Security team successfully cracks SSL using 200 PS3's and MD5

Dragos Ruiu dr at kyx.net
Fri Jan 2 20:32:01 CST 2009


On 2-Jan-09, at 9:56 AM, Robert Mathews (OSIA) wrote:

> Joe Greco wrote:
>> [ ....  ]
>>
>> Either we take the potential for transparent MitM attacks  
>> seriously, or
>> we do not.  I'm sure the NSA would prefer "not."  :-)
>>
>> As for the points raised in your message, yes, there are additional
>> problems with clients that have not taken this seriously.  It is,  
>> however,
>> one thing to have locks on your door that you do not lock, and  
>> another
>> thing entirely not to have locks (and therefore completely lack the
>> ability to lock).  I hope that there is some serious thought going  
>> on in
>> the browser groups about this sort of issue.
>>
>> [ ... ]
>>
>> ... JG
>
> F Y I, see:
>
> SSL Blacklist 4.0 - for a Firefox extension able to detect 'bad'
> certificates @
> http://www.codefromthe70s.org/sslblacklist.aspx
>
> Best.

Snort rule to detect said...

url: http://vrt-sourcefire.blogspot.com/2009/01/md5-actually-harmful.html

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"POLICY Weak  
SSL OSCP response -- MD5 usage"; content:"content-type: application/ 
ocsp-response"; content:"2A 86 48 86 F7 0D 01 01 05"; metadata: policy  
security-ips drop, service http; reference: url, www.win.tue.nl/hashclash/rogue-ca/ 
; classtype: policy-violation; sid:1000001;)

cheers,
--dr

--
World Security Pros. Cutting Edge Training, Tools, and Techniques
Vancouver, Canada  March 16-20 2009  http://cansecwest.com
London, U.K. May 27/28 2009 http://eusecwest.com
pgpkey http://dragos.com/ kyxpgp





More information about the NANOG mailing list