While I often argue about what constitutes a good password and password checker, some developers don’t get even close to such “advanced” topics.

I’m talking about people that store passwords in plaintext, and then mail them back to you. For a taste, I invite you to visit

Novel attacks on memory

While I usually focus just on TLS issues, there is more to a secure system that correctly selected ciphersuites.

Some problems may not even be fixable with an application update…

In a recent post on Project Zero, Google engineers have showed a way to exploit hardware bug (ability to cause bit flips in adjacent memory cells) to gain root privileges.

POODLE attack

Unfortunately the script I’m using to acquire the statistics isn’t fast, people responsible for the zmap network scanner have performed a quick look at both Alexa Top 1 Million domains as well as the IPv4 address space.

In short, they found 1186 sites (0.02% of Alexa top 1M) to support SSLv3 as the highest TLS version. At the same time, 96.9% support SSLv3. If we take a look on all of IPv4 address space, the percentage rises to 0.8% and 98.1% respectively.

Head over to their article for details.

Cloudflare SSL

In a recent blog post CloudFlare announced that they will deploy Universal SSL. What it means, in short, is that even the free tier of their clients will receive redirect to TLS servers configured with ECDSA certificates if the CDN detects a modern browser.

You can expect next month’s results to feature more TLS servers.

Cleanup of 1024-bit CA certificates

Mozilla is working towards removal of all 1024 bit CA certificates in their trust store. That means that if you depend on root CA or intermediate CA that has those weak RSA keys, your website or server may stop working in near future.

The first batch of changes will affect Firefox 32 users and Fedora 20 (after updating to ca-certificates-2014.2.1-1.0.fc20).

Go to for more information, how to tell if you’ll be affected (without using Qualys SSL Labs scanner) and what to do if you are.

RC4 in clients

While I’m checking which and how many servers use RC4 cipher suites I haven’t said anything about clients in general. The reason is two fold, firstly because basically all current clients should be supporting at least 3DES and usually AES ciphers and secondly because I don’t have access to any meaningfully large data set (or a site popular enough to make the statistics meaningful) to say anything about clients in general.

Interestingly, people at CloudFlare not only have analyzed their data but also provided quite a few nice graphs to go along it.

The gist of the article is that about 0.000002% (1 in 50 million) of requests ends up using RC4 ciphers. Of that about 50% are MitM proxies used by schools or institutions and 30% are old candy bar phones (from 2006 and 2007).

Head over to The Web is World-Wide, or who still needs RC4? for more info.

Forged TLS certificates are used in the wild

New Facebook study revealed that 0.2% of TLS connections were tampered with. While many of the forged certificates were created either by corporate SSL man in the middle proxies or antivirus software, few hundred connections were tapped into by attackers.

What’s worrisome, is that Facebook is a high profile site, for many people also an authenticator for other services on the web. And yet 3.4% of those tampered connections would have given certificate errors even in case of where the browser trusted the fraudulent CA. Most other connections probably also triggered certificate warnings. That means that significant number of people ignore certificate warning even for very important sites.

This clearly shows that there is high need for extensions like HTTP Strict Transport Security (HSTS), Trust Assertions for Certificate Keys (TACK), DNSSEC based certificate pinning or extensions like Perspectives for Firefox which make sure that users can’t ignore certificate warnings in cases where they really are under a man in the middle attack.

Opportunistic encryption in SMTP is here (mostly)

Facebook published their outgoing SMTP stats on 13th of May. The situation is much better than what we previously thought.

Few high points:

  • 76% of hosts that Facebook contacted to send email support STARTTLS and correctly negotiated secure connection
  • 56% of outgoing email gets encrypted using TLS
  • out of encrypted email, over 98% used Perfect Forward Secrecy

The bad:

  • only 25% of domains have matching, trusted and still valid certificates
  • this falls down to 6.6% for unique MX hosts
  • and includes 59.6% of all mail
  • nearly 50% of email was transferred using the possibly passively-crackable RC4 cipher
  • the same issue affects close to 20% of domains

In summary, it looks like we are on very good road for strict certificate checking using DANE in SMTP.