SN 823: TLS Confusion Attacks

Beep boop - this is a robot. A new show has been posted to TWiT…

What are your thoughts about today’s show? We’d love to hear from you!

I was listening closely to Steve’s tale of the “WHEA_uncorrectable_error” for his solution. I have a Dell Inspiron 5680 that started randomly crashing with BSOD. It won’t happen for days, then it’s back-to-back BSOD for an hour.

I backed everything off of it I needed, and reinstalled Windows 10. Problem persisted. Booted off of USB Linux (Ubuntu) thumb drive and even that would crash. So, it’s hardware. System doesn’t have a Thunderbolt port (like Steve used), but I’m not certain it’s the M.2 drive as it crashed from USB drive.

Sounds like your hardware is probably overheating. That’s about the only intermittent hardware error that causes crashes and comes and goes.

Steve was complaining about the lack of a tool from Intel to check for updates. I have the Intel Driver & Support Assistant installed on my PC. It downloads a little checker, that runs in the background and when new patches are released, it informs me and opens the relevant download page listing the updates and will then automatically download and install them:

Heat or a dry joint, or a part of some chip, somewhere that only gets used under specific circumstances.

I had a laptop with some dodgy memory. It would run stable for long periods of time, but if I loaded the wrong program or too many and that dodgy memory chip was called into service, it would just freeze.

Steve said, that it is good that Microsoft got out of the web browser engine market, because of the zero days / short lead times for malware using Google’s patches to V8.

Isn’t that all the more reason not to use V8? Isn’t having a diverse ecosystem better? If one browser engine is affected, you can switch to another, until the problem is solved?

I use Firefox, Edge and Brave, which used to be 3 different engines. Firefox used to be my main browser and I’d use the other two for odd things, or Edge at work for managing our M365 instance.

If Firefox had a zero-day, I’d just switch to using Brave or Edge for a few days, until Firefox was patched and vice versa. If Blink was attacked, I’d switch to Edge or Firefox, now that Edge also uses Blink, that only leaves Firefox as an alternative, until all Chromium based browsers have been patched (obviously, Apple users also have Safari in the mix, which still has its own engine - which broke IndexedDB NoSQL API connections in the 14.6 release of iOS and the corresponding release on macOS).

Obviously, if you don’t keep up with security issues, you probably won’t even know that using Chromium based browsers is unsafe at the time, or Firefox, or Safari. But with a mono culture, if Chromium is affected by a bug, until it is fixed, nobody should use a web browser, anywhere… That isn’t realistic, and the majority will carry on blissfully unaware of the danger they could be in anyway.

In the TLS Confusion segment the example of a wildcard cert for multiple services was given. So if you had an individual cert for each service would this protect from the attack?

1 Like

Yes, one presumes it would stop the ability of the attacker to redirect a user’s login between services successfully.

I presume you could also change the server configuration to require the host name and/or correct port number in the URL, but that might have protocol impacts as not every client would necessarily include it. (Thinking mail clients, for example.) If you send www.foo.not:80 when you should have sent mail.foo.not:25 one presumes it should be possible to have the server reject the confusion on initial connection.

Are you referring to ALPN in the mail example? So then ALPN would have to be configured on both client and server? That would be tough with a remote workforce.

I wonder if having multiple protocols enabled on an Exchange server would be an issue. Like the default, MAPI over HTTP and POP3 or IMAP.

Anyone know which Thunderbolt to NVME adapter/enclosure Steve used?

I found this: Sabrent Thunderbolt 3 to M.2 NVMe SSD Tool-Free Enclosure (EC-T3NS) | EC-T3NS

“Sabrent Thunderbolt 3 to Dual NVMe M.2 SSD Tool-Free Enclosure (EC-T3DN)”

From his newsgroup post:
https://www.grc.com/x/news.exe?cmd=article&group=grc.spinrite.dev&item=32812&utag=

1 Like

Great show, the insights into third party and first part tracking as well as the obvious pay to play slap on the wrist to tic-tok was well thought out.

As to new sci-fi books to read, Jack McDevitt’s Priscilla “Hutch” Hutchins Academy series or his Alex Benedict series are also quite good.

And I can’t say enough good things about John Scalzi. I think you guys (and sig. others) would especially like his Redshirts novella. His Old Man War series is a great rethink on how we might fight a future space war and its effects on society.

I’ve only recently found your podcast, so apologies if you’ve already discussed these two authors.

Best,
Kim

1 Like