[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: An SSL implementation weakness?
-----BEGIN PGP SIGNED MESSAGE-----
On Fri, 9 Aug 1996 [email protected] wrote:
> The following weakness seems very obvious, I've got a partial writeup of this
> but before I turn it into a paper or something and arrange a demonstration of
> how it would work I thought I'd check to make sure (a) someone else hasn't
> mentioned it before, and (b) it is actually possible (it seems too simple to
> be true):
>
> 1. Using DNS spoofing, stage a hostile takeover of an address (for example
> using bogus referrals set yourself up as the delegated server for a DNS
> subtree).
> 2. Get a Verisign certificate for an arbitrary company and set up a bogus site
> at the stolen address.
>
> Lets say you steal www.megafoobarcorp.com. People connect to this site (which
> is actually your bogus site), Netscape (for example) displays the blue line
> and non-broken key (which is actually for your J.Random certificate rather
> than the real megafoobarcorp one) to show the connection is secure, and you've
> just subverted their site.
The domain in the server's certificate will not match the domain on the url,
i.e. the certificate will say www.eve.com and the url will be
www.megafoobarcorp.com. Netscape does and should complain about this,
and that particular warning cannot be turned off. Now it is quite possible
that the user will ignore the warning or not fully understand it, and
proceed, but if the user pays attention to those sort of warnings, the
switch will be detected.
Now maybe if you got a certificate for a very similar domain name, the user
might be more likely to ignore the warning.
- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Jeremey Barrett
Senior Software Engineer [email protected]
The ForeQuest Company http://www.forequest.com/
"less is more."
-- Mies van de Rohe.
Ken Thompson has an automobile which he helped design. Unlike most
automobiles, it has neither speedometer, nor gas gage, nor any of the
numerous idiot lights which plague the modern driver. Rather, if the
driver makes any mistake, a giant "?" lights up in the center of the
dashboard. "The experienced driver", he says, "will usually know
what's wrong."
-- 'fortune` output
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMgpmWy/fy+vkqMxNAQEZfQP8C69iVqCdXBudh8N2UIlLVew65Yi8lkad
Wjnsur/vsFbsGQZBOvh5IBshJkLBYPZPL2Q92Zi14Xcir8/Ld18N8kFShQ97id5l
npXMcY7ncFnfeohdwhIJdDgzaNYK9i/eVeb90JVPh/cV89xw9BnXv4h/7xW3ul+j
xp/m1oyRZ/w=
=Tsus
-----END PGP SIGNATURE-----