, 12 tweets, 4 min read
My Authors
Read all threads
Tuesday Tweet Thread is a "Today in Infosec" one. It's 10 years since @marshray published one of my favorite TLS/SSL issues, and the best named. The Pizza Attack! Read about it in EKR's blog post from the time: educatedguesswork.org/2009/11/unders… ...
@marshray In a case of "History doesn't repeat itself, but it does rhyme", the attack is similar in several ways to the latest HTTP "DESYNC" attacks. The Pizza attack hinged on inconsistencies between layers, and clever use of HTTP headers to hide requests.
@marshray Basically: TLS/SSL *used* to allow clients or servers to renegotiate a connection at any time, and that was like starting over. The Pizza attack had the attacker create a legit connection to a server, and then place a not quite finished lingering HTTP request on the connection.
@marshray Then, the attacker would initiate a renegotiation. Next, the attacker could MITM a client and connect the client to the server. This would actually work; TLS/SSL would authenticate just fine, despite the lower level MITM.
The client would then make their own request, but because of the clever way the Pizza attack would leave the pending lingering one, the client would effectively complete that one too.
If the lingering request was something like "Order a pizza", then the MITMd client would end up ordering a pizza. Pretty crafty.
This issue in the SSL/TLS protocols was a "Drop everything and fix" for us at Amazon, and it came on the heels of a "Drop everything and fix the internet" because of how silly bind9 was issue earlier in the year.
To protect our customers, we worked with a bunch of vendors, including going to their sites and working with their TLS teams to get renegotiations disabled. We updated a lot of software and hardware in November, our peak month. There was a @JeffBezos call about it!
@JeffBezos The issue caused some examination of the SSL/TLS protocol itself, and led to secure renegotiations, and also caused a lot of people to disable renegotiations, which helped mitigate 3SHAKE (blog.cryptographyengineering.com/2014/04/24/att…)
@JeffBezos TLS1.3 has also cleaned a lot of house, and no longer supports renegotiations at all. This is good because being able to arbitrarily change contexts at the transport layer is way too confusing for applications.
@JeffBezos The attack also informed the design of other security protocols. At AWS, our signed request protocols like SIGv4 are explicitly designed to prevent issues like this from creating security issues.
Happy Birthday Pizza Attack! 🎂🍕🏹
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Colm MacCárthaigh

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!