Slashdot Mirror

← Back to Stories (view on slashdot.org)

IE and Konqueror Bug Makes SSL Insecure

Posted by CmdrTaco on from the well-doesn't-that-suck dept.

Spad writes "The Register reports that IE and Konqueror both have a bug that allows anyone with a legit Verisign SSL certificate to issue a 'legit' certificate for a 3rd party site. IE and Konqueror don't both to check the issuer of this intermediate cert making SSL in both browsers something of a joke". Update by Hetz: if you're using KDE from CVS, the fix is inside or you can wait to next week for KDE 3.0.3 (which will have more fixes for KDE 3.0). Thanks to Waldo bastian for the blazing fast fix (95 minutes since it was reported).

26 of 443 comments (clear)

  1. Heh by kraf · · Score: 3, Insightful

    Has Slashdot become the comment board for The Reg articles ?

  2. SSL is insecure? by dave-fu · · Score: 1, Insightful

    Funny, I'd say the implementations are flawed and they're insecure. If the adhered to the RFC as it was written (rather than glossing over one little step), millions of users wouldn't be in a bind here.
    That said, calling SSL insecure is about as sane as calling email insecure because flawed implementations are plagued with problems or http insecure because some web servers choke on archaic flags and such.
    The moral of the story? Read your RFCs and then re-read them with a friend or two to make sure you read them right the first time.

    --
    Easy does it!
    This comment has been submitted already, 276865 hours , 59 minutes ago. No need to try again.
    1. Re:SSL is insecure? by kasparov · · Score: 5, Insightful

      Since the title of the article is "IE and Konqueror bug makes SSL Insecure" and the article body says "IE and Konqueror don't both to check [sic] the issuer of this intermediate cert making SSL in both browsers something of a joke," then I would venture to say that they were not calling SSL in itself insecure. Let's try not to be nit-picky for the sake of being nit-picky.

      --
      There's no place I can be, since I found Serenity.
    2. Re:SSL is insecure? by Valar · · Score: 2, Insightful

      Ask yourself, how is that insightful? The author clearly intended that the SSL functionality in the browsers is a joke. Not SSL itself. In fact, it says that both in the story and the comment. Do not be tempted onto the moderation bandwagon!

      --

      ====
      Crudely Drawn Games
  3. Start Timing... by Vengie · · Score: 3, Insightful

    Before the M$ vs Everyone war starts...how about we have a fair and simple timing contest.....where does this get fixed first? ;)

    --
    When in doubt, parenthesize. At the very least it will let some poor schmuck bounce on the % key in vi. (Larry Wall)
  4. So? by dasmegabyte · · Score: 5, Insightful

    The certificate issuer is not exactly a secure concept anyway. The whole idea of "trusted providers" being a list of folks engineered by the browser's authors is just asking for trouble. Any of those companies can "go rogue" and start issuing free certs to anybody who asks, which one of them did a while back (then they succombed to the pressures and revoked all the rights, which was pretty crummy).

    Besides, the contracts of all cert providers totally absolves them from any crime or misuse of data undertaken by their issued members. Which is a strange definition of "trust"...that it can only be placed in an unknown third party who has no control nor responsibility over the site you're connecting to, and neither has any liability should your data wind up in the hands of ne'erdowells.

    Which is why I self sign everything. Since it all boils down to whether or not you trust me, why should I spend $150 trying to trick you into thinking I've passed some rigorous test for "trust". All that matters is that the data users send me is encrypted, which it is. That $150 cuts into my already wafer thin margins, and it cuts even more when you think I'll have to get a different sert for each of my subdomains.

    Which is where this bug is actually beneficial. It allows you to get signed once for all your domain names. No more paying exorbitant sums for the paltry 10,000 cycles of processor time it takes to generate a certificate, you can get www.yourdomain as well as yourdomain, yourmisspelleddomain, secure.yourdoman and mail.yourdomain certified for the price of one. Just sign the main site...and use the money to buy an escrow insurance policy.

    --
    Hey freaks: now you're ju
    1. Re:So? by mlong · · Score: 5, Insightful
      Which is why I self sign everything. Since it all boils down to whether or not you trust me, why should I spend $150 trying to trick you into thinking I've passed some rigorous test for "trust". All that matters is that the data users send me is encrypted, which it is. That $150 cuts into my already wafer thin margins, and it cuts even more when you think I'll have to get a different sert for each of my subdomains.

      Unfortunately most clients/browsers seem to go out of their way to discourage self-signed certificates with error messages that sound like "This certificate was self-signed. We don't know who the hell this person is. They could be a terrorist wanting to destroy your computer. If you click YES then they could format your harddrive and steal your credit card. By the way, even if you click YES we'll keep asking you everytime you visit this site unless they shell out some $ to Verisign or Thawte"

      --
      //m
    2. Re:So? by Anonymous Coward · · Score: 1, Insightful

      >Which is why I self sign everything.

      Cool. So how do the end users tell the difference between your self signed certificate and the one I create to look exactly like it?

  5. Re:Security. by Anonymous Coward · · Score: 1, Insightful

    I know.. At least those dirty GNU hippies got it right.

    What? You say konqueror's affected?

  6. Incident response? Let the race begin! by simpleguy · · Score: 2, Insightful

    Lets see how fast the KDE team fixes their software and how fast the Microsoft team fixes theirs. If its not already done that is.

    1. Re:Incident response? Let the race begin! by Anonymous Coward · · Score: 1, Insightful

      "It's not 'fixed' until the 'fix' has been regression tested and it's known it doesn't introduce additional bugs. Oh, that's right.... that means almost no Free Software is ever fixed"

      Amend that. Should be 'no software is ever fixed'

    2. Re:Incident response? Let the race begin! by Anonymous Coward · · Score: 1, Insightful

      But will the KDE team have regression tested their fix?

      The real question is will Microsoft regression test their patch? Ask any Exchange or IIS admin about their wonderful patch testing system.

      What are you paying Microsoft for again? Do you even know?

  7. Re:The Joke had already been made... by sphealey · · Score: 3, Insightful
    the problem is the client. If you have a private key and a browser comes up with an erroneous key, what is stopping someone from doing a mim attack on you because the client can't tell the difference between a faked key and the one that he has to push yes to upon entering the damn site?
    Have you ever known anyone (except perhaps Bruce Sterling) to visit a site to get a download or submit an order, get a "certificate not known" message, and do anything except click "Proceed"? Joe and Jane sysadmin, much less Richard and Sally end user, have no idea how certificates work and what answers should be given to what dialogue.

    Totally broken protocol from the end users' perspective.

    sPh

  8. Re:Spoof? by roca · · Score: 3, Insightful

    > Man-in-the-middle attacks are very complex and
    > not likely to be pulled off "in the wild".

    No. MITM attacks are very easy to pull off with the right tools. You can easily take control of any TCP connection made by any other machine on the same Ethernet. Even if the network is fully switched you can use ARP poisoning to get around that.

    Of course, if you manage to take control of a DNS server then you can easily do MITM attacks against many machines. Heck, do you trust the employees of your ISP with your banking information?

  9. Re:Check the SecurityFocus thread about this here by MSG · · Score: 5, Insightful

    Yes, it is totally browser related. The post that you refer to says that MS doesn't plan on fixing it, but not that it isn't their problem. The problem lies in their PKI implimentation, and regardless of their public face's claims of focus on security and trustworthy computing, they're continuing their old habits of not fixing problems until their customers force them to.

  10. Certificates aren't very effective to begin with by defile · · Score: 4, Insightful

    Signed certificates simply state that Verisign trusts the company is who it says it is. That's about it. Signed certificates do not define whether your communications are encrypted or cleartext.

    Signed certificates cannot prove that:

    • The company you're purchasing from is trustworthy
    • The certificate wasn't stolen
    • Verisign wasn't tricked into signing the certificate (which has happened)
    • An attacker hasn't redirected your connection to some other site from the backend (think PHP fopen())

    Many companies don't bother with having their certificates signed. It's pricey, an administrative burden, and doesn't really increase security. I'm annoyed that browsers have been swept into warning you if the site you're visiting doesn't support Verisign's cash flow.

  11. It hardly makes SSL a "joke" by ergo98 · · Score: 2, Insightful

    About 99.999%+ of the primary uses of SSL/TLS out there are for transport encryption, not for site authentity verification, and this does nothing to reduce the security of the transport encryption.

    Indeed, the site authentity thing is the way Verisign and friends get away with charging ridiculous amounts to spin off a key pair. I'm not saying that it's a useless service (it is nice to know that I'm talking with my bank versus the incredibly remote scenario that someone hijacked their domain), however that feature is pretty low on most people's importance list.

    1. Re:It hardly makes SSL a "joke" by ergo98 · · Score: 2, Insightful

      I realize that you intended to reply to me so I'm replying here.

      I completely agree that within the artificial environment of a corporation (or of a "OH MY GOD!" scenario setup), one can very easily redirect DNS (indeed, the whole idea of a proxy is by design a man-in-the-middle), however the people in charge in that case are equally capable of installing keystroke loggers/trojans on every workstation anyways. No one should consider anything typed on a computer you don't own to be safe, and I certainly wouldn't consider the authentication feature of SSL as my security blanket.

      My point was that one can bring up countless, fanciful, worst case scenarios: People talk about viruses that rewrite your host file, as if SSL authentication would somehow protect against that: Such a virus/trojan could just as easily add their own trusted root certificates to your machine, or as previously mentioned they could just stick on a key logger and be done with it (why bother emulating a whole site or acting as a man in the middle when you already ownz the machine?)

  12. Re:Spoof? by MikeBenham · · Score: 5, Insightful

    A lot of people have been saying that, so I wrote a tool (sslsniff) to demonstrate the problem in a more "real-world" setting. It performs undetected hijacking/sniffing of IE SSL sessions, even on a switched network. sslsniff: http://www.thoughtcrime.org/ie.html

  13. Re:Heres a fix for IE.... by MikeBenham · · Score: 2, Insightful

    That doesn't fix the problem. You're not testing it correctly, contact me offline if you want to do some actual testing.

  14. Overall Impact by photon317 · · Score: 4, Insightful


    Please beware that the overall impact of this problem is relatively minimal. The sky isn't falling. What this allows is a man-in-the-middle attack without the usual telltale browser confirmation box that one sees when using an unsigned certificate. The attacker still has to get on the network between you and the website and essentially transparent-proxy your connection through a rogue ssl proxy to make this all work. For the most part people with this level of network access for wide numbers of people are not so devious as to actually do this for profit.

    On another note - if they did a traditional man-in-the-middle SSL attack, it might be very hard to track down who did it, but it would be very easy to tell it was being done (because you'd get a browser warning about the certificate not being vaild for this site and/or signed properly). With this new approach, you get no browser warning, but it's presumably easy to track down the culprit, since the certificate signing chain will include a legitimate cert issued to the attacker that can be queried at Verisign or whoever they used - unless they steal a cert from someone else.

    --
    11*43+456^2
  15. This is truely wonderful - if lessons are learned. by Observer · · Score: 3, Insightful

    Assuming the sources cited are accurate, we now have two independent misimplementations of SSL certificate handling, indicating that two purveyors of software that is entrusted with providing a secure (ie, private and authenticated) communications channel have screwed up in a way that suggests they did not understand properly what they were doing.

    Rather puts buffer overflows into the shade, doesn't it?

    As the late Professor Doctor Edsgar W. Dijkstra commented: "If you don't know what your program is supposed to do, you'd better not start writing it." RIP, a great man.

  16. Re:testing Moz 0.9.4 doesn't qualify as a test by jslag · · Score: 4, Insightful
    I see; and testing IE5 and IE5.5 is different how?


    Because, dear troll, Microsoft alleged at their respective release times that IE5 and 5.5 were 'release quality' software, while moz made it clear that 0.9.4 was still undergoing development.

  17. You don't get it by pclminion · · Score: 3, Insightful
    Sure, it boils down to whether or not I can trust you. But how do I know that your signature is *your* signature?

    By consulting with a mutually trusted third party, of course. A similar concept as that of a notary public. (I said similar, not identical).

    Trust centers such as Verisign make it a little simpler to verify identity: I don't have to personally check you out myself -- I accept Verisign's "voucher" that you are who you say you are, and therefore I offload my research responsibilities onto Verisign.

    This is not a perfect system for many reasons. But you can't HAVE a perfect secure system. I think this system is about the best we have for now.

  18. Win2kSP3 by Anonymous Coward · · Score: 1, Insightful

    Funny that this comes out just over a week after Win2kSP3 is released....

  19. Re:Well I see /. says a "fix" is available now... by Anonymous Coward · · Score: 1, Insightful
    The funny part is that its in CVS and that means about 0.00001 % of all KDE users are going to upgrade to it before there is an official release. Somebody please point out the easy to install hotfix binary so I dont have to redownload and recompile the entire KDE suite.


    First it has to be programmed, you are inside the whole fixing process, maybe this is new to you.

    The fix is programmed now, this means that for example Red Hat must now release a security fix for its users, the users could get the fix using the normal update feature of there distribution.