Meet “Great Cannon,” the man-in-the-middle weapon China used on GitHub

Powerful weapon could easily be used to inject malware attacks into traffic.

Read the whole story

 

[Solomonoff's Secret]

The researchers said the Great Cannon could largely be neutralized if websites sent all of their pages over encrypted HTTPS connections.

It's past time for HTTPS and DNSSEC everywhere.

 

[willyu34]

Breaking News: NSA is not the only entity who knows and have the capability to attack others through Internet and/or track all information flowing through!

Breaking News: NSA/FBI/United State old geezers, i mean, congress and senate, believes we should weaken encryption everywhere because if we don't, the "terrorists wins"!

Conservative Editorial: We see nothing wrong going with the recommendations from NSA/FBI/Old geezers because we have a complete understanding of how this series of tubes works. What could possibly go wrong?

Internet Collective and Security researchers: *Facepalm*

 

[puppies]

Solomonoff's Secret[/url]":wl0ubgnx]

The researchers said the Great Cannon could largely be neutralized if websites sent all of their pages over encrypted HTTPS connections.

It's past time for HTTPS and DNSSEC everywhere.

I often wonder why this is not the case. Being less savvy than the average Ars reader I poked around online for an answer. Found this article from a few years back. Seems pertinent to the discussion.

http://meincmagazine.com/business/2011/03/https-is-more-secure-so-why-isnt-the-web-using-it/

 

[lewax00]

Websites that offer HTTPS protections frequently mix unencrypted traffic from third-party sites into their encrypted traffic.

Frankly, I don't get why advertisers aren't offering HTTPS services, since they seem to be the main culprit in this mixing of HTTP and HTTPS.

 

[Deleted member 192806]

lewax00[/url]":ai6dncxd]

Websites that offer HTTPS protections frequently mix unencrypted traffic from third-party sites into their encrypted traffic.

Frankly, I don't get why advertisers aren't offering HTTPS services, since they seem to be the main culprit in this mixing of HTTP and HTTPS.

*looks at Ars.*

 

[Isahaya]

psd[/url]":1z3yxmlv]

Solomonoff's Secret[/url]":1z3yxmlv]

The researchers said the Great Cannon could largely be neutralized if websites sent all of their pages over encrypted HTTPS connections.

It's past time for HTTPS and DNSSEC everywhere.

That will have its own set of problems. The ability to remove bad actors from the network is the more robust solution. This may mean a combination of technical and legal "frameworks" that apply internationally.

This is China. It is impossible to remove the bad actor in this case. And no amount of technical and legal wrangling will get around it.

So the best solution is to assume they will try to break the rules and end-to-end encrypt everything.

 

[tigas]

So this "Great Cannon" is the state equivalent of IMMA CHARGIN MAH LAZER???

 

[Meailda]

psd[/url]":33nzn5y4]

Solomonoff's Secret[/url]":33nzn5y4]

The researchers said the Great Cannon could largely be neutralized if websites sent all of their pages over encrypted HTTPS connections.

It's past time for HTTPS and DNSSEC everywhere.

That will have its own set of problems. The ability to remove bad actors from the network is the more robust solution. This may mean a combination of technical and legal "frameworks" that apply internationally.

Believe me, if it is something important, the government has the ability to break https and other similar encryption methods. I see no reason to believe this is not the case with China and other state level actors. The only thing that default SSL would do would be to make it harder to manipulate normal traffic. It's a good thing if the nuclear option is not easy. It means that normal people will be left alone, and the Titans can fight it out amongst themselves with less collateral damage.

 

[puppies]

Isahaya[/url]":iaes1lfe]

psd[/url]":iaes1lfe]

Solomonoff's Secret[/url]":iaes1lfe]

The researchers said the Great Cannon could largely be neutralized if websites sent all of their pages over encrypted HTTPS connections.

It's past time for HTTPS and DNSSEC everywhere.

That will have its own set of problems. The ability to remove bad actors from the network is the more robust solution. This may mean a combination of technical and legal "frameworks" that apply internationally.

This is China. It is impossible to remove the bad actor in this case. And no amount of technical and legal wrangling will get around it.

So the best solution is to assume they will try to break the rules and end-to-end encrypt everything.

I think the average person does not realize how bat-shit crazy the Chinese government is. I mean remember when they tried to mandate how the dalai lama should reincarnate? A "technical and legal" framework would mean very little.

 

[theoilman]

Meailda[/url]":96yv6l2t]

psd[/url]":96yv6l2t]

Solomonoff's Secret[/url]":96yv6l2t]

The researchers said the Great Cannon could largely be neutralized if websites sent all of their pages over encrypted HTTPS connections.

It's past time for HTTPS and DNSSEC everywhere.

That will have its own set of problems. The ability to remove bad actors from the network is the more robust solution. This may mean a combination of technical and legal "frameworks" that apply internationally.

Believe me, if it is something important, the government has the ability to break https and other similar encryption methods. I see no reason to believe this is not the case with China and other state level actors. The only thing that default SSL would do would be to make it harder to manipulate normal traffic. It's a good thing if the nuclear option is not easy. It means that normal people will be left alone, and the Titans can fight it out amongst themselves with less collateral damage.

Sometimes simply increasing the cost in time, effort, or money is just as effective as making something unbreakable.

 

[the relation that relates to itself]

puppies[/url]":2qxzbw91]

Isahaya[/url]":2qxzbw91]

psd[/url]":2qxzbw91]

Solomonoff's Secret[/url]":2qxzbw91]

The researchers said the Great Cannon could largely be neutralized if websites sent all of their pages over encrypted HTTPS connections.

It's past time for HTTPS and DNSSEC everywhere.

That will have its own set of problems. The ability to remove bad actors from the network is the more robust solution. This may mean a combination of technical and legal "frameworks" that apply internationally.

This is China. It is impossible to remove the bad actor in this case. And no amount of technical and legal wrangling will get around it.

So the best solution is to assume they will try to break the rules and end-to-end encrypt everything.

I think the average person does not realize how bat-shit crazy the Chinese government is. I mean remember when they tried to mandate how the dalai lama should reincarnate? A "technical and legal" framework would mean very little.

Crazy like a fox.

 

[robertchin]

Certificate pinning should at least solve government sponsored man in the middle type attacks, correct?

 

[nafhan]

theoilman[/url]":2ke3dxwf]

Meailda[/url]":2ke3dxwf]

psd[/url]":2ke3dxwf]

Solomonoff's Secret[/url]":2ke3dxwf]

The researchers said the Great Cannon could largely be neutralized if websites sent all of their pages over encrypted HTTPS connections.

It's past time for HTTPS and DNSSEC everywhere.

That will have its own set of problems. The ability to remove bad actors from the network is the more robust solution. This may mean a combination of technical and legal "frameworks" that apply internationally.

Believe me, if it is something important, the government has the ability to break https and other similar encryption methods. I see no reason to believe this is not the case with China and other state level actors. The only thing that default SSL would do would be to make it harder to manipulate normal traffic. It's a good thing if the nuclear option is not easy. It means that normal people will be left alone, and the Titans can fight it out amongst themselves with less collateral damage.

Sometimes simply increasing the cost in time, effort, or money is just as effective as making something unbreakable.

Exactly! Encryption DOES NOT NEED TO BE unbreakable to be worthwhile. It just needs to be a major PITA to break.

Good encryption does not prevent targeted dedicated surveillance of a single person (they can dedicate lots of resources to breaking that person's encryption if it's deemed worthwhile). It could, however, prevent the dragnet type surveillance the NSA and many other governments do because the NSA, et al, cannot dedicate lots of resources to everyone.

 

[wvmikep]

Now if there was something you could put in your website's code to "plug" the cannon, so to speak, and turn it on itself.

 

[Ars Technica Comments]

theoilman[/url]":1j5p0iql]

Meailda[/url]":1j5p0iql]

psd[/url]":1j5p0iql]

Solomonoff's Secret[/url]":1j5p0iql]

The researchers said the Great Cannon could largely be neutralized if websites sent all of their pages over encrypted HTTPS connections.

It's past time for HTTPS and DNSSEC everywhere.

That will have its own set of problems. The ability to remove bad actors from the network is the more robust solution. This may mean a combination of technical and legal "frameworks" that apply internationally.

Believe me, if it is something important, the government has the ability to break https and other similar encryption methods. I see no reason to believe this is not the case with China and other state level actors. The only thing that default SSL would do would be to make it harder to manipulate normal traffic. It's a good thing if the nuclear option is not easy. It means that normal people will be left alone, and the Titans can fight it out amongst themselves with less collateral damage.

Sometimes simply increasing the cost in time, effort, or money is just as effective as making something unbreakable.

For regular actors, yes. For state actors, you can almost treat the time and expense involved in countering the security to be infinite. Still no reason to not implement good security for the general case.

TLS is great for regular actors. China would definitely be able to obtain Baidu's encryption certificate, so you can almost treat anything from China as being malicious, encrypted or not. Can the US government obtain US-corporation-based encryption certificates. I'd say yes, but it's probably more problematic for them than for or the Chinese government doing the same with Chinese corporations... We need to somehow come up with a more secure certificate technology. One that is extremely tamper-proof. We also need browsers that will allow end users to not accept traffic from other countries, such as China. Whenever a webpage you're viewing pulls an ad from a server in China, for instance, you are incurring risk, and we don't want this risk!

The article should have made the point that the injected javascript is externally malicious. It launches an external DOS attack. It's not malicious to the end-user, assuming there are no existing javascript vulnerabilities. I wouldn't want the government of China to be executing javascript in my browser, but the article should still inform users that, at this point, the attack does not appear to be malicious to the end users.

 

[lewax00]

theoilman[/url]"1899c0t]

Meailda[/url]"1899c0t]

psd[/url]"1899c0t]

Solomonoff's Secret[/url]"1899c0t]

The researchers said the Great Cannon could largely be neutralized if websites sent all of their pages over encrypted HTTPS connections.

It's past time for HTTPS and DNSSEC everywhere.

That will have its own set of problems. The ability to remove bad actors from the network is the more robust solution. This may mean a combination of technical and legal "frameworks" that apply internationally.

Believe me, if it is something important, the government has the ability to break https and other similar encryption methods. I see no reason to believe this is not the case with China and other state level actors. The only thing that default SSL would do would be to make it harder to manipulate normal traffic. It's a good thing if the nuclear option is not easy. It means that normal people will be left alone, and the Titans can fight it out amongst themselves with less collateral damage.

Sometimes simply increasing the cost in time, effort, or money is just as effective as making something unbreakable.

Just sometimes? That's the entire underpinning of modern encryption. As far as I'm aware, there is only one truly unbreakable encryption (one-time pad, assuming the key is unobtainable by a third party) but that is far too impractical to implement in any usable way, so what we're left with are methods that are just too hard to break in reasonable time. I mean, cracking AES is easy in theory: all you do is try every possible key, but in practice that just takes a very long time, and since difficulty increases exponentially with key length, it's hard to reduce that in any meaningful way by just throwing more resources at it.

Basically, most computer security has never been about making things impenetrable, just too difficult to be feasible.

 

[sigmasirrus]

nafhan[/url]":2k96t1xv]

theoilman[/url]":2k96t1xv]

Meailda[/url]":2k96t1xv]

psd[/url]":2k96t1xv]

Solomonoff's Secret[/url]":2k96t1xv]

The researchers said the Great Cannon could largely be neutralized if websites sent all of their pages over encrypted HTTPS connections.

It's past time for HTTPS and DNSSEC everywhere.

That will have its own set of problems. The ability to remove bad actors from the network is the more robust solution. This may mean a combination of technical and legal "frameworks" that apply internationally.

Believe me, if it is something important, the government has the ability to break https and other similar encryption methods. I see no reason to believe this is not the case with China and other state level actors. The only thing that default SSL would do would be to make it harder to manipulate normal traffic. It's a good thing if the nuclear option is not easy. It means that normal people will be left alone, and the Titans can fight it out amongst themselves with less collateral damage.

Sometimes simply increasing the cost in time, effort, or money is just as effective as making something unbreakable.

Exactly! Encryption DOES NOT NEED TO BE unbreakable to be worthwhile. It just needs to be a major PITA to break.

Good encryption does not prevent targeted dedicated surveillance of a single person (they can dedicate lots of resources to breaking that person's encryption if it's deemed worthwhile). It could, however, prevent the dragnet type surveillance the NSA and many other governments do because the NSA, et al, cannot dedicate lots of resources to everyone.

In this case I wonder if the new opportunistic encryption that Firefox was trying to build into its browser would have helped?

 

[strohminator]

Isahaya[/url]":2alcihy7]

psd[/url]":2alcihy7]

Solomonoff's Secret[/url]":2alcihy7]

The researchers said the Great Cannon could largely be neutralized if websites sent all of their pages over encrypted HTTPS connections.

It's past time for HTTPS and DNSSEC everywhere.

That will have its own set of problems. The ability to remove bad actors from the network is the more robust solution. This may mean a combination of technical and legal "frameworks" that apply internationally.

This is China. It is impossible to remove the bad actor in this case. And no amount of technical and legal wrangling will get around it.

So the best solution is to assume they will try to break the rules and end-to-end encrypt everything.

Not impossible. It would be drastic, but the free world could effectively sever China from the Internet.

 

[Deleted member 441963]

Meailda[/url]":3enshr4b]
Believe me, if it is something important, the government has the ability to break https and other similar encryption methods.

No. As things stand at this moment in time there's not enough silicon in the universe to build enough CPU's to crack AES-128 before the end of times. And since every new browser session means a new key, requiring another 2^128 attempts..

 

[lewax00]

burne_[/url]":1481vtk2]

Meailda[/url]":1481vtk2]
Believe me, if it is something important, the government has the ability to break https and other similar encryption methods.

No. As things stand at this moment in time there's not enough silicon in the universe to build enough CPU's to crack AES-128 before the end of times. And since every new browser session means a new key, requiring another 2^128 attempts..

Assuming brute forcing that is. It's possible they've found some other vulnerability (though I don't think it's all the likely).

 

[drfisheye]

Websites that offer HTTPS protections frequently mix unencrypted traffic from third-party sites into their encrypted traffic.

That's not true anymore, since modern browsers block mixed content.

However, sites do frequently mix HTTPS content from different sources and the user only sees the certificate of the site, not of the mixed in sources. China only needs to gain control of one of these sources to inject a payload. HTTPS doesn't mean it's all safe.

 

[Deleted member 441963]

lewax00[/url]":1k7qv3mr]

burne_[/url]":1k7qv3mr]

Meailda[/url]":1k7qv3mr]
Believe me, if it is something important, the government has the ability to break https and other similar encryption methods.

No. As things stand at this moment in time there's not enough silicon in the universe to build enough CPU's to crack AES-128 before the end of times. And since every new browser session means a new key, requiring another 2^128 attempts..

Assuming brute forcing that is. It's possible they've found some other vulnerability (though I don't think it's all the likely).

14 years of intense research has brought us a MITM attack which requires at best 2^126.1 steps. If you want to decode recorder traffic this won't help you, because your not in the middle. If you were, the wait until the universe ends in proton-decay might be noticed by the people you're trying to overhear.

 

[John Savard]

Given that this article is about a weapon used to mount man-in-the-middle attacks, encrypting everything is not enough. You have to verify that all the certificates are valid. Good luck with that.

And if it is the Chinese government that is at fault here, then of course it has the muscle to get the real keys of any Chinese web sites anyways.

So we need to have computers that can't be told by JavaScript code to load other web pages - which, of course, is a pretty basic function of automated web sites, not considered a security flaw in itself.

Maybe preventing pages from being loaded without being displayed is a feasible solution, but sometimes legitimate automated content will read a text web page to get data. So it seems as though a major redefinition of the security responsibilities of browsers are needed - they'll have to analyze the behavior of scripts in your web pages on the fly, looking for suspicious activity, if we want to stop this sort of thing.

 

[d4Njv]

Solomonoff's Secret[/url]":1e3tyt4h]

The researchers said the Great Cannon could largely be neutralized if websites sent all of their pages over encrypted HTTPS connections.

It's past time for HTTPS and DNSSEC everywhere.

This gives the best possible counterargument against the FBI's foolish advocacy for weakening encryption. Weakening encryption jeopardises national security!

 

[theoilman]

d4Njv[/url]":2c5hd7cs]

Solomonoff's Secret[/url]":2c5hd7cs]

The researchers said the Great Cannon could largely be neutralized if websites sent all of their pages over encrypted HTTPS connections.

It's past time for HTTPS and DNSSEC everywhere.

This gives the best possible counterargument against the FBI's foolish advocacy for weakening encryption. Weakening encryption jeopardises national security!

It would hurt the ability of the US to launch similar ddos attacks. National security had nothing to do with security of the nation, it's about military power and scope.

 

[toyotabedzrock]

Shouldn't it be possible to see that since this attack is based on a js that it is being referred by unrelated web pages and filter for this? Or better yet they should send back a redirect to a tiananmen square info page, that would make them stop.

 

[Meailda]

theoilman[/url]":2dpq7qvo]

Meailda[/url]":2dpq7qvo]

psd[/url]":2dpq7qvo]

Solomonoff's Secret[/url]":2dpq7qvo]

The researchers said the Great Cannon could largely be neutralized if websites sent all of their pages over encrypted HTTPS connections.

It's past time for HTTPS and DNSSEC everywhere.

That will have its own set of problems. The ability to remove bad actors from the network is the more robust solution. This may mean a combination of technical and legal "frameworks" that apply internationally.

Believe me, if it is something important, the government has the ability to break https and other similar encryption methods. I see no reason to believe this is not the case with China and other state level actors. The only thing that default SSL would do would be to make it harder to manipulate normal traffic. It's a good thing if the nuclear option is not easy. It means that normal people will be left alone, and the Titans can fight it out amongst themselves with less collateral damage.

Sometimes simply increasing the cost in time, effort, or money is just as effective as making something unbreakable.

You say the same thing I did in response to my post and you get +s and I get -s. Lol. I will never understand how people vote on this site. Is there an option for ignoring the ups and downs?

 

[Meailda]

burne_[/url]":385jltvd]

Meailda[/url]":385jltvd]
Believe me, if it is something important, the government has the ability to break https and other similar encryption methods.

No. As things stand at this moment in time there's not enough silicon in the universe to build enough CPU's to crack AES-128 before the end of times. And since every new browser session means a new key, requiring another 2^128 attempts..

Have you even been reading the TLS vulnerability article that have been coming out once a month lately?

 

[maulkye]

Would running a third party ad tracking blocker (such as Ghostery) stop this injection from being triggered?

 

[Bengie25]

burne_[/url]":89vs7bzp]

lewax00[/url]":89vs7bzp]

burne_[/url]":89vs7bzp]

Meailda[/url]":89vs7bzp]
Believe me, if it is something important, the government has the ability to break https and other similar encryption methods.

No. As things stand at this moment in time there's not enough silicon in the universe to build enough CPU's to crack AES-128 before the end of times. And since every new browser session means a new key, requiring another 2^128 attempts..

Assuming brute forcing that is. It's possible they've found some other vulnerability (though I don't think it's all the likely).

14 years of intense research has brought us a MITM attack which requires at best 2^126.1 steps. If you want to decode recorder traffic this won't help you, because your not in the middle. If you were the wait until the universe ends in proton-decay might be noticed by the people you're trying to overhear.

But the attack that reduces it to 2^126.1 operations requires petabytes of storage, and the plaintext and encrypted versions in order to weaken the key.

While they were able to reduce the number of operations nearly 4x, they increased the amount of time each operation takes by 100x or more. Theory != practice

With a brute force attack, the 2^128 ops can all be done in memory, and mostly in L1 cache. For the 2^126.1 op attack, they need to do a lot of lookups to the petabytes of storage. Even if it was in memory, that's still much slower than L1 cache. It also ignores the whole issue of collecting petabytes of samples for the exact same key. If the key changes before getting all of those samples, your current samples are nearly worthless.

 

[usmanismail]

....while the Great Firewall is an "on-path" system that sits off to the side"

Shouldn't that be off-path? Although the great firewall also blocks traffic so I am not sure if it is considered off-path.

 

[usmanismail]

Solomonoff's Secret[/url]":1bhggd5x]

The researchers said the Great Cannon could largely be neutralized if websites sent all of their pages over encrypted HTTPS connections.

It's past time for HTTPS and DNSSEC everywhere.

The great firewall of china blocks a lot of Https connections outright so in this case it may not really be a solution. We have servers in Aliyun and have a tough time getting any sort of https traffic to them from our clients reliably.

 

[lewax00]

burne_[/url]":3mg9ftsx]

lewax00[/url]":3mg9ftsx]

burne_[/url]":3mg9ftsx]

Meailda[/url]":3mg9ftsx]
Believe me, if it is something important, the government has the ability to break https and other similar encryption methods.

No. As things stand at this moment in time there's not enough silicon in the universe to build enough CPU's to crack AES-128 before the end of times. And since every new browser session means a new key, requiring another 2^128 attempts..

Assuming brute forcing that is. It's possible they've found some other vulnerability (though I don't think it's all the likely).

14 years of intense research has brought us a MITM attack which requires at best 2^126.1 steps. If you want to decode recorder traffic this won't help you, because your not in the middle. If you were the wait until the universe ends in proton-decay might be noticed by the people you're trying to overhear.

The NSA and other TLAs probably do their own research as well, and might not disclose things they find. Just because a faster attack isn't known doesn't mean it doesn't exist (there's a phrase that comes to mind: "absence of evidence is not evidence of absence"), unless there's a mathematical proof stating otherwise (i.e. the evidence of absence). There are also potentially flaws in the actual implementation of the algorithm, key exchange, etc. that could render all that useless as well.

EDIT: My point being, key length is not a guarantee of security unless you can prove the algorithm is perfect.

 

[drfisheye]

John Savard[/url]":36vtaapy]
So we need to have computers that can't be told by JavaScript code to load other web pages - which, of course, is a pretty basic function of automated web sites, not considered a security flaw in itself.

Maybe preventing pages from being loaded without being displayed is a feasible solution, but sometimes legitimate automated content will read a text web page to get data. So it seems as though a major redefinition of the security responsibilities of browsers are needed - they'll have to analyze the behavior of scripts in your web pages on the fly, looking for suspicious activity, if we want to stop this sort of thing.

Browsers are starting to enable sites to whitelist domains for script resources. Policies like these:
https://developer.mozilla.org/en-US/doc ... ity-Policy

 

[Rand]

Can the US government obtain US-corporation-based encryption certificates. I'd say yes, but it's probably more problematic for them than for or the Chinese government doing the same with Chinese corporations...

Not problematic at all, see LavaBit. Even if there were a judge that would give pause at such a request, the feds can easily find another boot-licker to approve it.

 

[Yagisama]

Where's a Chinese version of Snowden to leak thousands of documents on this?

 

[Deleted member 441963]

Meailda[/url]":3yjdji09]

burne_[/url]":3yjdji09]

Meailda[/url]":3yjdji09]
Believe me, if it is something important, the government has the ability to break https and other similar encryption methods.

No. As things stand at this moment in time there's not enough silicon in the universe to build enough CPU's to crack AES-128 before the end of times. And since every new browser session means a new key, requiring another 2^128 attempts..

Have you even been reading the TLS vulnerability article that have been coming out once a month lately?

All of them. Even better: I thoroughly understand the underlying issues and implications. I'm responsible for security at several government websites and I manage a PKI with 402 local governmental bodies, and 80-something ministries and governmental organisations.

TLS is a protocol and AES is a cypher. All the recent vulnerabilities relate to SSL and ways to make TLS fall back to SSL protocols. So far TLS, SHA, AES and DHKE have been our saviours. The future for SHA-1 looks a bit cloudy, but it's no SSL, RC4 or MD5 yet.

 

[Deleted member 441963]

lewax00[/url]":2see2pw3]
The NSA and other TLAs probably do their own research as well, and might not disclose things they find.

The underlying and unproven assumption is that the older brothers of Schneier, Daemen, Rijmen and Khovratovich (et al.) work for a TLA.

(Bruce is the most famous, Dmitry is the principal author of the 'best' attack on AES, and Joan and Vincent wrote AES..)