In a lot of fields you are taught that the best way to be able to finish your work on time is to reuse the tools that are already at hand. It does not matter if it is a physical product or the actual idea that you are reusing, drawing on your experience from the past will help you get your work done a lot sooner than you normally would be able to.
In software this is called avoiding “do it yourself syndrome”. Do it yourself syndrome is when you avoid getting help from someone who may have solved the same problem as you and try to recreate the solution yourself. Even though the solution has been known for a long time and has been tested over and over again, you still think that you can do it better. But while you thought that you could do the job better, in reality you ended up creating a solution that might be half finished and not as elegant as the solution that was already presented. So when you are a young programmer you are taught to try and avoid do it yourself syndrome as best as you can. Only recreate the effort if you have to or if the solution that is presented to you is truly not good enough.
Since most black hat hackers are programmers they tend to follow the same credo as well. They try their best in avoiding work that has already been done. And if they can incorporate the same line of thinking in their hacks well they do that as well. One way they do this is by trying to reuse an SSL session.
How do you reuse a SSL session?
Even though it may seem dangerous, the idea of SSL session is used all of the time. When you log into a SSL session so that you can validate a certification on the server, the use of SSL reuse saves a lot of time. This makes an item work faster for both the server and the end user.
How it works is that the server makes sure that it has an ID ready for you when you log in. Once you have the ID assigned to you, it is then carried around with you for the entire time that you are logged into the server. Once you have decided to log out, the ID is not erased. It is now logged in to some sort of storage on the server and ready for you when you log back in. It will wait for you for at least 24 hours before it will erase the session data from its memory. But if you log back in within those 24 hours you can then start to session over like you have never left.
The process pretty much goes, client says hello, the server says hi, the server sends the certificate information, the client reads and makes some changes, sends it back to the server, the server reads it and makes some changes and then allows the HTTP 1.0 information to be sent. The SSL certificate is able to do this by cutting down the longest part of the SSL process, the handshake to the other server. The SSL reuse works by instead of asking for the certificate of the server again it instead reads and changes the specs of the certificate immediately since it already knows the certificate from the last session.
But while the idea of saving a server SSL session seems like it makes life a lot easier, there can be a dark side as well. This is great bait for a black hat hacker who has gotten into your system.
Black Hat server interruption
When you have an open server session saved in your system you leave yourself vulnerable for black hat hackers who know how to exploit such data. For years, people have thought that the SSL certificates that you see handed out were perfectly fool proof. That no one would be able to break past them and their defense. But this has not been true for awhile and now tools that were created to take advantage of that security are now being exploited as
well. Black hat hackers are finding new and creative ways for attacking the reuse session of an SSL.
You must be careful these days when you are dealing with security tools. Attacks that might have seemed impossible in the past are quite possible now. Tools are cracked all of the time even if some take longer than others. Just make sure that you are prepared for when it happens.