from the stop-using-cricket-is-the-first-solution dept.
Ars is reporting on a very disturbing and downright scary practice by ATT subsidiary Cricket:
Digital rights advocates are doubling down on their criticism of a US-based ISP suspected of performing encryption downgrade attacks that caused customers' e-mail to remain in plaintext as it passed over the Internet.
The attacks, according to researchers, were carried out by AT&T subsidiary Cricket and prevented e-mail from being protected by STARTTLS, a technology that uses the secure sockets layer or transport layer security protocols to encrypt plaintext communications. The attacks worked by removing the STARTTLS flag that causes e-mail to be encrypted as it passes from the sending server to the receiving server....
"It is important that ISPs immediately stop this unauthorized removal of their customers' security measures," wrote Electronic Frontier Foundation staff technologist Jacob Hoffman-Andrews in a blog post published Tuesday. "ISPs act as trusted gateways to the global Internet, and it is a violation of that trust to intercept or modify client traffic, regardless of what protocol their customers are using. It is a double violation when such modification disables security measures their customers use to protect themselves."
(Score: 0) by Anonymous Coward on Saturday November 15 2014, @08:27PM
Use a dedicated encryption product for the e-mail at the source - a PGP variant for example.
A long time ago, I remember seeing an RFC for complete end-to-end encryption of all traffic on the internet. I have not seen it since (maybe it was fake). But the comments on the RFC were mostly of the why bother variety. Too bad... if that had been done prior to the web showing up, we would not have some of the problems we have today. It would be impossible to get such encryption standards in place today - virtually every government on the planet would shut it down before it could be implemented.
(Score: 0) by Anonymous Coward on Saturday November 15 2014, @08:55PM
Defaults you say? [colorado.edu]
(Score: 1, Informative) by Anonymous Coward on Saturday November 15 2014, @09:23PM
> Use a dedicated encryption product for the e-mail at the source - a PGP variant for example.
Not good enough in this case. Without the STARTTLS the username and password are passed to the server in the clear.
Thus anyone snooping, like if you are on an open wifi hotspot, can capture your credentials and send mail as you, raid your IMAP mailbox and use that to log into any other account that uses the same email address simply by telling them you forgot your password and to email you a new one.
(Score: 2) by edIII on Saturday November 15 2014, @10:33PM
Whoa... whoa.. woah.. that's not true for the vast majority of people.
This is a "flag" that is used to initiate encryption between mail servers. The clients have nothing to do with this, unless they are a full native application using STARTTLS in their SMTP communications to send email.
Online web access isn't vulnerable to this exploit since I don't hear anyone going to war with Cricket over degrading HTTPS connections. It's that method of protection giving you privacy between you, the coffee shop, and the mail server. At least I've never heard of implementing the SMTP protocol in javascript. Why? Just use AJAX methods and receive the email as a secure API request before sending it from the server. Web APIs are not subject to SMTP protocol vulnerabilities, mail servers used by the web server do.
This is a SMTP protocol vulnerability, and only a vulnerability because it's an aged piece of shit as a protocol. Depending on platform, you could quite easily demand STARTTLS for all connections. Especially, those connections to mail servers that are white-listed, or trusted through some other trust mechanism. If mail administrators did that, Cricket's unethical actions would have simply resulted in a disruption in email services and not remained unnoticed for as long as it had.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 1, Informative) by Anonymous Coward on Saturday November 15 2014, @10:53PM
You seem confused. This has nothing to do with webmail.
> The clients have nothing to do with this, unless they are a full native application using STARTTLS in their SMTP communications to send email.
Yes, that is precisely the situation here and is the common case for nearly all phone-based mail apps.
(Score: 2) by edIII on Sunday November 16 2014, @08:05PM
I'm not confused at all, I just think we are making different assumptions to start with. The GP was seemingly spreading FUD about Wi-Fi hot spots being able to remove the security of all email period.
I concede your point, it's just that cell phones were not representative of all devices in use in coffee shop type environment. Yes, most do have native applications running your standard SMTP protocols. The cell phone isn't exactly appropriate either as almost every cell phone is using carrier resources for the most part unless a customer attaches to the hotspot. If a customer is using a carrier microcell everything is wrapped up in IPSEC and then sent too, which is just an example of how IPSEC is being used more and more routinely to encapsulate traffic across untrusted routes.
This is why I said "vast majority". I'm out there too, and there are quite a number of people are using tablets or full computers instead of smartphones. I've noticed in particular (unless it's a small form factor cell phone), that people prefer web based email interfaces.
If it seemed unfair for me to remove the cell phones from the argument, you might also want to consider that most people have push technologies enabled so they aren't polling. Google and Microsoft have been aggressive over implementation of push technologies because it's faster and more efficient than polling.
If you look at Microsoft's DirectPush and Google Sync, they seem (I haven't torn it apart so I'm not speaking from authority) to use HTTPS web requests going back and forth and *not* a polling request using SMTP protocols directly. If I'm confused it may be about that.
What's vulnerable is a plain vanilla SMTP protocol connection. That vulnerability does not inherently travel to push technologies as we are still only discussing a failure to set a flag. Push technologies have different protocols, and they may control how encryption is decided differently. I'm not entirely sure that this vulnerability *is* what phone based mail apps in push mode *do*, and well, are you not using push? Why not?
In any case, it honestly did not seem to me that the majority of use cases are affected by this vulnerability.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 2) by edIII on Saturday November 15 2014, @08:57PM
You can't trust anyone anymore.
This is why trust itself is now a logical failure when designing security. Any security platform must now be designed to not require trust to be provided from anything external whatsoever. Trust must be isolated to only the communicating users and no farther. When this is not possible, all communications must be strongly anonymous.
All we can do now is endpoint-to-endpoint encryption and follow a scorched earth policy WRT plaintext connections, as well as extensive testing and verification when we create secure tunnels in the first place. Still leaves us with zero trust in the hardware.
I'm guessing what we need is $5 wrench. Specifically, $5 wrench being brought up sharply and across the faces of AT&T executives. I suggest we create our own Papparazzi and erase their privacy completely. Maybe when they are wholly unable to enjoy their purchased cocaine and hookers without pictures showing up on Twitter, they might calm down a bit and stop acting like sociopaths. Even if it is just to avoid expensive divorce settlements.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 1, Offtopic) by frojack on Saturday November 15 2014, @09:41PM
I disagree that condemnation is mounting. The issue is all but forgotten by now.
Most sites carrying this story have already had it pointed out to them that the problem is people setting up their email client's smtp server settings wrong.
Almost every provider offers secure ssl connections on port 465. (Including cricket).
Yet there are a lot of people that still try to use port 25, and then check the box for STARTTLS, forcing the server to re-negotiate a secure connection while a mail session is already established. Not only is this inefficient, but its a favorite spammer trick.
Just use secure smtp on port 465 like you are supposed to, and stop trying to blame cricket for Cisco's problem [techdirt.com].
No, you are mistaken. I've always had this sig.
(Score: 2, Informative) by Anonymous Coward on Saturday November 15 2014, @10:15PM
Most sites carrying this story have already had it pointed out to them that the problem is people setting up their email client's smtp server settings wrong.
Just use secure smtp on port 465 like you are supposed to
If there is one thing you can count on frojack for, it is to speak with snarky superiority and get it all wrong.
It's like he's got ten years of bad karma and hasn't figured out that he really ought to google up the basic facts before putting on airs.
Port 465 was deprecated for SMTP in 1998 and reassigned more than a few years ago. [iana.org]
(Score: 2) by frojack on Saturday November 15 2014, @11:02PM
Continue your education here:
https://www.fastmail.fm/help/technical/ssltlsstarttls.html [fastmail.fm]
https://developers.google.com/gmail/oauth_overview [google.com]
http://email.about.com/od/accessingyahoomail/f/Yahoo_Mail_SMTP_Settings.htm [about.com]
http://www.att.com/esupport/article.jsp?sid=KB401570&cv=801#fbid=3zLC3LrI490 [att.com]
And check you setting on thunderbird.
Or the settings page for any large mail service.
Nobody is paying any attention to the revision because its already a world wide standard.
And its more secure than STARTTLS because it does not fail silently.
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Saturday November 15 2014, @11:59PM
The fact that lots of sites continue to permit people to literally do it wrong does not make it the "way you are supposed" to do it.
(Score: 2) by egcagrac0 on Sunday November 16 2014, @11:31AM
Email is not and has never been secure.
From that premise, "failing" to an insecure mode is not a failure - it is letting people email.
(Score: 2) by sjames on Saturday November 15 2014, @11:48PM
Why would I blame Cisco? They just sold the firewall, Cricket is the one that configured it to screw with STARTTLS.
BTW, port 25 with STARTTLS followed by AUTH is a perfectly valid way to send email. If anything, the various submission ports are just a hack to get around a dane bramaged ISP that doesn't allow port 25.
(Score: 0) by Anonymous Coward on Sunday November 16 2014, @11:59PM
Maybe I am dain bramaged but I think that should be dain bramaged so I fixed your dain bramage for you :3
(Score: 1) by m2o2r2g2 on Saturday November 15 2014, @10:07PM
IANAL but surely the "interfering with an encryption process" could fall under the overly broad provisions in the DMCA.
I mean your email can count as your IP, so why isn't interfering with it's encryption covered? Let's use content providers laws against them.
(Score: 2) by frojack on Saturday November 15 2014, @10:33PM
surely the "interfering with an encryption process" could fall under the overly broad provisions in the DMCA.
No it can not.
No ISP is required to give you a secure connection just because you ask for one.
No, you are mistaken. I've always had this sig.
(Score: 1) by http on Saturday November 15 2014, @10:53PM
I'm pretty sure my paying for it requires them.
But you're right, it's not DMCA terrain.
I browse at -1 when I have mod points. It's unsettling.
(Score: 2, Insightful) by Entropy on Saturday November 15 2014, @11:43PM
Actually I'm pretty sure I pay for them to deliver my traffic. If someone sent a email to someone and it says "I love you" and they replace it with "I hate you" no one would think this is reasonable. If someone pays for something online and means to send $100 but they make it $1000 instead..Also NOT OK. Why is deleting traffic to my email provider any different? It isn't: It's both modifying communication believed to be private by both parties AND listening to communication by two 3rd parties...Sounds in every way worse than me planting recording devices in various places around their corporation, to me...Except I wouldn't be able to change what they say to eachother.
(Score: 3, Informative) by sjames on Sunday November 16 2014, @12:46AM
They do have an obligation to not interfere with customer's communication. They have no business examining the payload of any packet. They CERTAINLY have no right to modify it.
(Score: 2) by frojack on Sunday November 16 2014, @03:10AM
They aren't modifying anything.
Your client asks for a secure connection but they choose not to return the flag that says you want it, so
your client continues with an insecure connection.
They simply don't honor the STARTTLS command when you connect on an insecure port, like port 25.
Its like visiting a web site using https, only to find they don't support https, so the browser defaults to http, and you feel somehow cheated.
No, you are mistaken. I've always had this sig.
(Score: 2, Informative) by Anonymous Coward on Sunday November 16 2014, @05:56AM
They aren't modifying anything.
Yes they are, actually. Read the TechDirt article linked from the posted article. The client connects to a third-party (i.e. non-AT&T) email host. The host sends back "250-STARTTLS", which indicates that it supports TLS. But AT&T modifies that before it reaches the client and changes it to "250-XXXXXXXA", which is not a valid TLS response. The client therefore assumes the host does not support TLS, even though the host actually tried to say that it did. AT&T is in fact modifying the content of communications between its customers and third-parties that their customers are trying to communicate with.
(Score: 0) by Anonymous Coward on Sunday November 16 2014, @06:34AM
Holy Sh*t ... do you have a traffic capture to prove this?
(Score: 0) by Anonymous Coward on Sunday November 16 2014, @08:26AM
Yes. Usually the way when this type of criminal behavior occurs
(Score: 3, Informative) by sjames on Sunday November 16 2014, @12:18PM
The AC is correct. They ARE altering packets between their customers and 3rd party mail servers.