Researchers uncover fresh SSL holes

Fresh on the heels of a warning about a vulnerability with DNS code, security researchers have also found serious flaws in software that uses the SSL (Secure Sockets Layer) encryption protocol, commonly used to secure communications on the Internet.

At the Black Hat conference in Las Vegas, researchers unveiled a number of attacks that could be used to compromise secure traffic travelling between websites and browsers.

This type of attack could let an attacker steal passwords, hijack an online banking session or even push out a Firefox browser update that contained malicious code, the researchers said.

The problems lie in the way that many browsers have implemented SSL, and also in the X.509 public key infrastructure system that is used to manage the digital certificates used by SSL to determine whether or not a website is trustworthy.

A security researcher calling himself Moxie Marlinspike showed a way of intercepting SSL traffic using what he calls a null-termination certificate. To make his attack work, Marlinspike must first get his software on a local area network. Once installed, it spots SSL traffic and presents his null-termination certificate in order to intercept communications between the client and the server. This type of man-in-the-middle attack is undetectable, he said.

Marlinspike's attack is remarkably similar to another common attack known as a SQL injection attack, which sends specially crafted data to the program in hopes of tricking it into doing something it shouldn't normally do. He found that if he created certificates for his own Internet domain that included null characters - often represented with a \0 - some programs would misinterpret the certificates.

That's because some programs stop reading text when they see a null character. So a certificate issued to www.paypal.com\0.thoughtcrime.org might be read as belonging to www.paypal.com.

The problem is widespread, Marlinspike said, affecting Internet Explorer, VPN (virtual private network) software, email clients and instant messaging software, and Firefox version 3.

To make matters worse, researchers Dan Kaminsky and Len Sassaman reported that they had discovered that a large number of web programs are dependent on certificates issued using an obsolete cryptographic technology called MD2, which has long been considered insecure. MD2 has not actually been cracked, but it could be broken within a matter of months by a determined attacker, Kaminsky said.

The MD2 algorithm was used 13 years ago by VeriSign to self-sign "one of the core root certificates in every browser on the planet," Kaminsky said.

VeriSign stopped signing certificates using MD2 in May, said Tim Callan, vice president of product marketing at VeriSign.

However, "large number of websites use this root, so we can't actually kill it or we'll break the web," Kaminsky said.