Black Hat: new ways to attack SSL
Moxie Marlinspike has told the ongoing Black Hat security conference of a new way to attack browser connections with secure sockets layer (SSL) protection, enabling him to steal login data from users of Yahoo, Google and Paypal. Moxie's method is not aimed directly at cracking an SSL connection, but exploits the fact that users rarely call up a page with an https:// prefix. What they do in practice is first call up the unencrypted page, and then click a button to take them to a (supposedly) encrypted page, to log-in.
To exploit this. Marlinspike has developed SSLstrip, a man-in-the-middle proxy that, in principle, changes all the user's https requests into http requests. The proxy then connects to the server called up by the victim, and grabs all of its content. Where necessary, say during log-in, the proxy communicates with the server in encrypted form, but sends all the data it got from the server back to the client, unencrypted, so no SSL connection whatsoever is made, and no error message appears in the browser to report an invalid certificate. A vigilant user may of course observe that the browser isn't indicating a secure connection, with only http:// showing in the address line, but the sight of a padlock icon is enough to persuade most users that nothing dodgy is going on.
Marlinspike showed other methods that enable an attacker's own certificates to display all security features in the browser, without provoking an error message. Among these are certificates for internationalized domain names (those containing special characters), and some others, that at first glance don't look like domain names at all. An example quoted by Marlinspike is .ijjk.cn in the URL https://www.gmail.com/accounts/ServiceLogin?!f.ijjk.cn, which most users would probably take to be a parameter for a Gmail account. Although this isn't really a new method, combining it with SSLstrip would make attacks on connections considerably more successful.
However, this only works as a man-in-the-middle attack, so the attacker has to divert his victim's connections through his proxy. While this isn't a big problem on a LAN, say using address resolution protocol (ARP) spoofing, attacks on home users normally require the manipulation of network or router settings, or DNS cache poisoning.
The attack doesn't exploit any vulnerability in the SSL protocol, or in the validation of certificates. The vulnerability lies rather, in the interfaces between protocols, user interfaces, and the users themselves – and that's nothing new.
- Symantec reports first active attack on a DSL router , a report from The H.
- Kaminsky reveals final details of DNS vulnerability, a report from The H.