Slashdot Mirror
Null-Prefix SSL Certificate For PayPal Released
An anonymous reader writes "Nine weeks after Moxie Marlinspike presented at Defcon 17, null-prefix certificates that exploit the SSL certificate vulnerability are beginning to appear. Yesterday, someone posted a null-prefix certificate for www.paypal.com on the full-disclosure mailing list. In conjunction with sslsniff, this certificate can be used to intercept communication to PayPal from all clients using the Windows Crypto API, for which a patch is still not available. This includes IE, Chrome, and Safari on Windows. What's worse, because of the OCSP attack that Moxie also presented at Defcon, this certificate cannot be revoked." Update: 10/06 23:19 GMT by KD: Now it seems that PayPal has suspended Marlinspike's account.
...it is thought that more people are going to be using Macs' and Linux in the future.
The people who need to make sure to get everything secure in order to for the web to function have waited longer than -9 weeks- to get something fixed? When the thing was presented at... Defcon? What else do these people have to do other than fix these -major- flaws. When something is shown at Defcon, BlackHat, HOPE or any other major security conference, the first thing for these people to do would be to fix the flaw. 9 weeks is inexcusable.
Taxation is legalized theft, no more, no less.
Moxie Marlinspike - that's a goblin name if I ever saw one.
a bug or a feature?
With CNs like www.paypal.com\0ssl.secureconnection.cc
Shouldn't the CA who issued the certificate bear *some* of the blame here?
It just seems logical....
Looks like lynx (http://lynx.isc.org) is still safe.
From the article:
Fortunately, Mozilla developers patched the hole a few days after Marlinspike's demo and Apple followed suit a few weeks later with Safari for OS X. That means if you're on Windows, the only way to protect yourself against this critical vulnerability is to use versions 3.5 or 3.0.13 or later of Firefox. At least until Microsoft fixes the CryptoAPI, whenever that may be.
) Human Kind Vs Human Creation
) It'd be interesting to see how many humans would survive to serve us.
This has to be the worst advice I've ever heard.
NO! Don't roll your own crypto. This is madness!
*Kicks BikeHelmet into pit*
OpenSSL is available for windows; use that.
Sounds like PayPal should be freezing everyone's account until this is fixed.
Give me Classic Slashdot or give me death!
Because that is totally going to fix the problem.
"I'd just like to emphasise that taking a million years isn't a metaphor here..." -Rich Bradshaw
This is a nice definition:
Security Through Obscurity (STO) is the belief that a system of any sort can be secure so long as nobody outside of its implementation group is allowed to find out anything about its internal mechanisms. Hiding account passwords in binary files or scripts with the presumption that "nobody will ever find it" is a prime case of STO.
For shits and grins here is a slashdot feature on the topic; the first couple of paragraphs should make the usage clear. In fact he even goes on to point out that it can not be used by opensource software.
Mod points: Guaranteed to remove your sense of humor.
Side effects may include gullibility and temporary retardation
If you don't shoot the bearers of bad news, people will keep bringing it to you.
Or just use Firefox. Wow, that's a lot easier!
There is a war going on for your mind.
For more information about null-prefix attacks, the video is here.
It irks me how much Microsoft and Google products depend on Windows components.
So you are saying reinvent the wheel? Don't use the system resources at your disposal? Should we just all go back to DOS way of doing things?
"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
Do you really think the average user is going to notice a lack of green bar? Internet Explorer is going to accept this certificate as valid for https://www.paypal.com/ and there will be no hints to the user that it's actually illegitimate. Unless there's some other mechanism in Internet Explorer that will notice it got an EV cert in the past and is no longer getting it, then this cert is entirely usable for a man in the middle.
Amen brother, bad coders re-making existing functions or API's is what fills up The daily WTF
You're not old until regret takes the place of your dreams.
No, paypal is just fine. The problem is that Microsoft has not updated its encryption API for Internet Explorer to stop a publicly known exploit for SSL.
Kirk: How is the messenger, Bones?
McCoy: He's dead, Jim.
Kirk: Well, I suppose our mission here is accomplished.
McCoy: Yes, I suppose you're right.
Everything in the Universe sucks: It's the law!
Yeah, I'll just echo Sakdoctor... Being able to make "rolling your own crypto" a good idea is for a VERY rare breed of person... and even they generally don't like to do it.
"Gratuitous complexity is akin to chaos" - True Vox
*doesn't chain to an EV provider* it's not much of an exploit,*doesn't chain to an EV provider* it's not much of an exploit, really. No green bar, not safe. really. No green bar, not safe.
Have you lost your mind, or are you joking?
Assuming a rubber room is being prepared for you, I have to wonder why you would think anyone knows to look for green bars.
I might actually agree with you that this isn't a huge problem, but for very different reasons. MITM attacks are relatively hard to exploit. You're essentially limited to wireless networks, or hostile LANs. Also, this isn't a big deal since if you can already perform a MITM attack there's countless ways to trick the user into thinking the site is secure without even touching SSL.
AccountKiller
From the information I can find online, Opera does not use the affected Windows Crypto API.
I am not a security expert, but does switching to Firefox really solve the issue? For browsing, sure. But everyone is saying this is part of the core crypto API in Windows. Certs are used in more things than just IE.
When the app you want to install says it is signed by Microsoft, Mozilla, or Nullsoft, can you still be sure that it really is? Can you be sure the Windows Update software is actually retrieving updates without a man-in-the-middle?
I really don't know the answers to these questions. But I would be surprised if switching to Firefox is a cure to a bug in the core Win32 apis. Helpful: yes. A solution: probably not.
AFAIK, the law supports your position. But I really think we need to examine whether that's the kind of society we want. It's perfectly fine for a small business to arbitrarily refuse to have a relationship with a particular person. That person can go elsewhere, and the small business is only hurting itself. But large companies like PayPal are different. They form an integral part of the fabric of modern life. When one of these large companies denies service to an individual, that person's quality of life is reduced without an opportunity for rebuttal, or for a fair judgment by his peers. These companies have become de facto utilities, and just as the electric company cannot turn off your lights because of a personal grudge, PayPal should not be able to arbitrarily cripple your ability to send and receive money.
When a company gains quite a bit from being large enough to matter in this way; it should give something in return.
If you cause someone grief, don't expect them to be nice to you in return.
Look at it this way: If a doctor jabs you with a mortally-needed anti-venom needle, do you have the right to tell him "Fuck off!"?
I suppose... "He caused me grief!" Yeah, okay. It's a bit of a simplistic metric, really, for determining what is a good response. Appropriate for a young child or a retard. Maybe not for a large corporation. Hopefully not for you.
It does matter what the person's intentions were.
From Paypal's justification of their banning:
"We do not, however, allow PayPal to be used in the sale or dissemination of tools which have the sole purpose to attack customers and illegally obtain individual customer information," the spokeswoman, Sara Gorman, wrote in an email. "We consider whether there is any legitimate use in helping to strengthen the defenses of one's site when determining violation of our policy."
The problem with your statement is that he did not cause Paypal problems in the way that you think. He showed a widespread security flaw, using Paypal as an example... and Paypal suddenly decided that the tools he was producing "have the sole purpose to attack customers and illegally obtain individual customer information". This is a complete and utter load of bollix.
So yes, Paypal may not be happy they have a vulnerability... the same vulnerability that every other SSL cert user has I might add... but he was not breaking their TOS. What they did was infantile and very counter-productive.
This kind of behaviour means the only people that know the flaws in your system are the hackers who want to exploit them for nefarious means, rather than these researchers, who are doing it partially to "help the world", but also to HELP YOU.
I wouldn't trust a company who discourages security penetration testing and thorough investigations of their systems in these ways. Because you can bet your pants, the black-hat hackers will do their homework and find these flaws if our researchers don't.
NO! Don't roll your own crypto. This is madness!
I'd never do that.
OpenSSL is available for windows; use that.
->
go for a third party library. (perhaps open source)
The rewrite it bit was actually referring to automatic updates and XML parsing. Those are pretty easy to implement properly in an app, without depending on Microsoft-coded services.
Apparently I'm 80% overrated, but that's also why a single exploit can affect so much software. Rather than using a third party lib, most devs just use whatever you stick in front of them. :/
what usually happens:
* you request a cert common-name=serverbox.mydomain.com from a Certificate Authority (CA)
* CA determines you are authorized to make this request on behalf of mydomain.com
* serverbox.mydomain.com serves down the signed cert, your browser makes sure website == common-name == serverbox.mydomain.com
what these clever guys discovered:
* you can request a cert common-name=paypal.com\0.mydomain.com
* CA determines you are authorized to make this request on behalf of mydomain.com
* man-in-the-middle sits in between you and paypal.com, serves down this cert, victim's browser makes sure website == common-name == paypal.com (whoops!)
* victim sees paypal.com in their browser with that reassuring padlock
Don't forget about elinks (http://elinks.or.cz/)
IIRC Firefox has its own cross-platform libraries for the code in question, which is why it isn't vulnerable like the browsers that depend on the win32 libs. Mozilla can just patch those libs whenever they want, and in this case they did so before Microsoft patched the win32 libs.
--Edward Dassmesser
Since the hole affects Windows Crypto API's, this should now be easily possible. A rootkit virus, which hijacks all the traffic from its local network, intercepts all windows update requests and spreads itself as an update. Implications: if single machine on your network is infected, all windows machines get infected within 24hrs? This is providing you can get a code signing cert with null-prefix, but I don't see why this would be much different than SSL cert (just find an automated CA).
I dunno, they seem fully misunderstood in this case.
http://lkml.org/lkml/2005/8/20/95
So long as your definition of security is one that is non-quantitative, sure.
My statement can be quantified straightforwardly, thought it depends on the details of a specific application and the security systems it uses. Specifically, the algorithmic properties of said security systems (the cost) and an analysis of the risk the systems reduce or introduce (the gain).
Security, much like finance, is about risk, and using effective methods to manage your exposure to risk. Ineffective methods don't reduce your exposure to risk. That's why they are ineffective.
After all, I am strangely colored.
Did anyone else read the stuff this kid has on his site? Moxie is a Sailor/Hacker/Anarchist/Squatter/Hitchhiker enigma. Holy shit this kid has sailed the CA coast in the worst conditions alone. I am duly impressed and green with envy and depressed that I am not living a life like his.
I had a sig, but
XML parsing. Those are pretty easy to implement properly in an app
No, no, God, no. I'm sick to death of crappy applications not handling Unicode element names, not understanding XML namespaces properly (I've seen several that thought that prefix is the namespace, and required you to use specific prefixes), not properly parsing CDATA, not understanding XML whitespace rules or xml:space, not understanding DOCTYPE and entities, and so on.
XML is not simple. Don't think you can whip up a parser in an evening unless you really know the W3C spec well, including all corner cases (if you don't know any corner cases, then you don't know it well).
Use a mature, stable, preferably open source third party library, and you'll make your users and future maintainers happy.
When I wrote an XML parser for app settings, I chose...
ASCII only, no XML attributes(only simple tags), strict closing tag order. Also, opt-out input sanitization(all chars rejected unless... A-Z, a-z, 0-9, +_-, etc.) when both saving and loading.
So you didn't write an XML parser, then. I sure hope that when you documented that thing, you didn't call the format of your app settings file "XML", because it sure as hell isn't that.
I have some doubts about that, even wget was not safe:
http://changelogs.ubuntu.com/changelogs/pool/main/w/wget/wget_1.11.4-2ubuntu1.1/changelog
New things are always on the horizon
So am I more secure if I sing myself instead of the computer letting it do for me?
Does it matter which song I sing? I guess "ring of fire" would make a good firewall?
SCNR :-)
The Tao of math: The numbers you can count are not the real numbers.
The point is, you get only the Firefox security after you've installed Firefox, and only assuming you've installed the real version, not a hacked one. And how do you check if you have a real version when installing your first version of Firefox? You can't check with Firefox because it's not yet installed. Checking with Firefox after the fact is pointless, too, because a hacked Firefox will certainly claim it's legitimate. Actually, even when Microsoft patches the vulnerability and you get it through Windows Update, you can't be completely sure, because after all someone might have intercepted Windows Update with a fake certificate.
The Tao of math: The numbers you can count are not the real numbers.
> Never type a password into a site unless you see a lock icon in your browser.
So how'd you log into Slashdot?
Ubuntu aside, how could you know? Do you maintain a whitelist of everything running on your PC? Do you scan for rootkits *outside your OS*? Do you maintain a list of MD5 hashes for every binary?
Surely what you mean is that you've *never known* you had an infection.