Feeds

Wildcard certificate spoofs web authentication

SSL felled by null string

Website security in corporate America

Black Hat In a blow to one of the net's most widely used authentication technologies, a researcher has devised a simple way to spoof SSL certificates used to secure websites, virtual private networks, and email servers.

The attack, unveiled Wednesday at the Black Hat security conference in Las Vegas, exploits a weakness in the process for generating secure sockets layer certificates. It works by adding a null string character to several certificate fields, a technique that tricks browsers and other SSL-enabled programs into misinterpreting the domain name that is being authenticated.

Security researcher Moxie Marlinspike created what he called a universal wildcard certificate that in many ways resembles certificate authority certificates that VeriSign and other companies use to generate SSL certificates. He did it by applying for a normal certificate for his website thoughtcrime.org. In the commonName field he listed the site as *\0.thoughtcrime.org, giving him a certificate that tricks many programs into authenticating virtually every address on the internet.

"You get this certificate and it will match any domain you're trying to connect to," Marlinspike told the Black Hat audience. "It's actually better than a CA cert because if you get a CA cert you at least have to create and sign another certificate to then present it for whatever you're trying to connect to. This you just hand them over and over again. You don't need to sign anything."

The attack came the same day that fellow researchers Dan Kaminsky and Len Sassaman laid out some half-dozen vulnerabilities in X.509, the technology that implements the PKI, or public key infrastructure that makes the SSL system work. Coincidentally, one of their attacks involved the same null-termination technique laid out by Marlinspike.

Another exploit targeted a decade-old VeriSign root certificate that was signed using MD2, an algorithm that's vulnerable to what's known as preimage attacks, in which someone is able to find a message that generates a predetermined hash.

"What we see is a real crisis in authentication," Kaminsky said during a press conference following his talk. "PKI was supposed to fix all this. We've been trying to do this for 10 years, and it's just not working."

Kaminsky said the current PKI system should be overhauled and rolled into DNSSEC, a security standard that's being implemented to better secure the domain name system.

The research isn't particularly comforting for people who regularly depend on SSL to authenticate websites and encrypt sensitive transactions.

Marlinspike has updated a software tool he wrote called SSLSniff to take advantage of the null-termination SSL bug. It allows a computer plugged into a network to all other network users to receive spoofed SSL pages that look identical to the real thing. The computer then logs all incoming and outgoing traffic that normally would have traveled through encrypted channels.

SSLSniff can also be used to automatically exploit software update mechanisms that rely on SSL for authentication. Instead of installing the update, the software pushes a malware package of the attacker's choice.

At the moment, version 3.5 of Firefox is the only browser that is protected against the attack, although Sassaman said Internet Explorer provides some protection too. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.