Null-Prefix SSL Certificate For PayPal Released 351
An anonymous reader writes "Nine weeks after Moxie Marlinspike presented at Defcon 17, null-prefix certificates that exploit the SSL certificate vulnerability are beginning to appear. Yesterday, someone posted a null-prefix certificate for www.paypal.com on the full-disclosure mailing list. In conjunction with sslsniff, this certificate can be used to intercept communication to PayPal from all clients using the Windows Crypto API, for which a patch is still not available. This includes IE, Chrome, and Safari on Windows. What's worse, because of the OCSP attack that Moxie also presented at Defcon, this certificate cannot be revoked." Update: 10/06 23:19 GMT by KD: Now it seems that PayPal has suspended Marlinspike's account.
Re:So let me get this right... (Score:3, Informative)
Actually, this attack has been known a lot longer than that.
I'm really glad the security product we developed uses OpenSSL even on Windows. The MS Crypto API was greatly desired at the time because it made the binary distribution a lot smaller. Originally everything was developed using OSSL because our stuff is cross-platform. Good thing we never found the time to switch over to CAPI on Windows.
Re:Heh... surprised? (Score:5, Informative)
Re:Wow? (Score:4, Informative)
Re:Heh... surprised? (Score:5, Informative)
From the article:
Fortunately, Mozilla developers patched the hole a few days after Marlinspike's demo and Apple followed suit a few weeks later with Safari for OS X. That means if you're on Windows, the only way to protect yourself against this critical vulnerability is to use versions 3.5 or 3.0.13 or later of Firefox. At least until Microsoft fixes the CryptoAPI, whenever that may be.
Update (Score:5, Informative)
Sounds like PayPal should be freezing everyone's account until this is fixed.
Re:Yay Choices! (Score:5, Informative)
This is a nice definition [softlab.ntua.gr]:
Security Through Obscurity (STO) is the belief that a system of any sort can be secure so long as nobody outside of its implementation group is allowed to find out anything about its internal mechanisms. Hiding account passwords in binary files or scripts with the presumption that "nobody will ever find it" is a prime case of STO.
For shits and grins here is a slashdot feature on the topic [slashdot.org]; the first couple of paragraphs should make the usage clear. In fact he even goes on to point out that it can not be used by opensource software.
Re:Yay Choices! (Score:5, Informative)
Or just use Firefox. Wow, that's a lot easier!
Re:Update (Score:4, Informative)
Just anyone who has ever logged in from a Windows box running a browser other than Firefox.
Re:uber lolz (Score:2, Informative)
Re:Heh... surprised? (Score:2, Informative)
From the information I can find online, Opera does not use the affected Windows Crypto API.
Re:So let me get this right... (Score:2, Informative)
Re:So let me get this right... (Score:4, Informative)
Re:Yay Choices! (Score:1, Informative)
I believe Firefox has its own cross-platform libraries for the functionality in question, the other browsers use the Windows libraries.
How does this work (in 20 seconds) (Score:5, Informative)
what usually happens:
* you request a cert common-name=serverbox.mydomain.com from a Certificate Authority (CA)
* CA determines you are authorized to make this request on behalf of mydomain.com
* serverbox.mydomain.com serves down the signed cert, your browser makes sure website == common-name == serverbox.mydomain.com
what these clever guys discovered:
* you can request a cert common-name=paypal.com\0.mydomain.com
* CA determines you are authorized to make this request on behalf of mydomain.com
* man-in-the-middle sits in between you and paypal.com, serves down this cert, victim's browser makes sure website == common-name == paypal.com (whoops!)
* victim sees paypal.com in their browser with that reassuring padlock
Re:So let me get this right... (Score:3, Informative)
True but the core Java language doesn't ship with any nice HTML widgets. I believe JSF either does escaping by default or at least has a single app-wide setting to enable it by default. The Spring MVC framework has similar options, where with one line I can enable XML and JS escaping in all content written out by UI components. Being backwards compatible is one thing but not having an option to do default escaping is just opening your developer base up to all sorts of issues.
Re:Heh... surprised? (Score:3, Informative)
Don't forget about elinks (http://elinks.or.cz/)
Re:Yay Choices! (Score:3, Informative)
IIRC Firefox has its own cross-platform libraries for the code in question, which is why it isn't vulnerable like the browsers that depend on the win32 libs. Mozilla can just patch those libs whenever they want, and in this case they did so before Microsoft patched the win32 libs.
escape-characters poorly misunderstood (Score:4, Informative)
Re:Update (Score:4, Informative)
Just anyone who has ever logged in from a Windows box running a browser other than Firefox.
and Opera. Opera uses OpenSSL, thus avoids broken Windows crypto stuff.
Re:In other news... (Score:2, Informative)
Re:So let me get this right... (Score:5, Informative)
I have never understood that for years, you have been able to create a folder with a space at the end of its name in a script. Try, just try, to delete that folder.. You can't create it in explorer, you can't delete it in explorer.. in fact, the only way to fix that I have found, is hope to god its a long file name, drop to a command prompt, and delete it with "Del folder~1"
Well, the documentation for Windows Explorer specifically states that it may not support all the naming conventions of the underlying file systems. Of course, it would be entirely reasonable to expect it to fully support the naming conventions of any Microsoft file system, but MS seems to operate under an unusual definition of "reasonable"...
/X may fail to reveal this as a long filename (by definition, any filename containing a space is a long filename even if it's eight or fewer characters in length), in which case there's no way to use dir to make it obvious there's an abomination in the list of folders.
You don't need a script to create such folders, just the command prompt. This will work just fine: mkdir ".\Space \". Even better, dir
Note that mkdir "Space " won't give you the trailing space in the folder name, at least not on anything earlier than Vista or 2003 (never tried this trick on anything after XP). Similarly, rmdir "Space " fails to remove the directory, but you can remove it with rmdir ".\Space \".
File this under "Stupid cmd.exe tricks".
Speaking of which, I got to try that in server 2008, and Windows 7.. Its a fun way to use 3 lines of script to really piss off your IT co-workers...
Heh, create three sibling directories named "stuck" where they have one, two, and three trailing spaces - then sit back and watch the consternation. It will look like there are three folders with identical names under the same folder (impossible!), and none of them can be deleted with Explorer. Pure, evil fun.
- T
Re:Yay Choices! (Score:2, Informative)
So long as your definition of security is one that is non-quantitative, sure.
My statement can be quantified straightforwardly, thought it depends on the details of a specific application and the security systems it uses. Specifically, the algorithmic properties of said security systems (the cost) and an analysis of the risk the systems reduce or introduce (the gain).
Security, much like finance, is about risk, and using effective methods to manage your exposure to risk. Ineffective methods don't reduce your exposure to risk. That's why they are ineffective.
You've read Fenyman on security, right? (Score:1, Informative)
Fenyman went to visit a General in his office one day.
It seems the good professor liked to tinker with locks, and while there tinkered and found, unbeknownst to the General, the combination to the General's safe. The next time he happened to be there, something was needed from the safe, and the General was astonished when Fenyman said "...let me get it for you" and proceeded to unlock the safe and retrieve the item. He explained to the General how the lock on that type of safe was easily broken, and not to be trusted. Time passed. Feynman visited the General's office again and while waiting, noticed a memo posted in the Office. "It is prohibited to let Dr. Feynman near safes..."
Re:Such dependancies annoy nLite users! (Score:3, Informative)
When I wrote an XML parser for app settings, I chose...
ASCII only, no XML attributes(only simple tags), strict closing tag order. Also, opt-out input sanitization(all chars rejected unless... A-Z, a-z, 0-9, +_-, etc.) when both saving and loading.
So you didn't write an XML parser, then. I sure hope that when you documented that thing, you didn't call the format of your app settings file "XML", because it sure as hell isn't that.
Re:What about the CA that issued it? (Score:3, Informative)
You also typically will not get any warning if the certificate or the CA change.
Yet, some common browsers today make people jump through all sorts of hoops just to accept a self-signed certificate.
Together with "warnings" which are misleading.
Re:Heh... surprised? (Score:3, Informative)
http://changelogs.ubuntu.com/changelogs/pool/main/w/wget/wget_1.11.4-2ubuntu1.1/changelog
Re:No, but (Score:1, Informative)