Extended Validation Certificates for SSL Websites Compromised

Leading Security Experts to Unveil New Attacks Against EV-SSL During
CanSecWest Presentation

VANCOUVER, British Columbia, March 20 /PRNewswire/ -- Intrepidus Group, a
leading provider of information security solutions, today announced that
Intrepidus Group Senior Consultant, Mike Zusman, and independent security
researcher, Alexander Sotirov will be presenting findings of their joint
research on the security of Extended Validation (EV) certificates for SSL
websites during the tenth annual CanSecWest conference, at the Sheraton Wall
Centre hotel in downtown Vancouver, British Columbia. The joint research shows
that EV certificates, while offering some additional website identity
assurance, are just as vulnerable to man-in-the-middle attacks as the much
cheaper domain-validated SSL certificates. The presentation will be at 5:50
p.m. on March 20, 2009. 

Zusman and Sotirov began their work shortly after Sotirov and an international
team of researchers disclosed in late 2008 that they had used a chosen-prefix
MD5 collision attack to create a rogue signing certificate trusted by all
major web browsers. At the time, the researchers, browser vendors and
certificate authorities believed that websites secured with EV certificates
are not affected by the MD5 collision attack. Sotirov and Zusman's new
research shows that this is not the case. 

"An attacker who has obtained a valid and trusted domain-validated SSL
certificate can use that certificate to completely, and silently, undermine
the security of a browser session protected with an EV SSL certificate," said
Sotirov. 

In a paper originally released in 2008, Stanford University PhD students
Collin Jackson and Adam Barth described a flaw in the same-origin policy
implemented by web browsers that allowed attackers to inject malicious scripts
into websites secured with an EV SSL certificate. During their presentation,
Sotirov and Zusman will show that this is just one of multiple design flaws in
the EV security model as implemented in popular browsers such as Internet
Explorer and Mozilla Firefox. These flaws can be exploited by any attacker who
has fraudulently obtained a domain validated SSL certificate for a website to
launch MITM attacks against the website, even if it is secured with an EV SSL
certificate. 

Users who access secure websites from potentially untrusted networks, such as
Wi-Fi hotspots or hotel Internet connections are particularly at risk. During
their presentation, the two researchers will also demonstrate an advanced
attack against a popular EV SSL-protected payment website. Sotirov and Zusman
call this new type of attack - "SSL Rebinding", and it allows them to
intercept the login and password of payment processing users and perform
arbitrary transactions with their account.

"It is also possible to launch attacks without the use of JavaScript, allowing
an attacker to compromise EV SSL websites even when the user is running
Firefox with the NoScript security extension," said Zusman, who has received
media attention for finding flaws in the domain validation process of a number
of commercial certificate authorities.

The researchers say that there is little users or websites can do to prevent
these attacks and that making the required fixes to the browser security model
would require collaboration between the major browser vendors. While the
results of this research might be disconcerting, Sotirov is optimistic that a
solution can be found. 

"Despite being weakened by these new attacks, EV SSL certificates still have
advantages over the domain validated ones," says Sotirov. "The crux of this
issue is that we are still burdened with the threat of low-security, domain
validated certificates falling into the wrong hands and EV does nothing to
address that."

In addition to their presentation, the two researchers will also release a
paper describing the techniques behind SSL Rebinding, other avenues of attack,
as well as additional mitigation techniques.

Other Available References Sources: 
Alexander Sotirov: http://www.phreedom.org/
Mike Zusman: http://schmoil.blogspot.com/
Paper by Collin Jackson and Adam Barth:
http://crypto.stanford.edu/websec/origins/fgo.pdf
Info on EV certificates:
http://en.wikipedia.org/wiki/Extended_Validation_Certificate
The organization behind EV certificates: http://www.cabforum.org/

About Intrepidus
Intrepidus Group is a leading provider of information security consulting
services and software solutions. With offices in New York City and the
Washington DC metro area, the company offers innovative solutions to help
clients build employee awareness around common information security issues.
Intrepidus Group's consultants also conduct hands-on assessments of critical
applications, networks and products to uncover vulnerabilities, and provide
strategic and tactical recommendations to address identified issues.

Intrepidus and PhishMe.com are trademarks of Intrepidus Group. All other
product and company names herein are or may be trademarks of their respective
owners.





SOURCE  Intrepidus Group

Sabrina Sanchez of Ventana Public Relations, +1-925-999-9985,
sabrina.sanchez@ventanapr.com, for Intrepidus Group