[5393] in cryptography@c2.net mail archive
Re: going around the crypto
daemon@ATHENA.MIT.EDU (MIKE SHAW)
Sat Aug 14 12:04:35 1999
Date: Fri, 13 Aug 1999 11:29:04 -0500
From: "MIKE SHAW" <mas@sbscorp.com>
To: cryptography@c2.net, smb@research.att.com
It's my understanding that in order to exploit this, you'd have to =
essentially
set yourself up as a proxy after sending the RDP advert If this is the =
case,=20
wouldn't the fact that the man in the middle did not have the cert that
corresponded to the domain name cause at least one warning for most
browsers? ('certificate name check' in netscape, 'wrong certificate name' =
in
Opera). Otherwise, you'd just be acting as a router and SSL would prevent
sniffing. Am I missing something?
-Mike
>>> "Steven M. Bellovin" <smb@research.att.com> 08/13 9:16 AM >>>
The L0pht has issued a new advisory for an routing-type attack that can,
they say, allow for man-in-the-middle attacks against SSL-protected =
sessions
(http://www.l0pht.com/advisories/rdp.txt).
The implication -- that there's a flaw in SSL -- is probably wrong. =
But=20
they're dead-on right that there's a real risk of man-in-the-middle =
attacks,=20
because the attacker can go around the crypto.
By sending the proper ICMP packets to a vulnerable host (most Windows =
95/98=20
boxes, and some Solaris/SunOS systems), outbound traffic can be routed to =
an=20
attacker's machine. This machine can pretend to be the destination of=20
the SSL-protected call; it in turn calls the real destination.
The obvious protection is for users to check the certificate. Most users, =
of=20
course, don't even know what a certificate is, let alone what the grounds =
are=20
for accepting one. It would also help if servers used client-side=20
certificates for authentication, since the man-in-the-middle can't =
spoof=20
the user's certificate. But almost no servers do that.
This is why I wrote, a year ago, that we effectively have no PKI for the =
Web.
It also underscores the importance of looking at the entire system =
design,=20
rather than just the crypto. Crypto alone can't save the world; it's=20
necessary, but far from sufficient.
