Kaminsky reveals key flaws in X.509 SSL certificates at Black Hat

By Michael S. Mimoso, Editor, Information Security magazine 29 Jul 2009 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

LAS VEGAS -- If Dan Kaminsky was humbled by the attack on his personal Web server revealed late Tuesday that exposed passwords, email messages and instant message chats to the world, you'd have to think the applause that greeted him upon the start of his session Wednesday at Black Hat USA 2009 would have perked up his spirits and ego.

Black Hat 2009 SearchSecurity.com has all the news and newsmakers at the annual hacker conference. Visit our Black Hat 2009 news page.

According to reports, Kaminsky's website was one of a handful of security-related sites hacked on the eve of the annual hacker conference. Well-known former hacker Kevin Mitnick's site was victimized as well.

However, Kaminsky, no worse for wear, spent 75 minutes Wednesday taking out his frustration on X.509 cryptography found in public key infrastructures (PKI), VeriSign, and the continued use of faulty hash algorithms such as MD5 and MD2 by certificate authorities. He revealed that through a simple alteration of the common name in an X.509 certificate, an attacker could trick the certificate authority into certifying the legitimacy of a malicious site.

A year with Kaminsky Jul 08: Kaminsky describes his DNS research Jul 08: DNS flaw handling leaves Kaminsky pleased Aug 08: Black Hat briefings: DNS flaw capable of attacks on many fronts Aug 08: Technical tip: How to patch Kaminsky's DNS vulnerability Sep 08: DNS issue still a major threat Jun 09: Interview: Kaminsky on the necessity of DNSSEC Jul 09: DNSSEC deployments gain momentum since Kaminsky's DNS flaw

X.509 is a cryptographic identification system standard for public key certificates, as well as SSL and IPsec, which represent the two most commonly used types of VPNs.

While the session had hardly the same splash as Kaminsky's 2008 talk, which shed details on his discovery of a critical vulnerability in DNS, the rant against X.509 drew a standing-room-only crowd several people deep.

Kaminksy, who has been advocating the use of DNSSEC or DNS Security Extensions as a remedy for his cache-poisoning bug of a year ago, explained how he used a preimage attack against old hash functions MD5 and MD2 to create the common name output he desired in an X.509 certificate.

Incredibly, not only was MD5 repeatedly smashed, most recently, late last year by a group of researchers, and subsequently pulled by most certificate authorities, Kaminsky said he learned that one of VeriSign Inc. core root certificates is self-signed with MD2. A VeriSign representative said that its certificates, as of May, are no longer signed with MD2 and have been reissued with SHA-1. VeriSign owns two of the Internet's 13 root servers and controls the .com domain. VeriSign has said it is working on signing the .com domain with DNSSEC some time in 2011.

Kaminsky shared his findings with browser vendors such as Mozilla Foundation, Apple Inc. and Microsoft, and other prominent vendors such as Red Hat Inc. and the OpenSSL Project, all of which have agreed to shut off MD2 hashes or are working toward eliminating MD2 use.

"This will blow up and it will be bad," Kaminsky said. "When the MD2 attack happens, you will be able to log into any box you want."

Kamsinky, however, insisted there is no need for immediate panic, nor is there a rush for a mass patch, a la his DNS bug, because of the complexity required to pull off such an attack.

Tags: Web Authentication and Access Control,  Web Server Threats and Countermeasures,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Web Authentication and Access Control Yahoo login credentials at risk to hijacking attack Group to shed light on secure identity management threats IT business justification to limit network access How to confirm the receipt of an email with security protocols Schneier-Ranum Face-Off: Is Perfect Access Control Possible? Changing times for identity management How to use single sign-on for Web access control to prevent malware IBM USB banking device stops keyloggers, malware Can mutual authentication beat phishing or man-in-the-middle attacks? Could someone place a rootkit on an internal network through a router? Web Server Threats and Countermeasures Best Web Security Gateway Products

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary access log  (SearchSecurity.com) anonymous Web surfing  (SearchSecurity.com) authentication, authorization, and accounting  (SearchSecurity.com) identity chaos  (SearchSecurity.com) knowledge-based authentication  (SearchSecurity.com) multifactor authentication (MFA)  (SearchSecurity.com) walled garden  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary