[cryptography] ssl/tls splicing attack

Adam Back adam at cypherspace.org
Tue Mar 16 11:43:20 EDT 2010

It seems to me from my sampling of banks with this script that they
mostly have not patched since the splicing flaw was publicly disclosed
last November.

To me that seems negligent - the splicing attack is very serious - a
break in the most widely deployed transport security protocol - and
quite likely could apply to online banking sites in a practical way.
Do they figure they'll just undo transactions people notice and claim
they did not authorize?

There are lots of practical ways to get into the middle to do the splice:

- dns poisoning
- arp poisoning (in a lan environment)
- hostile/fake wifi access point at airport/public space
- tcp session hijacking

Surely all those clever but not-so-ethical people in various countries
who get into renting bot farms, deploying malware to steal bank
account info etc would be actively trying to exploit this once in a
decade "opportunity" - and hence banks ought to have some incentive to
remove the risk (eg by disabling SSL renegotiation).

(run ./checkssl < banks where banks contains lines like:




foreach srv (`cat $1`)
echo -n "$srv "
echo R | openssl s_client -connect $srv | & grep -q "handshake
failure" && echo patched || echo vulnerable

More information about the cryptography mailing list