Kaminsky Warns of SSL Vulnerabilities

Security researcher Dan Kaminsky at Black Hat
Security researcher Dan Kaminsky speaks at Black Hat
Photo: Sean Michael Kerner

LAS VEGAS — Security researcher Dan Kaminsky made waves last year with his dramatic DNS security flaw that could have undermined the security of the Internet.

This year at Black Hat, he’s back with another critical issue affecting the security certificates that secure Web sites.

Kaminsky wasn’t he only one warning about SSL issues at the event. Security researcher Moxie Marlinspike independently reported some of the same issues in a separate session at Black Hat. According to the two researchers, it’s possible to obtain a “wildcard” SSL certificate that would work on many browsers.

The wildcard is a certificate for a null domain like *0.attackersite.bankname.com that would validate on many browsers simply for the bankname.com part. As a result, this could trick unsuspecting users into trusting a faked site.

Kaminsky also warned of a flaw in the Public Key Infrastructure, or PKI — a critical component in SSL. According to him, some of the key security certifications in use today still rely on the MD2 security algorithm that is no longer valid. Though MD2 is no longer used, Kaminsky said that the chain of trust links back to old MD2-signed certificates, and with enough compute power, those could be cracked.

Kaminsky speculated that such computing power would exist within the next two years.

“What Dan has pointed out is this is one of the few times where we can see the attack coming and we can actually react ahead of time,” Black Hat founder Jeff Moss told reporters during a press conference. “The other scary thing about this attack is you can’t go back forensically and see if you got worked over.”

The solution, according to Kaminsky, is twofold. First, certificate authorities should rework any old MD2-signed certs — something that VeriSign, which manages .com and .net, is already doing.

“The company no longer uses the MD2 hash algorithm standard to sign any of its certificates,” Tim Callan, vice president of product marketing at VeriSign (NASDAQ: VRSN) told InternetNews.com in an e-mail. “Last year, VeriSign implemented a process for transitioning off MD2 and, as of May 17th, the transition to the SHA-1 algorithm has been completed.” The SHA-1 algorithm is considered to be more secure and not at risk.

The other solution proposed by Kaminsky is to use EV-SSL (Extended Validation) in addition to DNSSEC (DEFINE: DNSSEC). While basic SSL certificates doesn’t necessarily verify the identity or authenticity of a Web site, an EV-SSL certificate requires additional due diligence before they are issued — validation that ensures the domain owner and site is legitimate.

VeriSign also has been pushing EV-SSL, and reported earlier this year that the added security could helps to encourage more sales for e-commerce sites.

DNSSEC, on the other hand, provides signed domain names on which to help base the EV-SSL certificates. VeriSign’s also supportive of that effort as well.

“We also agree that DNSSEC is a standard that must be implemented to address the variety of Man-in-the-Middle (MITM) schemes outlined of late,” Callan said. “VeriSign will continue to work with its industry peers to ensure the success of this standard.”

When it comes to claims of the null wildcard SSL certificate, while both Marlinspike and Kaminsky stated that it was possible, VeriSign responded that it wasn’t — at least on any domains registered through them.

“VeriSign’s systems and processes prevent the issuance of any SSL certificates to domains with null characters,” Callan said. “No certificates under the VeriSign brand or sub-brands have a domain containing a null character. Marlinspike’s presentation underscores the importance of such stringent issuance practices by CAs to ensure the integrity of online security. “

News Around the Web