![Page 2: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/2.jpg)
About the Title
From StartCom Critical Event Report
https://blog.startcom.org/?p=161
Thanks to StartCom for quickly fixing the bug I found
These guys care about PKI!
Intrepidus Group, Inc. © 2008 2
![Page 3: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/3.jpg)
Outline
Intro – The Basics
CA Domain Validation Mechanisms
Certificate Provisioning Process
Web Application Attacks
Client Side Countermeasures
CA Countermeasures
Closing
Intrepidus Group, Inc. © 2008 3
![Page 4: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/4.jpg)
Intro – SSL vs SSL PKI
SSL is a sound encryption protocol
…implementation specific bugs, aside
Debian PRNG
Microsoft SSL PCT Overflow (2004)
SSL PKI gives us third party trust
Site validation
Code signing
Personal certificates
Intrepidus Group, Inc. © 2008 4
![Page 5: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/5.jpg)
Intro – Threat Modeling SSL PKI
Intrepidus Group, Inc. © 2008 5
![Page 6: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/6.jpg)
Intro – Threat Modeling SSL PKI
Intrepidus Group, Inc. © 2008 6
![Page 7: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/7.jpg)
Intro – Why hack PKI?
To exploit third-party trust
Maybe you own the DNS
Steal data with minimal residue
Targeted Attacks
SSL VPN
If software vendors do their job, endpoints will be harder to attack
It’s fun!
Intrepidus Group, Inc. © 2008 7
![Page 8: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/8.jpg)
Intro – PKI’s Low Hanging Fruit
Certification Authority Web Sites
You pay money for private key access
Private key access is controlled by web application logic
Web Applications are hard to secure
Oh, the irony!
The companies that sell security are not secure themselves
How can you secure the Internet, over the Internet?
Intrepidus Group, Inc. © 2008 8
![Page 9: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/9.jpg)
Intro – Soft Targets
Where there is smoke, there is usually fire
Introducing, a slide-show of insecurity . . .
Intrepidus Group, Inc. © 2008 9
![Page 10: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/10.jpg)
Intro - Soft Targets
Intrepidus Group, Inc. © 2008 10
* Note the green bar. It is definitely COMODO who is vulnerable to cross site scripting!
![Page 11: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/11.jpg)
Certificate Authority Attacks
Intrepidus Group, Inc. © 2008 11
![Page 12: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/12.jpg)
Intro - Soft Targets
Intrepidus Group, Inc. © 2008 12
![Page 13: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/13.jpg)
Intro - Soft Targets
Intrepidus Group, Inc. © 2008 13
![Page 14: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/14.jpg)
Intro - Soft Targets
Intrepidus Group, Inc. © 2008 14
![Page 15: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/15.jpg)
Intro - Soft Targets
Intrepidus Group, Inc. © 2008 15
![Page 16: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/16.jpg)
Intro - Soft Targets
Intrepidus Group, Inc. © 2008 16
![Page 17: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/17.jpg)
Intro - Soft Targets
Intrepidus Group, Inc. © 2008 17
* Note the green bar. It is definitely THAWTE who is vulnerable to cross site scripting!
![Page 18: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/18.jpg)
Intro - Soft Targets
Intrepidus Group, Inc. © 2008 18
![Page 19: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/19.jpg)
Intro - Soft Targets
Intrepidus Group, Inc. © 2008 19
![Page 20: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/20.jpg)
Domain Validation
Intrepidus Group, Inc. © 2008 20
![Page 21: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/21.jpg)
Domain Validation
CAs need to make sure you are authorized to request certification
A few different techniques
Phone Authentication
Email Authentication
Both rely on secret codes
Attacker requests a certificate
CA sends secret to authorized contact
Only those who know the secret can authorize the request
Intrepidus Group, Inc. © 2008 21
![Page 22: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/22.jpg)
Domain Validation
How does a CA determine who is an authorized contact?
Out of band (but still on the Internet)
Email address and/or phone number from Domain Registration Records
Certificate Requestor can pick from a list of approved aliases
Webmaster, ssladmin, sslwebmaster, etc.
Intrepidus Group, Inc. © 2008 22
![Page 23: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/23.jpg)
Domain Validation
Choosing the Authorized Contact
Attack #1
Take advantage of insecure protocols to alter domain registration data on the wire
Controls relying on insecure protocols should not be considered out of band
Attack #2
Take advantage of poor application logic
Controls cannot rely on user-supplied data
Intrepidus Group, Inc. © 2008 23
![Page 24: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/24.jpg)
Domain Validation
Delivery of the shared secret
Over the phone
?
Over email
More reliance on insecure protocols
Who determines what aliases are authorized to approve SSL certification?
Multiple Opportunities for Attack
Sniff email on the wire
Break into an email account
Free email providers
Intrepidus Group, Inc. © 2008 24
![Page 25: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/25.jpg)
Certificate Provisioning Process
Intrepidus Group, Inc. © 2008 25
![Page 26: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/26.jpg)
Certificate Provisioning Process
CAs want to make money
Automation lowers overhead and makes purchasing certificates easier for customers
“Race to the Bottom”
The easier it is to get a cert, the less we can trust them (Hello EV!)
Automation makes life easier on attackers
Intrepidus Group, Inc. © 2008 26
![Page 27: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/27.jpg)
Certificate Provisioning Process
Case Study: Chosen Pre-Fix Collisions
Attack against a CA yields a rogue Certificate Authority
Two weaknesses
Use of MD5
Researchers could control serial number and time stamp
Web Site automation provided a reliable mechanism for generating predictable SSL certificates
Intrepidus Group, Inc. © 2008 27
![Page 28: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/28.jpg)
Certificate Provisioning Process
Case Study: Chosen Pre-Fix Collisions
These would have helped
A strong CAPTCHA
Introduce a human element to the process
A random time delay
Prevent the requestor from controlling the time the certificate is issued.
Intrepidus Group, Inc. © 2008 28
![Page 29: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/29.jpg)
Certificate Provisioning Process
Case Study: No Validation
Comodo COMPLETELY disabled validation
This happened for one reseller (that we know of)
People who ordered certificates had them immediately issued
Result: a rogue certificate was issued for mozilla.org
Automation makes it easier to make $$$
It also makes it easy screw things up
Intrepidus Group, Inc. © 2008 29
![Page 30: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/30.jpg)
Certificate Provisioning Process
The Black List
CAs will use a black list to protect sensitive domains
I know, for a fact, that Verisign.com is on some black lists
Issues
Who is on the black list?
How do you get on the black list?
Good for PayPal.com
Bad for vpn.governmentcontractor.com
Intrepidus Group, Inc. © 2008 30
![Page 31: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/31.jpg)
Real CA Attacks
Intrepidus Group, Inc. © 2008 31
![Page 32: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/32.jpg)
Certificate Authority Attacks
Insecure Direct Object Reference
Used to by-pass StartCom Domain Validation
Most CAs that offer domain validation do so via email
http://www.owasp.org/index.php/Top_10_2007-A4
Intrepidus Group, Inc. © 2008 32
![Page 33: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/33.jpg)
Certificate Authority Attacks
Intrepidus Group, Inc. © 2008 33
![Page 34: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/34.jpg)
Certificate Authority Attacks
Intrepidus Group, Inc. © 2008 34
![Page 35: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/35.jpg)
Certificate Authority Attacks
Intrepidus Group, Inc. © 2008 35
![Page 36: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/36.jpg)
Certificate Authority Attacks
Intrepidus Group, Inc. © 2008 36
![Page 37: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/37.jpg)
Certificate Authority Attacks
Intrepidus Group, Inc. © 2008 37
![Page 38: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/38.jpg)
Certificate Authority Attacks
Intrepidus Group, Inc. © 2008 38
![Page 39: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/39.jpg)
Certificate Authority Attacks
StartCom Post-Mortem
By-passed validation and received signed certificates for low-profile sites
By-passed validation for high-profile sites PayPal and Verisign
Certificates were not issued for PayPal & Verisign due to a BLACKLIST
Intrepidus Group, Inc. © 2008 39
![Page 40: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/40.jpg)
Certificate Authority Attacks (2)
Information Leakage
Used to by-pass domain validation with THAWTE Certificate Authority
Appeared to be a common theme on the THAWTE web site
http://www.owasp.org/index.php/Top_10_2007-A6
Intrepidus Group, Inc. © 2008 40
![Page 41: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/41.jpg)
Certificate Authority Attacks (2)
Intrepidus Group, Inc. © 2008 41
![Page 42: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/42.jpg)
Certificate Authority Attacks (2)
Intrepidus Group, Inc. © 2008 42
![Page 43: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/43.jpg)
Certificate Authority Attacks (2)
Intrepidus Group, Inc. © 2008 43
![Page 44: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/44.jpg)
Certificate Authority Attacks (2)
Intrepidus Group, Inc. © 2008 44
![Page 45: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/45.jpg)
Certificate Authority Attacks (2)
Intrepidus Group, Inc. © 2008 45
Thawte Post-Mortem
Information Leakage
Staff
Web Site
Live.com was added to their blacklist
Certificate was revoked
But I still promise not to use it for malicious activities
![Page 46: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/46.jpg)
SSL PKI Relies on Insecure Protocols
Intrepidus Group, Inc. © 2008 46
![Page 47: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/47.jpg)
Certificate Authority Attacks (3)
Demonstration
Intrepidus Group, Inc. © 2008 47
![Page 48: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/48.jpg)
Post CA Exploitation
Intrepidus Group, Inc. © 2008 48
![Page 49: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/49.jpg)
Using a DV certificate to spoof EV
Intrepidus Group, Inc. © 2008 49
EV SSL & SSL Rebinding
Mixed Content policies do not distinguish DV SSL from EV SSL
SSL Rebinding attacks allow for EV MITM with only a valid DV certificate
Browsers cannot handle CA’s “tiers of trust”
How do we fix this going forward?
![Page 50: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/50.jpg)
Client Side Countermeasures
White Listing Pubic Keys
Perspectives Plug-in
Not perfect
Client side proxies to handle white listing is a better option
Intrepidus Group, Inc. © 2008 50
![Page 51: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/51.jpg)
Recommendations for CAs
Check out OWASP
Their materials are free
Make a donation
Web App Sec 101
Inventory your web apps
Get them assessed (not SCANNED)
Penetration Test
Source Code Review
Intrepidus Group, Inc. © 2008 51
![Page 52: Criminal Charges are not pursued: Hacking PKI - DEF CON · Criminal charges are not pursued: Hacking PKI Mike Zusman ... of approved aliases Webmaster, ... sites PayPal and Verisign](https://reader034.vdocuments.site/reader034/viewer/2022051509/5aea83117f8b9ac3618ddc07/html5/thumbnails/52.jpg)
Thank you
Intrepidus Group, Inc. © 2008 52
Questions?
More SSL Proxy code and documentation on my blog.
http://schmoil.blogspot.com