SSL Cert fun

06Jan09

I originally was not going to write about this.  There are many good articles about it already and I don’t think I can add anything that hasn’t already been covered.  Today however I was having a conversation with a fellow security guy and he had no idea what this was about.  After explaining it to him he then told me that his certs weren’t vulnerable.  I shook my head and asked him to stop being so narrow minded.  Here is a quick explanation of the issue and why my friend needs to think about the scope of this problem a little more.  Please read some of the links I provide at the end to get more detailed info.

For a long time we have been telling people that if they visit an SSL site (https://) and the browser verifies it is valid then your session is secure.  People look for the lock icon and some even look at the actual certificate properties to verify the certificate before handing over their credit card or password…GREAT.  Recently however, researchers have shown that they can target a weakness in the MD5 hash algorithm to create a rogue CA certificate.  This could be bad…very bad.  Not all CAs still use MD5 for their signing, but enough do that make this something to be aware of.  How they did it was pretty cool, check out their write-up for more info.

My friend from above wasn’t concerned because the certs he uses for the sites he manages were not signed using a MD5 hash algorithm so I asked him a few questions:

Do you have another email account that you check via the web?  Yes.
Do you do any online banking?  Yes.
Do you do any online shopping?  Yes.
Do you…….   The light bulb went off…he got it.

If you visit a SSL site that is using a MD5 cert how can you tell it is the real site and not a fake site using a forged cert?  You can’t.  The browsing experience will look and feel correct.  The lock will be there.  The cert properties will look legit.  You won’t know!  Now in order for this to work your DNS would also need to be compromised for you to end up at the fake site to begin with, so it is a bit complex.  We have been shown that DNS is vulnerable to multiple attacks though, so this cert exploit is not outside the realm of possibility.

Don’t panic, the internet is not broken.  As a user, there is not much that you can do to protect yourself here.  You could check the cert properties to see if it was created with MD5 but that just tells you if there is potential for this exploit.  Outside of that you have to wait for the CAs stop using MD5.  I would expect online vendors to put a lot of pressure on CAs because they do not want this to cost them business, hopefully we won’t be talking about this next year.

Some good reading on this for additional info:

Researchers explanation write-up

Chris Wysopal @ Veracode Blog

Ryan Naraine @ ZDNet

JJ @ Security Uncorked

Advertisements


One Response to “SSL Cert fun”

  1. As you say the danger should not be underestimated. In http://www.win.tue.nl/hashclash/rogue-ca/ the authors state:

    “Over the course of a week we spidered the web and collected more than 100,000 SSL certificates, of which about 30,000 were signed by CAs trusted by Firefox. There were six CAs that had issued certificates signed with MD5 in 2008:

    * RapidSSL
    * FreeSSL (free trial certificates offered by RapidSSL)
    * TC TrustCenter AG
    * RSA Data Security
    * Thawte
    * verisign.co.jp

    Out of the 30,000 certificates we collected, about 9,000 were signed using MD5, and 97% of those were issued by RapidSSL.”

    This is not a very good picture.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: