Not a really new paper – but definitely recommended reading.

Some lessons learned:

• Moxie is not really attacking SSL – but uses HTTP to bypass HTTPS.
• Switch to SSL as early as possible – but that might be too late already.
• Users never type https:// (nor http://) – they start with plain text and hope the application is doing the right thing.
• Fortunately (web) services are not affected. There is no human doing the http vs https decision. WCF e.g. also doesn’t like to be downgraded to plain text whenever credentials are involved. That’s a good thing in the face of such attacks.
• Endpoint Identities (an addition to WS-Addressing) are a good thing.

I see interesting times for passive profile SSO scenarios like WS-Federation. This doesn’t mean that these technologies open new holes – it is just that the (username/password) credentials we send around are much more powerful because they can be used in multiple applications.

This also means – if you are building a passive STS – you should not solely rely on SSL to secure your tokens. Encrypt them!