International Team Discovers Way to Mimic Digital Identity

An international team of computer security researchers demonstrated today a key weakness in the Internet infrastructure that could let hackers launch virtually undetectable attacks aimed at intercepting secured online communications when consumers visit bank and e-commerce Web sites.

Academic and private security and cryptography experts from the Netherlands, Switzerland and the United States said they have found a way to mimic the digital identity and authority assigned to RapidSSL, a company, that helps Internet users correctly distinguish legitimate Web sites from counterfeit or hostile sites.

RapidSSL is one of dozens of companies, trusted by makers of Internet browsers, to act as so-called "certificate authorities," or CAs for short. CAs issue digital security credentials designed to uniquely identity Web sites. In the process of issuing a certificate, for example, CAs are required to conduct basic background checks to ensure that the applicant has a legitimate claim to the Web site name listed in the requested certificate.
ad_icon

E-commerce and banking sites use these certificates in combination with secure sockets layer (SSL) technology, an encryption scheme designed to ensure that sensitive data transmitted between the site and visiting Web browsers is scrambled and cannot be read by potential eavesdroppers. For example, when Internet users visit a Web site that begins with https://, a small padlock symbol appears in the user's Web browser window indicating a secure connection that's using an SSL certificate issued by one of the approved CAs.

The problem, the researchers realized, is that RapidSSL and a few other CAs still sign their digital certificates using a cryptographic method, called MD5, that suffers from known weaknesses. Combining recent and new research about ways to exploit those weaknesses with a homegrown, massive array of number-crunching machines (which included networking together about 200 PlayStation 3 gaming consoles), the team was able to reproduce a virtual clone of the digital signature RapidSSL uses to sign SSL certificates.

Armed with those credentials, an attacker who had seized control over a large network, for example, could intercept all requests for users trying to visit a specific e-commerce or banking Web site. The attacker could then redirect the user to a counterfeit version of the site designed to steal the user's credentials. All the while, the user may never know the difference, because the attacker would have presented the victim's Web browser with an SSL certificate, which was signed by an approved CA.

"Signing certs with MD5 in 2008 is negligent," said Jacob Appelbaum, one of the team members and a researcher with the Tor Project, a free online anonymity technology. "The problem is that we trust these CA companies, and maybe we shouldn't."

Two members of the research team demonstrated the exploit live today before hundreds of attendees at the 25th Chaos Communications Congress, a security convention held annually in Berlin.

Appelbaum, perhaps best know for his leading role on recent research into so-called "cold boot" attacks, techniques that can break some of the most widely used forms of computer data encryption, said the group took precautions to ensure that its work could not be copied, at least not immediately.

"A highly skilled researcher and programmer who has been working in this area before might duplicate our work in a month," Appelbaum said. "Starting from scratch without prior understanding of the techniques used will be far more challenging and might take a particularly dedicated and smart individual three or more months."

The team also does not plan to release all of the details about the improved methods (ppt) it used to duplicate the CA for several months. They also have intentionally hobbled the usefulness of the rogue CA they created by outfitting it with an expiration date that has already passed. In order to actively participate in today's live demonstration, conference attendees were asked to set their system clocks back to August 2004.

Appelbaum said the team's research shows that the reliability of the modern CA system, as with most security systems, is only as strong as its weakest link. Web browsers such as Microsoft's Internet Explorer and Mozilla's Firefox are automatically configured to accept any certificates signed by an approved CA. As a result, an attacker using the team's method could create a counterfeit certificate for virtually any Web site -- regardless of the strength of the cryptography used by the signing CA -- as long as the browser implicitly trusts certificates issued by at least one CA that uses the vulnerable encryption scheme.

Posted by Justin Payton in Adware, Spyware and Trojans at 15:49

A new computer virus whose origin is not yet clearly known is affecting computer files throughout the world. The virus, first detected on September 22, 2008, has caused extreme disruption by attacking office and operating system files.

‘Dula@204’ attaches itself to executable files and corrupts different types of files. Many experts in the field are expressing their frustration over its special attacking style.

Eyal Ben gal, CEO of ETS Software, an international Microsoft certified company, told Capital that the virus replicates itself in a disruptive way.

“First known by the code name ‘virus.win32.agent.cb’, it continually returns to your computer even if you clean it,” says Mr. Ben gal. “It is very fatal; I have never seen anything like this before.”

The Israeli IT specialist recommended that computer users upgrade their antivirus software continually to effectively protect from such attacks.

According to research, computer viruses have been around since the invention of PCs and target different files. The wide use of the internet has accelerated the dissemination of viruses through enhanced file sharing and downloading capabilities. Historically, computer graduates, programmers and hackers have been developing computer viruses for a variety of purposes.

“For example, hackers develop viruses in the form of programs to enter into other peoples’ accounts and access personal information,” Mr. Ben gal explained.

Even the country’s computer experts have been challenged to deal with the unique virus.

Posted by Justin Payton in Adware, Spyware and Trojans at 09:50

When Klipsi chases a solar eclipse, no matter where it takes him, NOD32® is here to protect his gear and keep his live webcasts going.

Total solar eclipses can be beautiful, very beautiful. Ever since witnessing his first annular eclipse in the early nineties, this Swiss storm and eclipse chaser Olivier Staiger, aka Klipsi (www.klipsi.com) has travelled the globe in search of the next 2-minute adrenaline rush. He's seen and photographed solar eclipses on Easter Island, near Galapagos, Iguassu (Brazil), Texas, Thailand, Mongolia, Australia, the great eclipse of the Caribbean in 1998, in Afrika and many other places. In 2003, an eclipse tour took him to Antarctica.

This year, on August 1st 2008 (Swiss Independence Day!) a total eclipse of the Sun came to the islands of Franz Joseph Land (Russia), way up in the Arctic Seas. Klipsi joined an expedition onboard a russian nuclear ice breaker. The Voyage took him to the Northpole, and Klipsi was busy each day taking pictures and uploading them into his website's video blog, powered by Kyte™.

Posted by Justin Payton in Adware, Spyware and Trojans at 12:22

NAUGHTY, NOT NICE: Unsuspecting online shoppers could have their personal information stolen by hackers if they don’t exercise some caution

TrendMicro Inc, the nation’s top software company, yesterday published a list of the top 10 ways hackers commit identity theft involving unsuspecting online shoppers during the holiday season.

As the public goes online to purchase Christmas or New Year’s presents, hackers find ways to infect both business and personal computers, as well as steal personal information from Internet shoppers, the computer security company said in a release.

Internet criminals often create false online stores to lure shoppers with incredible discounts or promotions. An example is a false advertisement for Apple Inc’s popular iPhone that attracted shoppers to make a purchase on a fake site and infected their computers with the malicious TROJ_AYFONE.A virus to steal credit card and personal information, TrendMicro said.

Posted by Justin Payton in Adware, Spyware and Trojans at 09:38