Web browser flaw could put e-commerce security at risk

Web browser flaw.

Updated at 3:30 p.m. PST with Microsoft comment, at 1:50 p.m. PST with VeriSign comment, at 10 a.m. PST with comment from cryptography expert Paul Kocher, and at 9 a.m. PST to reflect that presentation has taken place and include comment from cryptography expert Bruce Schneier. BERLIN--A key piece of Internet technology that banks, e-commerce sites, and financial institutions rely on to keep transactions safe suffers from a serious security vulnerability, an international team of researchers announced on Tuesday. They demonstrated how to forge security certificates used by secure Web sites, a process that would allow a sufficiently sophisticated criminal to fool the built-in verification methods used by all modern Web browsers--without the user being alerted that anything was amiss. The problem is unlikely to affect most Internet users in the near future because taking advantage of the vulnerability requires discovering some techniques that are not expected to be made public as well as overcoming engineering hurdles: performing the initial digital forgery consumed approximately two weeks of computing time on a cluster of 200 PlayStation 3 consoles. In addition, a criminal needs to find a way to reroute traffic from a legitimate Web site to his own, perhaps through techniques that have become well-known in the last few years. Yet if one group can do it today, others eventually will. "We have a proof-of-concept that allows us to impersonate any supposedly secure Web site on the Internet," said David Molnar, a doctoral student in computer science at the University of California at Berkeley. Molnar and six other researchers presented their findings during an afternoon session of the Chaos Computer Club's annual conference here on Tuesday. Other team members include Jacob Appelbaum and Alexander Sotirov. Their work has focused on finding vulnerabilities in a technology known as Secure Sockets Layer, or SSL, which was designed to provide Internet users with two guarantees: first, that the Web site they're connecting to isn't being spoofed, and second, that the connection is encrypted and is proof against eavesdropping. SSL is used whenever a user navigates to an address beginning with "https://". SSL certificates essentially stand for the claim that, for instance, etrade.com actually belongs to E-Trade Inc., and is not being operated by a thief hoping to steal account passwords. Most browsers indicate that SSL is active by displaying a small padlock icon. An attack using a forged authentication certificate--which is what the researchers say they have done--is insidious because the browser can't detect it and the padlock icon would still appear. Talk announcement on the CCC schedule in Berlin. (Credit: Jonathan Stray) Unlike most security issues, this problem cannot be fixed with a simple software update. "The bug is not in anyone's software," Sotirov said. "It's not the browser that's at fault. The browser does exactly what it's supposed to do... The problem is that what it's supposed to do is wrong." The attack exploits a mathematical vulnerability in the MD5 algorithm, one of the standard cryptographic functions used to check that SSL certificates (and thus the corresponding Web sites) are valid. This function has been publicly known to be weak since 2004, but until now no one had figured out how to turn this theoretical weakness into a practical attack. An SSL certificate is a small file that ties a real-world corporate identity to a Web site address and a corresponding public encryption key. This is presented to a private certificate authority firm, which is supposed to verify the link between identity and domain name and then cryptographically "sign" the certificate to vouch for it. The problem arises when someone else is able to forge the same signature. VeriSign, which operates the largest certificate authority in the world, learned of the vulnerability early on Tuesday and acted quickly to close the hole in its certificates, according to Tim Callan, vice president of product marketing at the company. "We went into our systems and removed the MD5 algorith and replaced it with SHA-1 (Secure Hashing Algorith)," he said. "You can not get an SSL certificate from VeriSign now that is subject to this attack." More information from VeriSign is available on Callan's SSL blog. VeriSign was in the process of phasing out MD5 before the issue came up and is now on track to have it entirely out of commission in January, Callan said. "On balance, public key infrastructure works extraordinarily well," he said when asked if the vulnerability illustrated a need to change the trust model. Microsoft, while noting that the issue wasn't a vulnerability with one of its products, tried to downplay the threat to users in a security advisory Monday. "This new disclosure does not increase risk to customers significantly, as the researchers have not published the cryptographic background to the attack, and the attack is not repeatable without this information," the advisory said. A 1991-era protocol, but modern problems When MIT professor Ron Rivest developed MD5 in 1991, it was considered sufficiently secure. But starting in 1996, a series of increasingly serious flaws started calling the continued viability of MD5 into question. As CNET News reported in 2004, flaws discovered at that time "could eventually make it easier for intruders to insert undetectable back doors into computer code or to forge an electronic signature--unless a different, more secure algorithm is used." Then, in 2007, Arjen Lenstra of Bell Laboratories Switzerland, with Marc Stevens and Benne de Weger of TU Eindhoven, demonstrated a technique to construct two new certificates with different content but the same fingerprint. Although security researchers had been worrying, and recommending that other alternatives be considered, nobody had yet demonstrated how to exploit this theoretical flaw in a practical attack. The researchers who attacked SSL authentication. Left to right: David Molnar, Alexander Sotirov, Marc Stevens, Arjen Lenstra, Jacob Appelbaum. Not pictured: Benne de Weger and Dag Arne Osvik. (Credit: Jonathan Stray) Molnar, Appelbaum, and Sotirov joined forces with the European MD5 research team in mid-2008, along with Swiss cryptographer Dag Arne Osvik. They realized that the co-construction technique could be used to simultaneously generate one normal SSL certificate and one forged certificate, which could be used to sign and vouch for any other. They purchased a signature for the legitimate certificate from an established company that was still using MD5 for signing, and then applied the legitimate signature to the forged certificate. Because the legitimate and forged certificates had the same MD5 value, the legitimate signature also marked the forged one as acceptable. The process amounted to transferring a photograph from a real ID to a fake by carefully matching the holographic security markers. The rogue certificate can then be used to sign any other certificate of the attacker's choosing--such as one which assures Web browsers that a malicious phishing site is actually the legitimate etrade.com or bankofamerica.com. After three unsuccessful attempts, each of which required approximately three days of compute time on a cluster of 200 PlayStation 3s, the researchers obtained a forged certificate authority in early November, at which time they notified browser developers and certificate authorities, or CAs, about the security flaw. Molnar estimates that the same processing time could be purchased from Amazon for about $1,500. The team decided to disclose the vulnerability at the Berlin conference in hopes that the news will encourage everyone involved to fix the problem quickly. "The main message here is to stop issuing MD5 certificates, now," said Molnar. He believes that MD5 is so weak it no longer should be used for any applications: "More secure, freely available alternatives exist." (In November 2005, the U.S. government announced plans to find successors to MD5 and SHA-1, an official federal standard with its own problems. The new federal standard will be called SHA-3.) By itself, the MD5-certificate-forging vulnerability wouldn't be too worrisome. That's because it relies on criminals being able to capture Web traffic to display a fraudulent Web site. But setting up a fake wireless access point to lure unsuspecting neighbors or business travelers is trivial, and a program released earlier this year to attack the domain name system (DNS) provides another way to direct Internet traffic for malicious purposes. While only a few CAs currently sign certificates with MD5, Appelbaum estimates that 30 percent to 35 percent of all SSL certificates currently in use have an MD5 signature somewhere in their authentication chain. "The CAs should contact every customer that currently uses an MD5-signed certificate and offer a free replacement." In an interview on Tuesday morning, cryptography expert Bruce Schneier praised the research but downplayed the real-world consequences of the findings. "SSL protects data in transit but the problem isn't eavesdropping on the transmission. Someone can steal the credit card on some server somewhere. The real risk is data in storage. SSL protects against the wrong problem," he said. "This is good work, great cryptography. I love the research, but this doesn't matter a whit," Schneier added. "There are half a dozen ways to forge certificates and nobody checks them anyway." Paul Kocher, president of Cryptography Research and an architect of the SSL 3.0 protocol, said the exploit highlights the need for a new universal hash function "that everyone is comfortable with." "The paper is not a surprise, but at the same time it's the crispest demonstration for why it's necessary to remove this broken algorithm everywhere it is being used," he said, before adding "there are bigger things to worry about, like browser bugs and operating security bugs." The researchers have created a Web site signed with a forged certificate which can be viewed here. The forged certificate was backdated so that it could not be used maliciously even if stolen from researchers, so you have to reset your system clock to August 2004 to view it. Even though their work may be controversial, the researchers view their efforts as fundamental to creating a more secure Internet. "I don't want to be hit by this type of attack either," Sotirov said. "I use the Internet too."

Leave a Reply

You must login to post a comment.







































































































































discount auto insurance
compare auto insurance
florida auto insurance
direct auto insurance
the general auto insurance
auto insurance comparison
massachusetts auto insurance
auto insurance canada
commercial auto insurance
nj auto insurance
affordable auto insurance
auto insurance specialist
cheapest auto insurance
best auto insurance
auto insurance ontario
mexican auto insurance
new jersey auto insurance
hartford auto insurance
auto insurance leads
auto liability insurance
high risk auto insurance
ma auto insurance
erie auto insurance
michigan auto insurance
compare auto insurance rates
auto insurance company ratings
compare auto insurance quotes
business auto insurance
maryland auto insurance
wawanesa auto insurance
buy auto insurance online
auto insurance estimate
mass auto insurance
alberta auto insurance
massachusetts auto insurance companies
military auto insurance
georgia auto insurance
canadian auto insurance
antique auto insurance
auto insurance toronto
colorado auto insurance
classic auto insurance
ais auto insurance
rbc auto insurance
auto insurance quotes canada
best auto insurance companies
auto insurance quotes ontario
auto insurance quotes for massachusetts
auto insurance laws
auto insurance calculator
low auto insurance
types of auto insurance
cure auto insurance
full coverage auto insurance
inexpensive auto insurance
ing auto insurance
calgary auto insurance
encompass auto insurance
american auto insurance
hawaii auto insurance
sr22 auto insurance
auto insurance providers
farm bureau auto insurance
utah auto insurance
louisiana auto insurance
auto gap insurance
td home and auto insurance
dui auto insurance
low rate auto insurance
auto insurance quote comparison
auto direct car insurance
commercial auto insurance quotes
fl auto insurance
lowest auto insurance
delaware auto insurance
international auto insurance
usa auto insurance
top auto insurance companies
get auto insurance quote
oklahoma auto insurance
bc auto insurance
kentucky auto insurance
auto insurance america
phoenix auto insurance
florida auto insurance companies
canadian auto insurance quotes
nj auto insurance quote
south carolina auto insurance
auto insurance terms
countrywide auto insurance
safeway auto insurance
temporary auto insurance
auto dealer insurance
md auto insurance
lowest auto insurance rates
american family auto insurance
auto club insurance
metropolitan auto insurance
shop auto insurance
auto insurance san antonio
alaska auto insurance
quick auto insurance quote
national auto insurance
mn auto insurance
commerce auto insurance
consumer reports auto insurance
direct general auto insurance
non owner auto insurance
multiple auto insurance quotes
no credit check auto insurance
quebec auto insurance
viking auto insurance
auto rental insurance
boston auto insurance
auto insurance companies in canada
massachusetts auto insurance rates
student auto insurance
desjardins auto insurance
auto insurance seattle
henrys auto insurance
workmens auto insurance
denver auto insurance
no down payment auto insurance
group auto insurance
auto insurance companies in ontario
ifa auto insurance
top auto insurance
texas auto insurance companies
21st auto insurance
nj cure auto insurance
grange auto insurance
presidents choice auto insurance
lincoln auto insurance
insurance auto salvage
auto insurance ri
list of auto insurance
new jersey auto insurance quotes
alberta auto insurance quote
selective auto insurance
bristol west auto insurance
miami auto insurance
auto california insurance southern
auto insurance rankings
auto insurance tampa
auto insurance montreal
washington dc auto insurance
eagle auto insurance
auto and home owner insurance
short term auto insurance
florida no fault auto insurance
west coast auto insurance
senate auto insurance
cheapest auto insurance quote
california low cost auto insurance
texas auto insurance laws
insurance auto insurance
auto and general insurance south africa
auto insurance carriers
fred loya auto insurance
auto insurance ottawa
village auto insurance
santa fe auto insurance
auto insurance in jacksonville florida
washington state auto insurance
workmans auto insurance
cash register auto insurance
auto insurance quotes toronto
insurance auto auctions inc
insurance salvage auto auction
citizens auto insurance
auto insurance definitions
vision auto insurance
average auto insurance
auto and general insurance company ltd
ge auto insurance
auto insurance houston texas
auto insurance ontario canada
florida auto insurance laws
average cost of auto insurance
auto and general insurance company limit
michigan auto insurance quote
chubb auto insurance
auto insurance company rankings
maryland auto insurance fund
auto and renters insurance
21 auto insurance
small business auto insurance
grundy auto insurance
ma auto insurance quotes
auto car insurance rental
haggerty auto insurance
florida auto insurance rates
brooke auto insurance
canadian auto insurance companies
auto insurance india
auto club insurance association
auto insurance san francisco
century auto insurance
auto insurance search
average auto insurance rates
auto insurance tx
auto and general insurance company
auto insurance orlando
auto insurance company online
home and auto insurance companies
auto insurance codes
auto insurance for new drivers
auto club of southern california insuran
cibc auto insurance
compare auto insurance prices
cheaper auto insurance
auto insurance price quotes
auto insurance license
auto insurance basics
texas auto liability insurance
auto insurance austin texas
toronto auto insurance broker
comprehensive auto insurance definition
standard auto insurance
low income auto insurance
ontario auto insurance rates
auto insurance forms
lowest auto insurance quotes
auto insurance companies in toronto
compare auto insurance companies
get auto insurance
teachers auto insurance
auto insurance rates canada
fleet auto insurance
pemco auto insurance
auto insurance online ontario quote
auto insurance quotation
auto insurance complaints
california auto insurance minimum covera
teachers auto insurance company of new j
auto insurance statistics
overseas auto insurance
massachusetts auto insurance discounts
hagerty auto insurance
military discount auto insurance
auto insurance tucson
auto insurance for young drivers
cost u less auto insurance
nyc auto insurance
auto insurance austin tx
insurance auto sales
colorado auto insurance quotes
nc auto insurance quotes
country auto insurance
auto insurance guide
premier auto insurance
auto insurance in houston tx
commercial auto insurance nj
auto warranty insurance
manitoba auto insurance
ma auto insurance rates
indianapolis auto insurance
top rated auto insurance companies
cheapest auto insurance rates
auto insurance facts
arizona auto insurance company
ais auto insurance specialist
hanover auto insurance
auto insurance marketing
auto insurance services
auto insurance plans
all auto insurance
survival auto insurance
auto insurance in germany
cooperators auto insurance
homeowner auto insurance quote
nbi auto insurance
bad credit auto insurance
statewide auto insurance
permanent general auto insurance
yale auto insurance
safety auto insurance
auto insurance express
best price auto insurance
response worldwide direct auto insurance
auto insurance kansas city
cheapest auto insurance company
affirmative auto insurance
bc auto insurance quote
sell auto insurance
i need auto insurance
monthly auto insurance
tn auto insurance
auto insurance terminology
veterans auto insurance
pip auto insurance
auto insurance affiliate
top rated auto insurance
erie auto insurance quote
get auto insurance online
direct auto insurance company
agi auto insurance
best rated auto insurance companies
new brunswick auto insurance
low price auto insurance
senior auto insurance
family auto insurance
auto insurance st louis
ohio auto insurance companies
cheapest auto insurance in nj
auto insurance albuquerque
amco auto insurance
royal bank auto insurance
ontario auto insurance broker
ussa auto insurance
low down payment auto insurance
nevada auto insurance quotes
new york state auto insurance
auto theft insurance
auto insurance symbols
dc auto insurance
texas low cost auto insurance
no money down auto insurance
online auto insurance canada
quick auto insurance
michigan auto insurance companies
local auto insurance
auto insurance oklahoma city
low auto insurance quotes
auto liability insurance quotes
advantage auto insurance
action auto insurance
electric auto insurance
santa fe auto insurance company
country companies auto insurance
auto insurance dallas tx
sentinel auto insurance
horace mann auto insurance
auto glass insurance
auto insurance bond
auto insurance dallas texas
auto insurance for high risk drivers
risk auto insurance
palisades auto insurance
california minimum auto insurance requir
auto discount insurance texas
competitive auto insurance
lower auto insurance
sample auto insurance card
abc auto insurance
auto insurance louisville
cheapest auto insurance in california
best auto and home insurance
auto loan insurance
protective auto insurance
auto insurance company codes
nashville auto insurance
auto insurance pittsburgh
new york auto insurance companies
georgia auto insurance laws
maif auto insurance
largest auto insurance companies
ohio auto insurance laws
specialty auto insurance
auto insurance omaha
auto insurance phone numbers
wi auto insurance
illinois auto insurance company
utah auto insurance quote
auto insurance for teenage drivers
mass auto insurance rates
high risk auto insurance ontario
auto insurance claim adjuster
first acceptance auto insurance
good auto insurance
becoming an auto insurance agent
auto insurance deals
commercial auto insurance companies
richmond auto insurance
maryland auto insurance companies
cheapest auto insurance in florida
auto insurance baltimore
auto and home insurance rate
new york city auto insurance
maryland auto insurance quote
auto insurance cancellation letter
auto insurance appraisal
massachusetts auto insurance laws
shelter auto insurance
nj auto insurance rate
baja auto insurance
south coast auto insurance
ny auto insurance companies
access american auto insurance
auto insurance portland oregon
cleveland auto insurance
auto insurance raleigh
20th century auto insurance
td canada trust auto insurance
fort worth auto insurance
types of auto insurance coverage
automobile club of southern california a
auto insurance limits
auto extended warranty insurance
auto motorcycle insurance
cotton states auto insurance
georgia auto insurance quote
easy auto insurance
canadian direct auto insurance
wisconsin auto insurance laws
auto insurance lapse
minimum amount of auto insurance in cali
california assigned risk auto insurance
auto insurance glossary
cheapest auto insurance in canada
arbella auto insurance
compare car insurance
cheapest car insurance
car insurance companies
car insurance groups
car insurance comparison
car insurance uk
classic car insurance
car insurance for young drivers
car insurance for women
budget car insurance
short term car insurance
car insurance broker
temporary car insurance
florida car insurance
rental car insurance
car insurance ireland
cheaper car insurance
best car insurance
direct car insurance
one day car insurance
student car insurance
swift car insurance
car insurance supermarket
import car insurance
car insurance for new drivers
car insurance estimate
comprehensive car insurance
performance car insurance
quinn car insurance
modified car insurance
multi car insurance
no deposit car insurance
ladies car insurance
compare car insurance quotes
car insurance canada
car insurance australia
business car insurance
motor car insurance
commercial car insurance
car hire insurance
car insurance northern ireland
car breakdown insurance
car insurance calculator
collector car insurance
sports car insurance
nj car insurance
car insurance costs
car insurance for learner drivers
car insurance ontario
car insurance for teenagers
massachusetts car insurance
hastings car insurance
young persons car insurance
cheapest car insurance uk
quick car insurance quote
the general car insurance
instant car insurance quote
monthly car insurance
car insurance search
pay as you go car insurance
1 day car insurance
car insurance for 17 year olds
liability car insurance
bmw car insurance
car insurance for young people
norwich car insurance
young car insurance
car and home insurance
coop car insurance
cheapest car insurance quote
antique car insurance
car insurance company uk
gap car insurance
high performance car insurance
car hire excess insurance
compare car insurance rates
third party car insurance
swiftcover car insurance
car insurance quote canada
car insurance for girl
daily car insurance
one month car insurance
car insurance under 25
compare car insurance prices
nfu car insurance
ma car insurance
ing car insurance
multiple car insurance
car insurance toronto