Was Amazon ever vulnerable to session resumption attacks? How?
Either way: every vulnerability we've found in SSL/TLS (the protocol) makes me more confident in it. Those findings are the product of millions of dollars of attention. Why would we think that any alternative to TLS wouldn't have the same flaws, or worse ones?
Was Amazon ever vulnerable to session resumption attacks?
I have no direct knowledge. I was personally extremely careful to never test any actual sites.
But unless they were running MS IIS or certain brands of SSL offload devices on every accessible host with the cert on it, they were likely willing to conduct client-initiated renegotiation. I know they use client certs for EC2 stuff, that likely involves a server-initiated renegotiation opportunity as well.
Just checked, they still haven't patched for the actual protocol fix, RFC 5746
How?
Frank Heidt came up with an awesome little exploit that isn't affected by anti-CSRF mitigations. Just find one single URL under HTTPS which redirects to HTTP. (E.g., https://www.amazon.com/) Inject a request to that and now you have a plain HTTP request to play with. You could enter an sslstrip scenario, replace the cert with a legitimate cert to a phishing site at a point the user isn't expecting the URL to change. How many users stop browsing after receiving a mixed content warning I wonder?
Other researchers showed you could replace the EV cert with a simple DV cert at that stage and the browser would still show the green bar.
Either way: every vulnerability we've found in SSL/TLS (the protocol) makes me more confident in it. Those findings are the product of millions of dollars of attention. Why would we think that any alternative to TLS wouldn't have the same flaws, or worse ones?
Absolutely. Those who criticize TLS need to understand why it is the way it is and either propose improvements (the IETF [TLS] mailing list is open) or propose a replacement that really does a better job delivering on all the security properties, not just one or two.
> How many users stop browsing after receiving a mixed content warning I wonder?
That's a blog post (and supporting data drop) that I would be interested in reading. Based on my experiences at a former employer the rate of cart abandonment on mixed pages is about 20% greater than on fully valid pages (someone hard coded a logo reference into a template) but the sample was fairly small and I would be curious to know what the difference would be on a broader sampling of sites.
From what I hear, newer browsers are said to be tightening the screws on mixed content and giving increasingly annoying warnings. For example, showing a red slash through the lock icon.
Either way: every vulnerability we've found in SSL/TLS (the protocol) makes me more confident in it. Those findings are the product of millions of dollars of attention. Why would we think that any alternative to TLS wouldn't have the same flaws, or worse ones?