Slashdot Mirror

← Back to Stories (view on slashdot.org)

Null Character Hack Allows SSL Spoofing

Posted by timothy on from the cannot-anticipate-all-evil dept.

eldavojohn writes "Two researchers, Dan Kaminsky and Moxie Marlinspike, came up with exact same way to fake being a popular website with authentication from a certificate authority. Wired has the details: 'When an attacker who owns his own domain — badguy.com — requests a certificate from the CA, the CA, using contact information from Whois records, sends him an email asking to confirm his ownership of the site. But an attacker can also request a certificate for a subdomain of his site, such as Paypal.com\0.badguy.com, using the null character \0 in the URL. The CA will issue the certificate for a domain like PayPal.com\0.badguy.com because the hacker legitimately owns the root domain badguy.com. Then, due to a flaw found in the way SSL is implemented in many browsers, Firefox and others theoretically can be fooled into reading his certificate as if it were one that came from the authentic PayPal site. Basically when these vulnerable browsers check the domain name contained in the attacker's certificate, they stop reading any characters that follow the "\0 in the name.'"

7 of 280 comments (clear)

  1. Re:Are CA's that stupid? by Onymous+Coward · · Score: 3, Informative

    \0 isn't a legal character in DNS protocol

    Say, that's a pretty good idea. Start by limiting the input to DNS-valid characters.

    Geez.

    For anyone who thinks "Well, I guess there might be some bad CAs out there," please keep in mind that it only requires one of the CAs (or their delegates) that your browser recognizes to make a mistake and you're hosed. Now go look at how many CAs are listed in your browser.

    Damnit, it's time to flog this again:

    Every time this topic comes around I feel like I should share this thing I've run across:
      Perspectives.

    Basically, "network notaries". Decentralization of (a kind of) authentication.

    This is one thing that makes self-signed certs viable for a popular audience.

  2. Re:If we were using pascal strings... by QuoteMstr · · Score: 5, Informative

    It's actually rather amusing that people here proclaim Pascal-style strings as the solution to all our woes.

    It's because certificates use ASN.1, essentially a modern-day Pascal string, that these vulnerabilities are possible. If certificates instead were encoded using C-style strings, NULLs wouldn't be an issue.

  3. Re:And we trust CAs *why* again? by Gramie2 · · Score: 3, Informative

    I'd rather add "Bruce Schneier" to my list of trustees, but your friend "Bruce Schneider" may be okay too.

    I'm really not trying to be a smartass. I just want people to get his name right; he deserves it.

  4. Re:Paypal.com versus Badguy.com by commodore64_love · · Score: 4, Informative

    P.S.

    Obligatory explanation: In the early 2000s, paypal.com was arbitrarily closing customers' account and keeping the money for themselves. (You can read more detail at paypalsucks.com) After a couple of years of this, the Bush adminstration's FTC investigated, found paypal guilty, and required paypal.com to refund all the money they had taken. Some people received full refunds while others received flat payouts. I was one of those who received a $50 check.

    So long story short - Paypal.com and Badguy.com are synonymous for many people.

    Another action Bush's FTC took was against record companies. They found the companies had created an illegal cartel to pricefix retail sales of CDs (gee what a surprise), and the companies agreed to settle the case by issuing refunds. I received an $18 check, ditto my brother, ditto my mom, and ditto my two nieces. It might take-awhile but eventually the law catches-up to illegal corporate activities.

    --
    "I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
  5. VeriSign Responds to Black Hat by VeriSign+Allen · · Score: 4, Informative

    Tim Callan, vice president of product marketing at VeriSign, responds (in more detail) to these Black Hat presentations in his new SSL blogpost: https://blogs.verisign.com/ssl-blog/2009/07/busy_day_at_black_hat.php He fills some of the holes that Marlinspike and Kaminsky dug.

  6. Re:Are CA's that stupid? by infolation · · Score: 3, Informative

    Mr Marlinspike gives a more comprehensible breakdown of why this works in an interview he gave with Jeff Moss at Blackhat 09 that looks at SSL vulnerabilities in a broader light.

  7. Moxie at Black Hat by TheCabal · · Score: 3, Informative

    Moxie's presentation was very enlightening. Out of all the presentations I saw over the last two days, his was easily the most interesting.

    First, he went over his last presentation- that due to CA sloppiness, it is possible for an attacker to issue valid SSL certificates as an intermediary CA. No hack involved.
    Second, the null character exploit. This was the bulk of his presentation, and he went into detail why this works, and why Firefox pre-3.5 plus a bunch of other SSL stacks are vulnerable. Dont want to get a cert for every site you want to spoof? Get a wildcard \0 cert.
    Third, it is possible to defeat OCSP with the number 3.
    Fourth, he demonstrated how, due to these bugs in SSL and OCSP, it is possible to deploy your own "software updates" whenever Firefox or other program attempts to auto-update.

    I hope he puts his presentation up sometime soon.