VeriSign says customers were already protected from SSL flaws (Update)

by Steve Ragan - Aug 4 2009, 13:25

Update:

As mentioned, Mozilla has pushed the patches to Firefox users. Both the 3.5 and 3.x branches have patches available for download that address the mentioned flaws. Users are urged to download Firefox 3.5.2 or 3.0.13 to ensure protection.

"As part of Mozilla’s ongoing stability and security update process, Firefox 3.5.2 and Firefox 3.0.13 are now available for Windows, Mac, and Linux as free downloads. We strongly recommend that all Firefox users upgrade to this latest release," Mozilla said in a statement. 

"If you already have Firefox 3.5 or Firefox 3, you will receive an automated update notification within 24 to 48 hours. This update can also be applied manually by selecting "Check for Updates…" from the Help menu."

Original Article:

Last week, during BlackHat in Las Vegas, two talks focused on problems with SSL. The separate talks, one given by Moxie Marlinspike and one by Dan Kaminsky, covered various issues, but each earned a good deal of hype in the press. After the talks, VeriSign quickly pointed out that it had preemptively protected clients from the various attack methods discussed.

Moxie Marlinspike, detailing the latest additions to his sslstrip tool, talked about the use of null characters and various other ways to fool Web browsers and other pieces of relying software into believing a certificate has been issued to a different domain than the one to which is was actually issued.

“I'm pleased to say that none of VeriSign's SSL Certificates on any brand allow null characters, meaning that you can't use any of our certificates in the attack detailed...,” said Tim Callan, vice president of product marketing at VeriSign, in an official statement. 

Callan also pointed out that the fundamental problem needs to be solved by the client software that trusts certificates allowing null characters. In addition, he mentioned that EV certificates are also immune, a fact confirmed by Marlinspike during his Q&A session.

“Marlinspike discussed the possibility of using this attack against the auto-update functionality that's prevalent in desktop software today. If these updates depend exclusively on SSL to confirm their veracity, a null character certificate can work there,” said Callan.

“Marlinspike suggests code signing as the solution to this problem (and I agree that code signing is a good solution). It happens that employing EV SSL on this update functionality would solve the problem as well.”

The other talk, given by Dan Kaminsky, centered on several SSL-related topics. It is believed certificates employing Message Digest Algorithm 2 (MD2) may be subject to pre-image attacks later this year, essentially rendering this hash function untrustworthy.

“[Kaminsky said] that MD2 is not trusted or soon to not be trusted on these applications and platforms: Firefox, OpenSSL, Red Hat, Opera, Apple, Microsoft, Google, and VeriSign. Here I can be more specific. As of May 2009, VeriSign is issuing its SSL Certificates on all brands using SHA-1,” Callan wrote in a company blog addressing the Kaminsky talk.

Another issue discussed by Kaminsky dealt with “leading zero” attacks, where a certificate can fool clients by attaching an invisible zero to the first hex character in the certificate.

“Again, I'm happy to tell you that VeriSign won't issue SSL Certificates with leading zeros on any of our brands,” Callan wrote.
 
To address the issue with pre-May 2009 certificates issued by VeriSign, which use MD2, Callan said the MD2 attack described would not “work against previously issued certificates.”

“It's natural to be concerned when security experts uncover vulnerabilities that can open an organization and its customers to attack, but site operators can rest assured that SSL Certificates from VeriSign cannot be used as part of the SSL threats revealed this week,” he concluded.

Related to the talks at Black Hat, as well as the subject of vendor reaction, Mozilla chimed in as well, saying that the issues addressed by both researchers during their presentations have been fixed in Firefox 3.5 and the corporation is working to patch the existing 3.x branch.

As a precaution against the SSL attacks that would hijack automatic updates, several media agencies and online articles have warned users to disable automatic updates. This is a bad idea and something Mozilla advises against, saying:

“We strongly disagree with the suggestion that users turn off security updates... Regular security updates are one of the best protections users have against newly discovered vulnerabilities in any piece of software. They are the path by which problems like the ones Moxie identified get quickly remedied before they can be exploited.”

Want regular updates from The Tech Herald? Follow us on Twitter.

Interested in a more interactive TTH? Join our Facebook Group.

Around the Web