In a case of "History doesn't repeat itself, but it does rhyme", the attack is similar in several ways to the latest HTTP "DESYNC" attacks. The Pizza attack hinged on inconsistencies between layers, and clever use of HTTP headers to hide requests.
-
Show this thread
-
Basically: TLS/SSL *used* to allow clients or servers to renegotiate a connection at any time, and that was like starting over. The Pizza attack had the attacker create a legit connection to a server, and then place a not quite finished lingering HTTP request on the connection.
1 reply 0 retweets 0 likesShow this thread -
Then, the attacker would initiate a renegotiation. Next, the attacker could MITM a client and connect the client to the server. This would actually work; TLS/SSL would authenticate just fine, despite the lower level MITM.
1 reply 0 retweets 0 likesShow this thread -
The client would then make their own request, but because of the clever way the Pizza attack would leave the pending lingering one, the client would effectively complete that one too.
1 reply 0 retweets 0 likesShow this thread -
If the lingering request was something like "Order a pizza", then the MITMd client would end up ordering a pizza. Pretty crafty.
1 reply 0 retweets 0 likesShow this thread -
This issue in the SSL/TLS protocols was a "Drop everything and fix" for us at Amazon, and it came on the heels of a "Drop everything and fix the internet" because of how silly bind9 was issue earlier in the year.
2 replies 0 retweets 4 likesShow this thread -
To protect our customers, we worked with a bunch of vendors, including going to their sites and working with their TLS teams to get renegotiations disabled. We updated a lot of software and hardware in November, our peak month. There was a
@JeffBezos call about it!1 reply 1 retweet 1 likeShow this thread -
The issue caused some examination of the SSL/TLS protocol itself, and led to secure renegotiations, and also caused a lot of people to disable renegotiations, which helped mitigate 3SHAKE (https://blog.cryptographyengineering.com/2014/04/24/attack-of-week-triple-handshakes-3shake/ …)
1 reply 0 retweets 4 likesShow this thread -
TLS1.3 has also cleaned a lot of house, and no longer supports renegotiations at all. This is good because being able to arbitrarily change contexts at the transport layer is way too confusing for applications.
1 reply 0 retweets 6 likesShow this thread -
The attack also informed the design of other security protocols. At AWS, our signed request protocols like SIGv4 are explicitly designed to prevent issues like this from creating security issues.
1 reply 0 retweets 6 likesShow this thread
Happy Birthday Pizza Attack! 


-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
