiny articles about how "women in tech aren't respected" when people ask her if she does anything other than post baby photos to Facebook. I'm pretty sure you can do both of those on an abacus. let alone an iPad.

In fact, I'm pretty sure Randi and Sheryl Sandberg could do their jobs on a desert island totally devoid computers at all, so long as they had a fawning press to produce fluff pieces on "How far they've made it" in the same patronizing manner as Randi Zuckerberg's Timeline fawns over her baby filling up a diaper.

By the way, the fact that Zuckerberg and Sandberg are held up as role models for girls is treasonous. "Hey, by sleeping with and/or being siblings with the right guy, you too can become a worthless fucking parasite who does nothing but whine 'Poor widdle me' in books and on TV!"

dkf

@morbiuswilters said:

I'm pretty sure you can do both of those on an abacus. let alone an iPad.

Maybe if you used an iBacus…

DCRoss

@Snooder said:

@DCRoss said:

And even more importantly, how did I not know that Debian had a web browser called "XXXTerm"?

?? Please elaborate.

 

It's like the time I caught the ferry over to Shelbyville. I needed a new heel for my shoe, so, I decided to go to Morganville, which is what they called Shelbyville in those days. So I tied an onion to my belt, which was the style at the time. Now, to take the ferry cost a nickel, and in those days, nickels had pictures of bumblebees on 'em. Give me five bees for a quarter, you'd say.

Now where were we? Oh yeah: the important thing was I had an onion on my belt, which was the style at the time. They didn't have white onions because of the war. The only thing you could get was those big yellow ones.

 

 

morbiuswilters

@DCRoss said:

@Snooder said:

@DCRoss said:

And even more importantly, how did I not know that Debian had a web browser called "XXXTerm"?

?? Please elaborate.

 

It's like the time I caught the ferry over to Shelbyville.
I needed a new heel for my shoe, so, I decided to go to Morganville, which is what they
called Shelbyville in those days. So I tied an onion to my belt, which was the style at
the time. Now, to take the ferry cost a nickel, and in those days, nickels had pictures
of bumblebees on 'em. Give me five bees for a quarter, you'd say.

Now where were we? Oh yeah: the important thing was I had an onion on my belt, which
was the style at the time. They didn't have white onions because of the war. The only
thing you could get was those big yellow ones.

 

 

<3

Guest

@morbiuswilters said:

@DCRoss said:

@Snooder said:

@DCRoss said:

And even more importantly, how did I not know that Debian had a web browser called "XXXTerm"?

?? Please elaborate.

It's like the time I caught the ferry over to Shelbyville. I needed a new heel for my shoe, so, I decided to go to Morganville, which is what they called Shelbyville in those days. So I tied an onion to my belt, which was the style at the time. Now, to take the ferry cost a nickel, and in those days, nickels had pictures of bumblebees on 'em. Give me five bees for a quarter, you'd say.

Now where were we? Oh yeah: the important thing was I had an onion on my belt, which was the style at the time. They didn't have white onions because of the war. The only thing you could get was those big yellow ones.

 

 

<3

-3

 

Ben L.

@El_Heffe said:

@morbiuswilters said:

@DCRoss said:

@Snooder said:

@DCRoss said:

And even more importantly, how did I not know that Debian had a web browser called "XXXTerm"?

?? Please elaborate.

It's like the time I caught the ferry over to Shelbyville.
I needed a new heel for my shoe, so, I decided to go to Morganville, which is what they
called Shelbyville in those days. So I tied an onion to my belt, which was the style at
the time. Now, to take the ferry cost a nickel, and in those days, nickels had pictures
of bumblebees on 'em. Give me five bees for a quarter, you'd say.

Now where were we? Oh yeah: the important thing was I had an onion on my belt, which
was the style at the time. They didn't have white onions because of the war. The only
thing you could get was those big yellow ones.

 

 

<3

-3

 

≥3

aihtdikh

@Ben L. said:

@El_Heffe said:

@morbiuswilters said:

<3

-3

≥3

i < √-3

random

@aihtdikh said:

@Ben L. said:

@El_Heffe said:

@morbiuswilters said:

<3

-3

≥3

i < √-3

cringe

Please read this and that.

Guest

@aihtdikh said:

@Ben L. said:

@El_Heffe said:

@morbiuswilters said:

<3

-3

≥3

i < √-3

ε

 

aihtdikh

@random said:

@aihtdikh said:

@Ben L. said:

@El_Heffe said:

@morbiuswilters said:

<3

-3

≥3

i < √-3

cringe

Please read this and that.

Ooh I got a cringe! That's nearly as good as the response to a good solid terrible pun.

Am I a real groan-up troll now?





P.S. Hi morbs, welcome back.

P.P.S. random, it was unfair of me to expect sarcasm (tongue-in-cheek-ness?) to show through in 5 characters and no words. I hope I haven't driven you to drink and despair.

At least not to despair.

random

@aihtdikh said:

P.P.S. random, it was unfair of me to expect sarcasm (tongue-in-cheek-ness?) to show through in 5 characters and no words. I hope I haven't driven you to drink and despair.

At least not to despair.

Scotch cured the latter in a matter of seconds.

Guest

@random said:

@aihtdikh said:

@Ben L. said:

@El_Heffe said:

@morbiuswilters said:

<3

-3

≥3

i < √-3

cringe

Please read this and that.

Oh stop being such a square! Are you really that unable to imagine i as being less than the square root of -3? It really isn't that complex.

But I guess a lack of imagination is the norm around here.

 

random

@Zecc said:

Oh stop being such a square! Are you really that unable to imagine i as being less than the principal square root of -3? It really isn't that complex.

But I guess a lack of imagination is the norm around here.

applause
<pedantic_dickweed>FTFY</pedantic_dickweed>

Guest

@random said:

*applause*

Your sarcasm is not lost on me.

random

@Zecc said:

@random said:

applause

Your sarcasm is not lost on me.

So you don't trust random people on the internet? Dammit.

Guest

@aihtdikh said:

@Ben L. said:

@El_Heffe said:

@morbiuswilters said:

<3

-3

≥3

i < √-3

√4  - 2  =  -1.068281969439142e-19

 

 

 

heterodox

@morbiuswilters said:

Dear God, a vulnerability in GnuTLS!? Think of all the MUDs that were probably compromised by this!

 

Well, now there's a critical security vulnerability in OpenSSL (another one that's going to require regenerating server certificates because private keys can be compromised).

So this has been a fun morning for me so far.

bstorer

@heterodox said:

@morbiuswilters said:

Dear God, a vulnerability in GnuTLS!? Think of all the MUDs that were probably compromised by this!

 

Well, now there's a critical security vulnerability in OpenSSL (another one that's going to require regenerating server certificates because private keys can be compromised).

So this has been a fun morning for me so far.

That's why I dropped SSL and started using a sophisticated encryption layer of my own design, ROT-14. Think about it: someone sees the encrypted text and thinks, oh, this must be ROT-13, so they ROT-13 it again. But here's the best part: it's still gibberish! In order to decrypt my ROT-14 messages, you also need my advanced ROT-12 software, which means twice the profits!

Guest

@bstorer said:

That's why I dropped SSL and started using a sophisticated encryption layer of my own design, ROT-14. Think about it: someone sees the encrypted text and thinks, oh, this must be ROT-13, so they ROT-13 it again. But here's the best part: it's still gibberish! In order to decrypt my ROT-14 messages, you also need my advanced ROT-12 software, which means twice the profits!

Ah yes, asymmetric cryptography.

flabdablet

@El_Heffe said:

@aihtdikh said:

@Ben L. said:

@El_Heffe said:

@morbiuswilters said:

<3

-3

≥3

i < √-3

√4  - 2  =  -1.068281969439142e-19

1 + 2 + 3 + 4 + 5 + ... = -1/12

error

@Zecc said:

@bstorer said:

That's why I dropped SSL and started using a sophisticated encryption layer of my own design, ROT-14. Think about it: someone sees the encrypted text and thinks, oh, this must be ROT-13, so they ROT-13 it again. But here's the best part: it's still gibberish! In order to decrypt my ROT-14 messages, you also need my advanced ROT-12 software, which means twice the profits!

Ah yes, asymmetric cryptography.

They could just run your ROT-14 algorithm 13 times.

bstorer

@joe.edwards said:

@Zecc said:

@bstorer said:

That's why I dropped SSL and started using a sophisticated encryption layer of my own design, ROT-14. Think about it: someone sees the encrypted text and thinks, oh, this must be ROT-13, so they ROT-13 it again. But here's the best part: it's still gibberish! In order to decrypt my ROT-14 messages, you also need my advanced ROT-12 software, which means twice the profits!

Ah yes, asymmetric cryptography.

They could just run your ROT-14 algorithm 13 times.

Which is why version 2 of my algorithm will rotate an amount relatively prime to the number of characters.Maximum number of rrotates needed to decode, guaranteed.

morbiuswilters

@heterodox said:

@morbiuswilters said:

Dear God, a vulnerability in GnuTLS!? Think of all the MUDs that were probably compromised by this!

 

Well, now there's a critical security vulnerability in OpenSSL (another one that's going to require regenerating server certificates because private keys can be compromised).

So this has been a fun morning for me so far.

Looks like OpenSSL was a little hasty in jumping to version 1.0.

Ben L.

@morbiuswilters said:

@heterodox said:

@morbiuswilters said:

Dear God, a vulnerability in GnuTLS!? Think of all the MUDs that were probably compromised by this!

 

Well, now there's a critical security vulnerability in OpenSSL (another one that's going to require regenerating server certificates because private keys can be compromised).

So this has been a fun morning for me so far.

Looks like OpenSSL was a little hasty in jumping to version 1.0.

Actually, 1.0.0 is fine. It's just 1.0.1 that has the bug.

morbiuswilters

@Ben L. said:

@morbiuswilters said:

@heterodox said:

@morbiuswilters said:

Dear God, a vulnerability in GnuTLS!? Think of all the MUDs that were probably compromised by this!

 

Well, now there's a critical security vulnerability in OpenSSL (another one that's going to require regenerating server certificates because private keys can be compromised).

So this has been a fun morning for me so far.

Looks like OpenSSL was a little hasty in jumping to version 1.0.

Actually, 1.0.0 is fine. It's just 1.0.1 that has the bug.

"Why yes, Morbius, I don't understand jokes.."

Ben L.

@morbiuswilters said:

@Weng said:

 At this point, I'm assuming all the TLS implementation libraries have elementary programming errors.

Now I feel even more reassured that Go decided to implement their own fucking SSL library.

Go: For when one gaping SSL security hole in your system isn't enough.

Funnily enough, Go's ssl library is just about the only one that HASN'T been compromised.

morbiuswilters

@Ben L. said:

@morbiuswilters said:

@Weng said:

 At this point, I'm assuming all the TLS implementation libraries have elementary programming errors.

Now I feel even more reassured that Go decided to implement their own fucking SSL library.

Go: For when one gaping SSL security hole in your system isn't enough.

Funnily enough, Go's ssl library is just about the only one that HASN'T been compromised.

Yet. Then again, it's the perfect example of security through obscurity: nobody is going to try to break a system that nobody uses. Why, Go is the most secure platform out there right now, assuming no one starts using it!