Feeds

Wildcard certificate spoofs web authentication

SSL felled by null string

Beginner's guide to SSL certificates

Black Hat In a blow to one of the net's most widely used authentication technologies, a researcher has devised a simple way to spoof SSL certificates used to secure websites, virtual private networks, and email servers.

The attack, unveiled Wednesday at the Black Hat security conference in Las Vegas, exploits a weakness in the process for generating secure sockets layer certificates. It works by adding a null string character to several certificate fields, a technique that tricks browsers and other SSL-enabled programs into misinterpreting the domain name that is being authenticated.

Security researcher Moxie Marlinspike created what he called a universal wildcard certificate that in many ways resembles certificate authority certificates that VeriSign and other companies use to generate SSL certificates. He did it by applying for a normal certificate for his website thoughtcrime.org. In the commonName field he listed the site as *\0.thoughtcrime.org, giving him a certificate that tricks many programs into authenticating virtually every address on the internet.

"You get this certificate and it will match any domain you're trying to connect to," Marlinspike told the Black Hat audience. "It's actually better than a CA cert because if you get a CA cert you at least have to create and sign another certificate to then present it for whatever you're trying to connect to. This you just hand them over and over again. You don't need to sign anything."

The attack came the same day that fellow researchers Dan Kaminsky and Len Sassaman laid out some half-dozen vulnerabilities in X.509, the technology that implements the PKI, or public key infrastructure that makes the SSL system work. Coincidentally, one of their attacks involved the same null-termination technique laid out by Marlinspike.

Another exploit targeted a decade-old VeriSign root certificate that was signed using MD2, an algorithm that's vulnerable to what's known as preimage attacks, in which someone is able to find a message that generates a predetermined hash.

"What we see is a real crisis in authentication," Kaminsky said during a press conference following his talk. "PKI was supposed to fix all this. We've been trying to do this for 10 years, and it's just not working."

Kaminsky said the current PKI system should be overhauled and rolled into DNSSEC, a security standard that's being implemented to better secure the domain name system.

The research isn't particularly comforting for people who regularly depend on SSL to authenticate websites and encrypt sensitive transactions.

Marlinspike has updated a software tool he wrote called SSLSniff to take advantage of the null-termination SSL bug. It allows a computer plugged into a network to all other network users to receive spoofed SSL pages that look identical to the real thing. The computer then logs all incoming and outgoing traffic that normally would have traveled through encrypted channels.

SSLSniff can also be used to automatically exploit software update mechanisms that rely on SSL for authentication. Instead of installing the update, the software pushes a malware package of the attacker's choice.

At the moment, version 3.5 of Firefox is the only browser that is protected against the attack, although Sassaman said Internet Explorer provides some protection too. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.