

SSL CRL activity - lucb1e
https://isc.sans.edu/crls.html

======
DasIch
This is an impressive spike relatively speaking but I'm assuming the number of
servers affected by Heartbleed is several orders of magnitude higher. Is this
just an inaccuracy in the data or is this prove of TLS having effectively
turned into plaintext?

~~~
lucb1e
> is this prove [sic] of TLS having effectively turned into plaintext?

Be reasonable. It's always fun to shout out that $popular_technology is now
entirely broken, though usually the shouters have a working alternative, but
that's not the case.

\- Around 17% of the web servers seem to have been vulnerable.

\- Key extraction on cloudflarechallenge.com took days to develop and execute.

\- The number of requests needed for this is noticeable, too much so for
intelligence agencies. They may take a week or two and run at 2 requests per
second, assuming the attack still works at that speed, but it's a risky
business. A vulnerability of this magnitude makes a great weapon in digital
warfare and should not leak.

\- You still need to MITM your targets if you obtained private keys.

In the end I think the number of sites where all of this happened is very,
very low. TLS is still perfectly fine.

~~~
pdkl95
> You still need to MITM your targets if you obtained private keys.

The idea that MitM attacks are "rare" is such b.s. thinking ("Before
Snowden"). We known about widespread MitM attacks against big targets (Google,
Facebook, and the TOR network at a minimum), and those same techniques can be
reused elsewhere.

Given how often it has shown up in the revelations of the last year, I would
suggest this may be a fairly _common_ method of attack.

[http://articles.latimes.com/2014/mar/12/business/la-fi-tn-
ns...](http://articles.latimes.com/2014/mar/12/business/la-fi-tn-nsa-posing-
facebook-malware-20140312)

[https://www.schneier.com/blog/archives/2013/09/new_nsa_leak_...](https://www.schneier.com/blog/archives/2013/09/new_nsa_leak_sh.html)

[https://www.schneier.com/blog/archives/2013/10/how_the_nsa_a...](https://www.schneier.com/blog/archives/2013/10/how_the_nsa_att.html)

[http://en.wikipedia.org/wiki/Tailored_Access_Operations#QUAN...](http://en.wikipedia.org/wiki/Tailored_Access_Operations#QUANTUM_attacks)

~~~
lucb1e
I don't think it's bullshit (and you can write that word instead of
abbreviating it, it's what you mean to say anyway). MITM might be common in
absolute numbers, but it's often not practical for attackers that are not some
sort of authority, like, a government.

~~~
pdkl95
no offense intended, it was just an unsuccessful attempt at a joke

/b.s. == before snowden //kind of a hit-or-miss joke, unfortunately

~~~
lucb1e
Oh I'm sorry, I get it now :)

