01:49 PM
Connect Directly

200 Sony PS3s Harnessed To Crack Secure Site Certification

A research group finds a way to forge certain digital certificates and create fake versions of popular e-commerce and banking sites.

Using 200 Sony PlayStation 3s for crypto cracking, a group of security researchers has found a way to forge certain digital certificates used to identify secure Web sites, a technique that could be used to create fake versions of popular e-commerce and banking sites.

The researchers -- Jake Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Alex Sotirov, Marc Stevens, and Benne de Weger -- presented their work Tuesday at the Chaos Computing Congress, a four-day computer hacking conference held annually in Berlin.

The group identified a weakness in the public key infrastructure used on the Internet to issue digital certificates for Web sites that employ the secure HTTPS protocol.

"Our attack takes advantage of a weakness in the MD5 cryptographic hash function that allows the construction of different messages with the same MD5 hash," the researchers said on their Web site. "This is known as an MD5 'collision.' Previous work on MD5 collisions between 2004 and 2007 showed that the use of this hash function in digital signatures can lead to theoretical attack scenarios. Our current work proves that at least one attack scenario can be exploited in practice, thus exposing the security infrastructure of the Web to realistic threats."

Discussing the research, Princeton computer science professor Edward Felten explained on his blog that the hash is a 128-bit code that's supposed to represent a unique digest of the digital certificate in question. "To be secure, the hash method has to have several properties, one of which is that it should be infeasible to find a collision, that is, to find two values A and B which have the same hash," he wrote.

But as the researchers have shown, it's not infeasible. In theory, at least, that means someone could create a fake HTTPS banking site, for example, using a forged certificate to hijack a trusted brand name.

The group identified six certification authorities that issued certificates signed with MD5 in 2008: RapidSSL, FreeSSL, TC TrustCenter AG, RSA Data Security, Thawte, and verisign.co.jp.

Shortly after the research was presented, Tim Callan, a product manager for VeriSign's SSL business, said in a blog post that his company had taken steps to eliminate the vulnerability. He said that VeriSign has "been in the process of phasing out the MD5 hashing algorithm for a long time now."

Microsoft also responded, issuing a security advisory Tuesday. "This new disclosure does not increase risk to customers significantly, as the researchers have not published the cryptographic background to the attack, and the attack is not repeatable without this information," Microsoft's advisory says. "Microsoft is not aware of any active attacks using this issue and is actively working with certificate authorities to ensure they are aware of this new research and is encouraging them to migrate to the newer SHA-1 signing algorithm."

The research group goes further, advising that certification authorities stop using MD5 and move to more secure hash functions, such as SHA-2. While collision attacks have not yet been shown to be practical against SHA-1 hashes, work along these lines is progressing.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
DNS Threats: What Every Enterprise Should Know
Domain Name System exploits could put your data at risk. Here's some advice on how to avoid them.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio

The cybersecurity profession struggles to retain women (figures range from 10 to 20 percent). It's particularly worrisome for an industry with a rapidly growing number of vacant positions.

So why does the shortage of women continue to be worse in security than in other IT sectors? How can men in infosec be better allies for women; and how can women be better allies for one another? What is the industry doing to fix the problem -- what's working, and what isn't?

Is this really a problem at all? Are the low numbers simply an indication that women do not want to be in cybersecurity, and is it possible that more women will never want to be in cybersecurity? How many women would we need to see in the industry to declare success?

Join Dark Reading senior editor Sara Peters and guests Angela Knox of Cloudmark, Barrett Sellers of Arbor Networks, Regina Wallace-Jones of Facebook, Steve Christey Coley of MITRE, and Chris Roosenraad of M3AAWG on Wednesday, July 13 at 1 p.m. Eastern Time to discuss all this and more.