Feeds

Wildcard certificate spoofs web authentication

SSL felled by null string

Providing a secure and efficient Helpdesk

Black Hat In a blow to one of the net's most widely used authentication technologies, a researcher has devised a simple way to spoof SSL certificates used to secure websites, virtual private networks, and email servers.

The attack, unveiled Wednesday at the Black Hat security conference in Las Vegas, exploits a weakness in the process for generating secure sockets layer certificates. It works by adding a null string character to several certificate fields, a technique that tricks browsers and other SSL-enabled programs into misinterpreting the domain name that is being authenticated.

Security researcher Moxie Marlinspike created what he called a universal wildcard certificate that in many ways resembles certificate authority certificates that VeriSign and other companies use to generate SSL certificates. He did it by applying for a normal certificate for his website thoughtcrime.org. In the commonName field he listed the site as *\0.thoughtcrime.org, giving him a certificate that tricks many programs into authenticating virtually every address on the internet.

"You get this certificate and it will match any domain you're trying to connect to," Marlinspike told the Black Hat audience. "It's actually better than a CA cert because if you get a CA cert you at least have to create and sign another certificate to then present it for whatever you're trying to connect to. This you just hand them over and over again. You don't need to sign anything."

The attack came the same day that fellow researchers Dan Kaminsky and Len Sassaman laid out some half-dozen vulnerabilities in X.509, the technology that implements the PKI, or public key infrastructure that makes the SSL system work. Coincidentally, one of their attacks involved the same null-termination technique laid out by Marlinspike.

Another exploit targeted a decade-old VeriSign root certificate that was signed using MD2, an algorithm that's vulnerable to what's known as preimage attacks, in which someone is able to find a message that generates a predetermined hash.

"What we see is a real crisis in authentication," Kaminsky said during a press conference following his talk. "PKI was supposed to fix all this. We've been trying to do this for 10 years, and it's just not working."

Kaminsky said the current PKI system should be overhauled and rolled into DNSSEC, a security standard that's being implemented to better secure the domain name system.

The research isn't particularly comforting for people who regularly depend on SSL to authenticate websites and encrypt sensitive transactions.

Marlinspike has updated a software tool he wrote called SSLSniff to take advantage of the null-termination SSL bug. It allows a computer plugged into a network to all other network users to receive spoofed SSL pages that look identical to the real thing. The computer then logs all incoming and outgoing traffic that normally would have traveled through encrypted channels.

SSLSniff can also be used to automatically exploit software update mechanisms that rely on SSL for authentication. Instead of installing the update, the software pushes a malware package of the attacker's choice.

At the moment, version 3.5 of Firefox is the only browser that is protected against the attack, although Sassaman said Internet Explorer provides some protection too. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.