Wednesday, December 31st, 2008
>The paper on MD5 considered harmful today delivered at the 25th Annual Chaos Communication Congress in Berlin has got people scared again.
The team showed an MD5 collision which is well explained by Simon Willison (he is so good at getting to the meat, a tough skill indeed):
Use an MD5 collision to create two certificates with the same hash, one for a domain you own and another for amazon.com. Get Equifax CA to sign your domain’s certificate using the outdated “MD5 with RSA” signing method. Copy that signature on to your home-made amazon.com certificate to create a fake certificate for Amazon that will be accepted by any browser.
Mozilla Security folks issued an advisory which included the impact to users:
If a user visits an SSL site presenting a fraudulent certificate, there will be no obvious sign of a problem and the connection will appear to be secure. This could result in the user disclosing personal information to the site, believing it to be legitimate. We advise users to exercise caution when interacting with sites that require sensitive information, particularly when using public internet connections.
This is not an attack on a Mozilla product, but we are nevertheless working with affected certificate authorities to ensure that their issuing processes are updated to prevent this threat. Mozilla is not aware of any instances of this attack occurring in the wild.
Microsoft also advised.
Then we get SSL in perspectives which talks us through 2008:
- Dan Kaminski shook world’s faith in DNS. BTW, you already checked your DNS hardness or switched to OpenDNS, didn’t you? Anyway, DNS security or not, you cannot trust non-SSL traffic when you’re traveling, or you’re behind a proxy you can’t control (TOR, for instance), or otherwise not using a trusted ISP… wait, do you really trust your ISP? OK, you should not trust non-SSL traffic, period.
- But then, Mike Perry demonstrated how cookies can be stolen from SSL-secured sites (and NoScript deployed some countermeasures).
- Unfortunately, a shameful incident revealed that you can easily buy a valid SSL certificate for a web site you’re not related with, if you find an unscrupulous enough vendor: in this case, a mozilla.com certificate has been obtained by Eddy Nigg of StartCom Ltd. from the Certstar Comodo reseller, no question asked. Of course, as a work-around, you could remove the offending CA root, but you must expect side effects (I discovered this breaks cleverbridge e-commerce back-ends, for instance). And, most important, are you sure this is the only sloppy CA out there?
- As if this didn’t suck enough, a speech has been given today at 253c by Alex Sotirov, Arjen Lenstra and other high-profile researchers, who managed to leverage known MD5 weaknesses and not-safe-enough practices of some certificate issuers to build their own rogue CA.
Phew. Two Web security pieces almost in a row :/
Posted by Dion Almaer at 12:03 am