February 23rd, 2009
admin
A short time ago I mentioned the vulnerability in certificates that are signed with MD5. Well I have just finished watching the presentation from Blackhat DC 2009 that details a different attack on SSL. Its a very simple attack and the take away here is that you don’t have to defeat SSL to defeat SSL!
Check the presentation over at SecurityTube.net Be sure to make sure you watch the video, not just read the slides, it makes a lot more sense with the audio. Official video link here
Edit: There is a five minute chat with the presenter on you tube here
OSG
December 31st, 2008
admin
This is huge, make no mistake. There has never been such an exploit against PKI this big, to my knowledge. I mean it (PKI) is not a perfect system by a long way but up until now, if you were careful, then you could have a reasonable expectation of your HTTPS connection being secure.
This latest MIM attack disclosed at 25C3 has changed that, now you would have to be very careful indeed to have an expectation of privacy/confidentiallity. Make no mistake, a large portion of the blame lies at the feet of those certificate providers who are still using MD5 hashes instead of SHA. The MD5 flaw/vulnerability (that of increased likelyhood of collisions) has been know for a long time – in fact Schneiers post makes it plain that attacks against MD5 were no longer theoretical, and that was in 2005.
The thing that, to me, makes this worse is that its not just smaller certifcate authorities that are still using MD5 – Thawte and RSA Data Security are two of the biggest providers of certs and they still use MD5 (according to the presentation).
One thing that did suprise me is that the CRL that is used to check against revoked certificates is obtained from within the certifcate itself – so if you are spoofing a cert, you could theoreticaly put your own spoofed CRL in as well. Thats a pretty large whole from where I’m sitting.
A detailed explanation of this exploit/vulnerability is availble here and their slides are here
OSG
Additional Note
Itrs worth considering this post, that points out that not all CAs use a serial number that increments and so not all are vulnerable to this attack – its a valid point but it only tales one vulnerable CA for this to work and while we do need to stop using consecutive serial numbers, I think we also need to stop using MD5 for gawd sake
Additional Note 2
SSL Blacklist (a Firefox extension) has been updated to check for certs that use MD5 as their algorithm (this doesnt mean they are bad per-se – see above note). The extension is available here
December 30th, 2008
admin
Like any true geek Im always elated when I get a package from Amazon and yesterday was no different. My latest book arrived on the doorstep – Fyodors NMAP Network Scanning.
Some may say that the info for this tool is already available on the net but to be honest my decision to buy this book was, in part, so that Fyodor would get some money back for the excellent tool that he has created and regularly updates.I found out that the book had gone into print when I heard his talk at Defcon and decided there and then that I must have it.
Its both interesting and very encouraging to read that he, as an open source author, choose to use open-source tools to write to book rather than bowing to the pressure to use proprietary software – kudos for that dude. Now to find some time to read it 
OSG