Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

02:55 PM
Connect Directly

SSL Crisis Averted -- For Now

VeriSign quickly fixes vulnerable SSL digital certificates at risk of newly revealed hack, but experts say there's no way to know for sure if phony certificates exist from previous attacks

It took VeriSign only four hours to close a hole that had left customers of some of its digital certificates vulnerable to a new attack revealed by researchers just before the new year. White-hat hackers exploited a known weakness in the algorithm in some digital certificates that allowed them to impersonate secure Websites.

While the attack was considered deadly due to its transparency and ability to mimic a secure Website, the good news is that it was isolated to only a minority of digital certificates that use the older and less secure MD5 algorithm. According to Netcraft, about 15 percent of all digital certificates in December were signed with MD5.

The researchers demonstrated at the 25th Chaos Communication Congress in Berlin last week how they were able to purchase a legitimate certificate from RapidSSL, which is part of VeriSign, and then forge a phony trusted certificate authority.

In response, VeriSign moved its planned transition from MD5 to the more secure SHA-1 algorithm for its RapidSSL products up a month, from the end of January to last week. Tim Callan, vice president of product marketing with VeriSign, says the company is still in the process of phasing out MD5 in some three or four other types of digital certificates, including a few used in Japan, but these are not vulnerable to the attack exposed in Berlin.

"The MD5 hashing algorithm is still in use on a small subset of products we offer, and that is in the process of being phased out," Callan says.

End of (threat) story? Not exactly. Although researcher Alexander Sotirov admits it's unlikely the attack has been performed before, he and other researchers say there's still no way to know for sure: "Even though it's unlikely, the theory behind our attack has been published since 2007, and it is possible that somebody else has been able to implement it. In this case, any one of the certificates issued by RapidSSL since 2007 could have been malicious, but there is no way to detect which one," he says.

"What is an issue is the possibility that somebody has already done such an attack in the past. If they want to fully mitigate this risk, VeriSign needs to replace all previously issued certificates with new ones and then remove the old RapidSSL root certificate from the list of CAs trusted by the browsers."

VeriSign's Callan also says it's unlikely anyone could have executed such an attack, and that the researchers behind the hack are a top-notch team that had the expertise and resources to do so. Although signing RapidSSL's certs with SHA-1 now guards users from the attack, VeriSign cryptographers, meanwhile, are also researching whether there's a marker that could help detect any "living" certificates that could have been out there long before last week's publicized hack. "We are looking into it and seeing if there's a marker to determine if these [malicious] certificates are existing. I don't know if we will find [the marker]," Callan says.

The team of U.S. and European researchers was able to execute nearly undetectable phishing attacks by cracking the MD5 encryption algorithm with a cluster of more than 200 PlayStation 3s that exploited MD5's "collision" weakness. That cleared the way for their creation of a forged CA and X.509 digital certificates.

RapidSSL's certificates were especially vulnerable because they use an automatic system that provides predicable serial numbers. Callan says VeriSign plans to get rid of the predictable serial-number approach altogether in RapidSSL certificates.

VeriSign says the worst of the threat is over now that RapidSSL is SHA-1. But there's still more work to do. "Clean-up needs to take place, and we're prioritizing that. We're in the process of getting rid of MD5 [altogether]," Callan says.

But so far, browser vendors haven't yet removed RapidSSL from their lists of trusted CAs, notes Sotirov. "The browsers don't want to do this because it will break many innocent Websites on the Internet. But without the threat of being removed from the browsers and losing business, the commercial CA companies won't have any financial incentive to make security a higher priority," he says. "My prediction is that unless the browser vendors take a more proactive stance against misbehaving CAs, we'll see many other cases of CAs' putting Internet users at risk in the future."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Virginia a Hot Spot For Cybersecurity Jobs
Jai Vijayan, Contributing Writer,  10/9/2019
How to Think Like a Hacker
Dr. Giovanni Vigna, Chief Technology Officer at Lastline,  10/10/2019
7 SMB Security Tips That Will Keep Your Company Safe
Steve Zurier, Contributing Writer,  10/11/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-10-16
A cross-site scripting (XSS) vulnerability in admin/translate/translateheader_view.php in LimeSurvey 3.19.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the tolang parameter, as demonstrated by the index.php/admin/translate/sa/index/surveyid/336819/lang/ PATH_INFO.
PUBLISHED: 2019-10-16
Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input...
PUBLISHED: 2019-10-16
The broken-link-checker plugin through 1.11.8 for WordPress (aka Broken Link Checker) is susceptible to Reflected XSS due to improper encoding and insertion of an HTTP GET parameter into HTML. The filter function on the page listing all detected broken links can be exploited by providing an XSS payl...
PUBLISHED: 2019-10-16
The eu-cookie-law plugin through 3.0.6 for WordPress (aka EU Cookie Law (GDPR)) is susceptible to Stored XSS due to improper encoding of several configuration options in the admin area and the displayed cookie consent message. This affects Font Color, Background Color, and the Disable Cookie text. A...
PUBLISHED: 2019-10-16
The events-manager plugin through 5.9.5 for WordPress (aka Events Manager) is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute map_style of shortcodes (locations_map and events_map) provided by the plugin.