Article

Kaminsky reveals key flaws in X.509 SSL certificates at Black Hat

Michael S. Mimoso, Editor, Information Security magazine

LAS VEGAS -- If Dan Kaminsky was humbled by the attack on his personal Web server revealed late Tuesday that exposed passwords, email messages and instant message chats to the world, you'd have to think the applause that greeted him upon the start of his session Wednesday at Black Hat USA 2009 would have perked up his spirits and ego.

    Requires Free Membership to View

    Login

Black Hat 2009

SearchSecurity.com has all the news and newsmakers at the annual hacker conference. Visit our Black Hat 2009 news page.
According to reports, Kaminsky's website was one of a handful of security-related sites hacked on the eve of the annual hacker conference. Well-known former hacker Kevin Mitnick's site was victimized as well.

However, Kaminsky, no worse for wear, spent 75 minutes Wednesday taking out his frustration on X.509 cryptography found in public key infrastructures (PKI), VeriSign, and the continued use of faulty hash algorithms such as MD5 and MD2 by certificate authorities. He revealed that through a simple alteration of the common name in an X.509 certificate, an attacker could trick the certificate authority into certifying the legitimacy of a malicious site.

A year with Kaminsky

Jul 08: Kaminsky describes his DNS research

Jul 08: DNS flaw handling leaves Kaminsky pleased

Aug 08: Black Hat briefings: DNS flaw capable of attacks on many fronts

Aug 08: Technical tip: How to patch Kaminsky's DNS vulnerability

Sep 08: DNS issue still a major threat

Jun 09: Interview: Kaminsky on the necessity of DNSSEC

Jul 09: DNSSEC deployments gain momentum since Kaminsky's DNS flaw
X.509 is a cryptographic identification system standard for public key certificates, as well as SSL and IPsec, which represent the two most commonly used types of VPNs.

While the session had hardly the same splash as Kaminsky's 2008 talk, which shed details on his discovery of a critical vulnerability in DNS, the rant against X.509 drew a standing-room-only crowd several people deep.

Kaminksy, who has been advocating the use of DNSSEC or DNS Security Extensions as a remedy for his cache-poisoning bug of a year ago, explained how he used a preimage attack against old hash functions MD5 and MD2 to create the common name output he desired in an X.509 certificate.

Incredibly, not only was MD5 repeatedly smashed, most recently, late last year by a group of researchers, and subsequently pulled by most certificate authorities, Kaminsky said he learned that one of VeriSign Inc. core root certificates is self-signed with MD2. A VeriSign representative said that its certificates, as of May, are no longer signed with MD2 and have been reissued with SHA-1. VeriSign owns two of the Internet's 13 root servers and controls the .com domain. VeriSign has said it is working on signing the .com domain with DNSSEC some time in 2011.

Kaminsky shared his findings with browser vendors such as Mozilla Foundation, Apple Inc. and Microsoft, and other prominent vendors such as Red Hat Inc. and the OpenSSL Project, all of which have agreed to shut off MD2 hashes or are working toward eliminating MD2 use.

"This will blow up and it will be bad," Kaminsky said. "When the MD2 attack happens, you will be able to log into any box you want."

Kamsinky, however, insisted there is no need for immediate panic, nor is there a rush for a mass patch, a la his DNS bug, because of the complexity required to pull off such an attack.


Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.
    Back to top