25C3: Severe Vulnerabilities in SSL and SSH
The last day of the four-day 25C3 congress in Berlin ended with an edge of suspense. In keeping with the theme of the congress, speakers had "nothing to hide" about well-known and new vulnerabilities in two of the most important Internet security protocols, SSH and SSL.
The presentation by Luciano Bello und Maximiliano Bertacchini covered the pseudorandom number generator (PRNG) vulnerability that had plagued Debian the middle of 2008. The two Argentineans once again worked the vulnerability and concluded emphatically that the problem affects not only Debian server admins, but all system admins whose hosts had at one time used Debian to create certificates. Furthermore, the problem affects not just SSH, but GnuPG-signed data and SSL certificates created with libssl.
The speakers ended with an arcane rundown on how theoretical weaknesses in the MD5 hash function could have serious practical consequences. An international team assembled by Hackerspace activist Jacob Appelbaum had identified how a complete root certificate can be generated that all web browsers would unfortunately accept.
The team was looking for an SSL found in current browsers that uses the MD5 hash function, even though MD5 (dating from 1991) "has been broken" since 2004 and caused further vulnerabilities in 2007. The rogue Certification Authority (CA) they could produce had the same hash fingerprint as its originator, which experts call a collision. The collision allows modification via a calculation of a limited number of bytes. The team used a cluster of 200 Playstation 3 machines outfitted with Cell processors and spent three days simulating the collisions. (The alternative would have been running on an Amazon EC2 at a cost of about $20,000.)
The researchers and developers registered a domain and allowed a CA to generate a legitimate SSL certificate by using the old MD5 hash. They then created a collision that produced a sub-certificate and by some scripting and good luck found a certificate with a requested serial number and a defined timestamp (both being required for the attack). Within four weekends they had the rogue SSL certificates they wanted, at a cost of under $1,000.
If a man-in-the-middle attacker could divert the SSL-secured connection and present his own certificate, signed by the falsified sub-certificate, instead of the one requested by the server, no browser would have a chance to recognize the manipulation. These kinds of attacks could pose a serious threat, for example, to e-banking applications with SSL-secured IMAP servers or that run over SSL VPNs. Because the discovers of the attacks don't want to reveal the certificates, there's only a brief window in which browser makers, CAs, and finally users can update their applications.
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
So Long Neofetch and Thanks for the Info
Today is a day that every Linux user who enjoys bragging about their system(s) will mourn, as Neofetch has come to an end.
-
Ubuntu 24.04 Comes with a “Flaw"
If you're thinking you might want to upgrade from your current Ubuntu release to the latest, there's something you might want to consider before doing so.
-
Canonical Releases Ubuntu 24.04
After a brief pause because of the XZ vulnerability, Ubuntu 24.04 is now available for install.
-
Linux Servers Targeted by Akira Ransomware
A group of bad actors who have already extorted $42 million have their sights set on the Linux platform.
-
TUXEDO Computers Unveils Linux Laptop Featuring AMD Ryzen CPU
This latest release is the first laptop to include the new CPU from Ryzen and Linux preinstalled.
-
XZ Gets the All-Clear
The back door xz vulnerability has been officially reverted for Fedora 40 and versions 38 and 39 were never affected.
-
Canonical Collaborates with Qualcomm on New Venture
This new joint effort is geared toward bringing Ubuntu and Ubuntu Core to Qualcomm-powered devices.
-
Kodi 21.0 Open-Source Entertainment Hub Released
After a year of development, the award-winning Kodi cross-platform, media center software is now available with many new additions and improvements.
-
Linux Usage Increases in Two Key Areas
If market share is your thing, you'll be happy to know that Linux is on the rise in two areas that, if they keep climbing, could have serious meaning for Linux's future.
-
Vulnerability Discovered in xz Libraries
An urgent alert for Fedora 40 has been posted and users should pay attention.