Nine out of ten of the Internet’s top 200,000 HTTPS-enabled websites are vulnerable to known types of SSL (Secure Sockets Layer) attack, a new report said.
The report, based on data from a Trustworthy Internet Movement (TIM) project called SSL Pulse, used automated scanning technology developed by security vendor Qualys, to analyze the strength of HTTPS implementations on websites listed in the top 1 million published by Web analytics firm Alexa. TIM is a nonprofit organization dedicated to solving Internet security, privacy and reliability problems.
SSL Pulse checks what protocols get support by HTTPS-enabled websites (SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1, etc.), the key length used for securing communications (512 bits, 1024 bits, 2048 bits, etc.) and the strength of the supported ciphers (256 bits, 128 bits or lower).
An algorithm interprets the scan results and assigns a score between 0 and 100 to each HTTPS configuration. The score then translates into a grade, with A being the highest (over 80 points).
Half of the almost 200,000 websites in Alexa’s top 1 million that support HTTPS received an A for the quality of their configurations. This means they use a combination of modern protocols, strong ciphers and long keys.
Despite this, only 10% of the scanned websites were truly secure. Seventy-five percent — around 148,000 — were vulnerable to an attack known as BEAST, which can decrypt authentication tokens and cookies from HTTPS requests.
Security researchers Juliano Rizzo and Thai Duong demonstrated a BEAST attack at the ekoparty security conference in Buenos Aires, Argentina, in September 2011. It is a practical implementation of an older theoretical attack and affects SSL/TLS block ciphers, like AES or Triple-DES.
The attack was in version 1.1 of the Transport Layer Security (TLS) protocol, but quite a few servers continue to support older and vulnerable protocols, like SSL 3.0, for backward compatibility reasons. Such servers are vulnerable to SSL downgrade attacks in which they can trick to use vulnerable versions of SSL/TLS even when the targeted clients support secure versions.
The easiest way to mitigate the BEAST attack on the server side is to prioritize the RC4 cipher for HTTPS connections, said Ivan Ristic, director of engineering at Qualys. RC4 is a stream cipher and is not vulnerable to this attack.
In addition to supporting multiple protocols, HTTPS-enabled servers also support multiple ciphers in order to ensure compatibility with a variety of clients. A special setting can go on the server to specify the proper order for the ciphers and to prioritize RC4.
“I believe that most administrators are not aware of the need to perform this task,” Ristic said.
New browsers now build in protections against the BEAST attack. However, there are people, especially in business environments, who use old browsers like Internet Explorer 6, which are still vulnerable, Ristic said.
SSL Pulse scans also revealed over 13% of the 200,000 HTTPS-enabled websites support the insecure renegotiation of SSL connections. This can lead to man-in-the-middle attacks that compromise SSL-protected communications between users and the vulnerable servers.
“For your average Web site — which will not have anything of substantial value — the risk is probably very small,” Ristic said. “However, for sites that either have a very large number of users that can be exploited in some way, or high-value sites (e.g., financial institutions), the risks are potentially very big.”
Fixing the insecure renegotiation vulnerability is fairly easy and only requires applying a patch, Ristic said.
TIM plans to perform new SSL Pulse scans and to update the statistics on a monthly basis in order to track what progress websites are making with their SSL implementations.