vulnerabilities Archives -

SSL or S-S-Hell?

Broken Key2009’s Beating on SSL, Round One

Hot on the heels of the Microsoft Crypto API patch comes another SSL vulnerability. The last round of attacks on SSL relied on a problem with the deployment of SSL on the web, as the research of Moxie Marlinspike shows. To sum up the crucial point in their research in a nutshell: just because the x509 protocol in web certificates accepts strings such as\ without terminating the string, that doesn’t mean your web browser will do the same. We’re able to actually create a certificate signing request (.csr) with\0 as the subdomain to a domain which we genuinely control. Because of the automated nature of today’s domain (and subdomain) verification process, this will go unnoticed by most Certificate Authority signing processes. Once we get the certificate back from the CA, we’re able to pose ourselves as a man-in-the-middle. Until recently, most browsers would terminate the string at the null character, leaving “” as the domain for which we’ve been authenticated. Not only is this a theoretical possibility, but Moxie has released tools for it, available at, which are probably still quite effective for unpatched systems.

Round Two: The K.O.

Whereas the null character vulnerability was an issue with web deployment of SSL and certificate chaining, the latest flaw (released on November 5th) seems to be a severe problem with the protocol itself. While there’s been a fair degree of hype surrounding a number of supposed vulnerabilities in SSL, this seems to be the real deal. Specifically, the flaw is in SSL 3.0/ TLS 1.0 – and has something to do with inserting unverified traffic into the renegotiation process of SSL sessions. Marsh Ray of PhoneFactor discovered the vulnerability, which seems to be severe, and “In certain circumstances this flaw could be used in MITM attacks, allowing an attacker to inject attacker-chosen plain text prefix into a secure session of the victim.” The bug has been being worked on for several months, and OpenSSL has released a patch to deal with the bug in its 0.9.8l release, available at Again, this is not a problem with deployment, or (as with last year’s Debian SSL vulnerability) distribution-specific forking, it is a fundamental problem with the way SSL renegotiates sessions. Also unlike last year’s Debian vulnerability, which can be retroactively exploited, this exploit requires foreknowledge of the vulnerability and situating oneself as a man-in-the-middle. Exploits are in the wild as of this writing. Kudos to OpenSSL for releasing a patch so quickly.

Just took the OSCP exam

Alright, so as the topic suggests, I just finished the Offensive Security 101 exam yesterday, and oh man.  I can’t disclose much information about the test itself, but let me tell you this: it was both frustrating, exciting, and triumphant all at once.  Well, only triumphant if you pass, I suppose.  Okay, so this is the first exam I’ve taken since college, and I have to admit, I was pretty nervous for it.  Alright, you could consider my post-college sociology degree job searching a test of some kind.  *Insert inaudible mutterings about the job market here.*

OS101 is unique in its field: it teaches you about software security holes from the perspective of the attacker.  It explains common vulnerabilities in network security, and the attack vectors involved in exploiting them.  It also teaches, among other things, enumeration techniques, Google h4x, and tunneling services through ssl proxies.  And it’s fun!  The Offensive Security team has built a lab environment that you VPN into, with a wide array of machines running different unpatched services.  And they give you access to a windows machine with OllyDbg, a windows debugger that allows you to develop exploits at a very low level using 32-bit assembly language.  Don’t be put off if you’re not familiar with assembly – I don’t even really know it myself, but nonetheless it was a blast learning how things that wind up on milw0rm actually get developed.

The lectures that the course provides are very straightforward and explain things in an easy-to-understand manner, so even if you haven’t coded before, it’s definitely worth it to give it a try.  OS101 assumes a basic understanding of the Linux command line and the bash environment.

This is somewhat tangential, but I have to make another recommendation here.  If you are interested in network security, cryptography, and electronic privacy and want to keep up to date on these and other things, I highly recommend listening to the Security Now weekly podcast.  Security Now features a maverick in the industry and the creator of the data recovery tool SpinRite, Steve Gibson.

Anyway, I really do feel like a walking billboard now, so I’ll leave it at that!