Spoiler alert: some of the fixes aren’t going to be pleasant.
by Dan Goodin
Last week, when Ars first reported a new hack attack that plucks e-mail addresses and certain types of security credentials out of encrypted pages, we warned the fixes wouldn’t be easy. Sure enough, Web app developers responding to the attack known as BREACH have begun proposing mitigations that are awkward, if not down-right unpleasant.
The most unpalatable recommendation came from the official maintainers of Django, a popular Web framework that’s perhaps second only to Ruby on Rails. In an advisory published Tuesday, they recommend website operators disable data compression in responses sent to end users. The compression, which is often considered crucial to conserve bandwidth and the time it takes browsers to load Web pages, may be turned off either by disabling Django’s GZip middleware or by modifying configuration settings in the underlying Web server application.
“We plan to take steps to address BREACH in Django itself, but in the meantime we recommend that all users of Django understand this vulnerability and take action if appropriate,” the advisory states.
A Ruby on Rails user, meanwhile, is recommending a radically new format for sending security tokens designed to prevent so-called cross site request forgery attacks. Instead of delivering the credential as a 32-byte string, it should be delivered as a 64-byte string. The first 32 bytes are a one-time pad, and the second 32 bytes are encoded using the XOR algorithm between the pad and the “real” token. The recommendation, which was published over the weekend by Bradley Buda, implements a suggested approach for masking secret tokens included in the official BREACH whitepaper.
Short for Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext, BREACH exploits the standard deflate algorithm websites use when sending compressed pages. Attackers who are able to passively monitor the Web traffic and send modified requests on behalf of the victim can glean clues about the plain text included in the encrypted data streams. By making educated guesses, including them in requests sent to the Web server, and comparing the size of the compressed responses, they can extract encrypted secrets in as little as 30 seconds using a few thousand requests. US CERT, which is backed by the US Department of Homeland Security, warned about BREACH on Friday.