Security researchers have uncovered a vulnerability in the infrastructure used to secure Web pages on the Internet — potentially allowing for the creation of rogue security certificates and the spoofing of sites like banking and e-commerce sites.
The news prompted at least one major certificate authority, VeriSign, to roll out fixes across its services that had been at risk from the vulnerability.
Earlier today, seven researchers from the U.S., Switzerland and the Netherlands said they succeeded in creating a rogue certification authority
Certification authorities act as trusted third parties to issue online certificates guaranteeing that the certificate’s owner — say, an e-commerce site — is who they claim to be. Creating a rogue certification authority potentially enables a faked site to pass as legitimate.
Hackers could also attack Secure Socket Layer (SSL)
The researchers, who also include Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik and Benne de Weger, are scheduled to present their findings today at the Chaos Computer Club’s 25th annual conference in Berlin.
In response, VeriSign (NASDAQ: VRSN) said it had issued fixes to address the problems detailed by the researchers, who said they identified VeriSign’s Rapid SSL unit as one of the most vulnerable on the Web. According to the researchers’ site, 9,000 of the 30,000 certificates they collected from all over the Web were signed using MD5. The researchers said 97 percent of those were issued by Rapid SSL.
“We’ve made code changes on all our platforms on our end, and nobody can get certificates from VeriSign on Rapid SSL or any of our other brands that this vulnerability can affect,” Tim Callan, vice president of product marketing at VeriSign, told InternetNews.com.
Concerns about browser security are nothing new — Mozilla patched several flaws in Firefox earlier this month at the same time Microsoft (NASDAQ: MSFT) was wrangling with reports of a vulnerability in Internet Explorer.
Yet the researchers’ findings may stoke new fears that the recession will lead to an increase in cybercrime.
Assessing the risks
The researchers’ findings center on MD5, or Message-Digest algorithm 5
Page 2: Response to the threat
Page 2 of 2
Sotirov and his colleagues said the weakness they discovered in MD5 could allow for transparent man-in-the-middle attacks
VeriSign’s Callan said his company had planned to get rid of MD5 in its certificates by the end of January, and added that today’s vulnerability report forced it to speed up its plans to overhaul its public key infrastructure, also known as PKI
“The PKI community has been transitioning away from MD5, but a large-scale PKI system like SSL has hundreds of thousands, if not millions, of people depending on it, so the process of transitioning from it takes years,” he said.
He said VeriSign is now using SHA-1 (short for Secure Hash Algorithm) instead of MD5. SHA-1 was developed by the National Security Agency (NSA) in 1993 to replace MD4 and MD5. It was followed by SHA-2. With both versions of SHA also facing threats, however, the U.S. Department of Commerce’s National Institute of Standards and Technology has begun encouraging the development of replacements.
Despite the effort to move away from MD5, VeriSign played down the threat.
Christina Rohall, a spokesperson with the company, said in an e-mail to InternetNews.com that MD5 is trusted only as a relatively low level of security and only used for a small percentage of the total number of SSL certificates in existence.
In addition to Rapid SSL, five other certification authorities issued certificates signed with MD5 in 2008, according to the researchers’ Web site. They are VeriSign itself, FreeSSL, TC TrustCenter, RSA Data Security and Thawte.
However, Paul Kocher, president and chief scientist at cryptography vendor Cryptography Research, told InternetNews.com that the number of certificates impacted is not important.
“The disturbing thing is that this kind of attack is that it breaks the core trust model SSL relies on,” he said. “This is the sort of thing SSL is supposed to protect you against.”
Kocher agreed added that an attack based on the researchers’ findings would require a lot of power because of their approach, which was relatively complex compared to the ease of cracking MD5 in most cases.
“Attacks against MD5 generally can be done on a laptop in a matter of minutes and breaking MD5 generically is very easy to do,” he said.
[cob:Special_Report]Tamir Hardof, group manager for product marketing for network security products at security vendor Check Point Software (NASDAQ: CHKP), agreed that secure online sites could hypothetically be affected by the vulnerability uncovered by the researchers, but that their attack is too complicated to be launched readily.
“You’d need a pretty significant amount of work to take advantage of this flaw, and the hacker would need a lot of motivation,” he told InternetNews.com.
Yet VeriSign’s Rohall blasted the team’s disclosure of the vulnerability.
“We take an issue like this seriously and are disappointed we were not given the opportunity to learn of the findings before they were made public,” she said.
Update adds additional comments from VeriSign and Kocher.