« ModSecurity at ApacheCon US 2008 | Main | Will the real John Viega please stand up? »

December 30, 2008

HOWTO: Create a rogue CA certificate for $2000

An international group of researchers—speaking at the 25th Chaos Communication Club conference—published details on how they had managed to construct a rogue Certificate Authority (CA) certificate (!) using a weakness in the MD5 hashing algorithm. They estimate the attack costs $20,000 to execute today, but that the cost can be reduced to as little as $2000. With a rogue CA certificate in hand they are able to impersonate any SSL-enabled web site and conduct MITM attacks undetected (no browser warnings!).

The presentation is now available for download.

Update (30 Dec): And so is the paper, along with more information and a demonstration site (the CA  certificate was purposefully constructed to expire in 2004, which essentially makes it harmless).

Update (31 Dec): Verisign fixes the problem.

Badca

Posted by Ivan Ristić at 16:22:20 in SSL

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00e54fd889f28834010536a535c7970c

Listed below are links to weblogs that reference HOWTO: Create a rogue CA certificate for $2000:

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Ivan - will forcing clients to TLS 1.0 make a difference here at all?

Posted by: Jim Manico | December 31, 2008 at 11:24 AM

No, forcing TLS v1.0 or any later version won't help. The fault lies with the CA who not only continued to use MD5 long past its due date, but also had a system in place that allowed the researchers to predict the serial number--which was required to carry out the attack. Now that Verisign fixed the problem (see the link above) the future attacks of this type will fail. I don't think there's any need for you as an individual to be concerned with this attack vector, but the community will need to work harder to make attacks similar to this one more difficult in the future. The CAs will need to put better standards in place, and the browser vendors will need to start closely monitoring the CAs activities to ensure compliance.

Posted by: Ivan Ristić | December 31, 2008 at 01:04 PM

Imagine malware authors and phishers start combining rogue ca certificates and infect users's systems and redirect them to a "fake bank website with valid certificate" ... boom !

read more ...

http://extremesecurity.blogspot.com/2008/12/kaminskys-dns-bug-rogue-ca-certificates.html

Posted by: Aa'ed Alqarta | January 01, 2009 at 11:35 AM

The comments to this entry are closed.

MY WORK

IronBee is the next generation web application firewall engine, and it's open source too.
ModSecurity Handbok cover
ModSecurity Handbook is the definitive guide to the world's most popular web application firewall.
Apache Security cover
Apache Security is the complete guide to securing your Apache web server.
SSL Labs offers a comprehensive SSL security assessment consisting of 250+ checks. To start, enter your domain name below:

ABOUT ME

Ivan Ristić is an open source advocate, entrepreneur, writer, programmer and web security specialist. He is the principal author of ModSecurity, the open source web application firewall, and the author of Apache Security, a concise yet comprehensive web security guide for the Apache web server.   [LinkedIn Profile]

My Photo

TWITTER

@ivanristic

    Categories

    Archives

    FEEDS