Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

02:55 PM
Connect Directly

SSL Crisis Averted -- For Now

VeriSign quickly fixes vulnerable SSL digital certificates at risk of newly revealed hack, but experts say there's no way to know for sure if phony certificates exist from previous attacks

It took VeriSign only four hours to close a hole that had left customers of some of its digital certificates vulnerable to a new attack revealed by researchers just before the new year. White-hat hackers exploited a known weakness in the algorithm in some digital certificates that allowed them to impersonate secure Websites.

While the attack was considered deadly due to its transparency and ability to mimic a secure Website, the good news is that it was isolated to only a minority of digital certificates that use the older and less secure MD5 algorithm. According to Netcraft, about 15 percent of all digital certificates in December were signed with MD5.

The researchers demonstrated at the 25th Chaos Communication Congress in Berlin last week how they were able to purchase a legitimate certificate from RapidSSL, which is part of VeriSign, and then forge a phony trusted certificate authority.

In response, VeriSign moved its planned transition from MD5 to the more secure SHA-1 algorithm for its RapidSSL products up a month, from the end of January to last week. Tim Callan, vice president of product marketing with VeriSign, says the company is still in the process of phasing out MD5 in some three or four other types of digital certificates, including a few used in Japan, but these are not vulnerable to the attack exposed in Berlin.

"The MD5 hashing algorithm is still in use on a small subset of products we offer, and that is in the process of being phased out," Callan says.

End of (threat) story? Not exactly. Although researcher Alexander Sotirov admits it's unlikely the attack has been performed before, he and other researchers say there's still no way to know for sure: "Even though it's unlikely, the theory behind our attack has been published since 2007, and it is possible that somebody else has been able to implement it. In this case, any one of the certificates issued by RapidSSL since 2007 could have been malicious, but there is no way to detect which one," he says.

"What is an issue is the possibility that somebody has already done such an attack in the past. If they want to fully mitigate this risk, VeriSign needs to replace all previously issued certificates with new ones and then remove the old RapidSSL root certificate from the list of CAs trusted by the browsers."

VeriSign's Callan also says it's unlikely anyone could have executed such an attack, and that the researchers behind the hack are a top-notch team that had the expertise and resources to do so. Although signing RapidSSL's certs with SHA-1 now guards users from the attack, VeriSign cryptographers, meanwhile, are also researching whether there's a marker that could help detect any "living" certificates that could have been out there long before last week's publicized hack. "We are looking into it and seeing if there's a marker to determine if these [malicious] certificates are existing. I don't know if we will find [the marker]," Callan says.

The team of U.S. and European researchers was able to execute nearly undetectable phishing attacks by cracking the MD5 encryption algorithm with a cluster of more than 200 PlayStation 3s that exploited MD5's "collision" weakness. That cleared the way for their creation of a forged CA and X.509 digital certificates.

RapidSSL's certificates were especially vulnerable because they use an automatic system that provides predicable serial numbers. Callan says VeriSign plans to get rid of the predictable serial-number approach altogether in RapidSSL certificates.

VeriSign says the worst of the threat is over now that RapidSSL is SHA-1. But there's still more work to do. "Clean-up needs to take place, and we're prioritizing that. We're in the process of getting rid of MD5 [altogether]," Callan says.

But so far, browser vendors haven't yet removed RapidSSL from their lists of trusted CAs, notes Sotirov. "The browsers don't want to do this because it will break many innocent Websites on the Internet. But without the threat of being removed from the browsers and losing business, the commercial CA companies won't have any financial incentive to make security a higher priority," he says. "My prediction is that unless the browser vendors take a more proactive stance against misbehaving CAs, we'll see many other cases of CAs' putting Internet users at risk in the future."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "He's too shy to invite me out face to face!"
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-09-21
An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.
PUBLISHED: 2019-09-21
The Traveloka application 3.14.0 for Android exports com.traveloka.android.activity.common.WebViewActivity, leading to file disclosure and XSS.
PUBLISHED: 2019-09-21
An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF.
PUBLISHED: 2019-09-21
admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant denial of service by adding a superseding route.
PUBLISHED: 2019-09-21
Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion.