Two researchers have independently uncovered flaws in the way domain names are verified on the internet, which could allow attackers to impersonate a site and steal information from unsuspecting surfers.
Dan Kaminsky, who discovered a serious flaw in the Domain Name System (DNS) last year, and independent researcher Moxie Marlinspike gave presentations at the Black Hat security conference on Wednesday about how someone could acquire certificates for domains they did not own, thus tricking people into visiting illegitimate sites or inadvertently sharing information.
Marlinspike said a flaw in the way browsers and mail clients implement Secure Sockets Layer (SSL) allows for so-called "man-in-the-middle" attacks in which an attacker could trick browsers into presenting the site as legitimate.
The attacker can ensure continued interception of a victim's data by intercepting Firefox auto-update requests, which depend on SSL, Marlinspike said in an interview. He has written a software tool to enable this, which works with a modified version of Firefox, "so that anytime you submit something to a site, it sends me a copy," he said.
"The diabolical thing is this is a vulnerability, but the update mechanisms themselves can not be trusted," Marlinspike added.
Chrome and IE are also vulnerable to such an attack, although it would be harder with the latter because it employs the additional step of using code-signing certificates, Marlinspike said. He has not analysed Chrome enough to see how serious of an issue it would be.
"They all need to change their implementation of SSL," he said, adding that he has been working with Mozilla.
Marlinspike said he will release his tool as soon as a Firefox patch is out — possibly in the next week or so.
Until Mozilla changes the way its auto-update system handles SSL, he suggested users turn off the function on Firefox.
Meanwhile, Kaminsky, director of penetration testing for IOActive, said he was able to trick a certification authority into providing a certificate verifying authenticity for a domain that belongs to someone else. He tested his attack using a fake defcon.org domain and was able to use a naming trick to convince the authority running SSL to not contact the domain owner to verify the validity of the request.
Kaminsky was able to do this by exploiting a vulnerability in X.509, the protocol for generating SSL connections.
"If a certification authority and a browser disagree about a name being validated, an attacker could impersonate any domain name," he said in an interview.
The vulnerability undermines the system of trust that the web relies on for e-commerce and other activities, according to Kaminsky. By uncovering it, crisis may have been averted, he said.
"This is our best technology for doing authentication and it failed," he said. "We'll fix it, but it's another sign that we need to revisit how we do the basics; how we do authentication on the internet."
Kaminsky said extended certificate validation — to prove the identity of an organisation behind a website — should be used for any site where phishing is a threat. He also suggested that much of the problem could be solved with the use of DNSSEC — extensions to DNS that provide additional information to servers about the data communication and its origin.
He added that he was able to use different types of attacks to exploit the vulnerability, which have been resolved, and one, involving the MD2 hash algorithm standard to sign certificates, is being phased out.
Third-party certification authority VeriSign no longer uses the MD2 standard, having transitioned to the SHA-1 algorithm on 17 May, said Tim Callan, a vice-president of product marketing at the domain registrar.
"We're completely behind any efforts to improve X.509 and DNSSEC," he said.
Talkback
Tim Callan, vice president of product marketing at VeriSign,
responds (in more detail) to these Black Hat presentations in his new SSL blogpost:
https://blogs.verisign.com/ssl-blog/2009/07/busy_day_at_black_hat.php
He fills some of the holes that Marlinspike and Kaminsky dug.