dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
8018
OZO
Premium Member
join:2003-01-17

2 recommendations

OZO to Name Game

Premium Member

to Name Game

Re: Emergency Bulletin: Unauthorized Certificate used in "F

The article makes misleading statements. For example:
said by Microsoft speaks out on Flame malware certificate forgery :

the recipient can use your public key - and only your public key - to decrypt it and thus to validate it. If the certificate doesn't decrypt with your public key, then clearly you didn't sign it, and vice versa.

Public keys are not used to decrypt certificate. In fact, public key don't decrypt anything. They are used just for two purposes only: 1) to verify signature and 2) to encrypt message.

They offer:

The moral of the story?

Don't use digital certificates which rely on MD5. In fact, avoid MD5 as far as you can. You should not use MD5 in any new IT project.

We use root certificates, which m$ puts into our computers. We do not choose certificates to use them or not, do we? So what the point of this advice?

I think they intentionally create fog around the story, covering how it's actually happened. Yes, MD5 collision could happen (it's true for any hash). But it'd require a very long time and to use super computers to achieve. It's much easier to generate those certificates using official signing certificate and conventional signing procedure, rather than rely on some "luck". Then, of course, you have to spread rumors that it's a MD5 collision and start to spread misleading statements to cover the actual story... And next time you are going to open public eyes to "new" story, that SHA1 collision is possible too. But you know what, as old say, if it walks as a duck and quacks as a duck - it's a duck.

And second question related to the fishy story of how fraudulent certificates were created - tell us how those 3 certificates come into computers? Were they installed by automatic updates or what? If so, why anyone should trust those "automatic" procedures now?
The Snowman
Premium Member
join:2007-05-20

The Snowman to Name Game

Premium Member

to Name Game

Note: the following is pure speculation

_________________

Microsoft Servers were not penetrated.......an most likely never will be penetrated........very little is impossible......an yet, the odds of this happening is astronomical.


Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

Name Game to OZO

Premium Member

to OZO
You do understand how this all went down don't you ? And has naught really to do with the home user....

because of a flaw in Microsoft's Terminal Services licensing certificate authority (CA), which is normally used by enterprises to authorize remote desktop services and sessions, it allowed attackers to generate digital certificates that could be used to "sign," or validate, code in Flame.

"Flame is using valid but fake Microsoft certificates to sign the code through a bug in their CA system via Terminal Services," Storms summarized. "So when the code was checked for validity, it properly linked back to the root and was accepted as okay."

The end result: Parts of Flame appeared innocuous because for all intents and purposes, they were signed by Microsoft itself.

Microsoft addressed the flaw by revoking three certificates, and issuing an update to all versions of Windows that added those certificates to the revocation list.

Even Windows 8 -- both the Consumer Preview and last week's Release Preview -- was affected, and will receive the certificate revocation update, Microsoft said in a security advisory released Sunday.

To prevent other attackers from doing the same -- and spoofing certificates on unpatched PCs -- Microsoft also modified the Terminal Server licensing service so it can no longer issue code-signing certificates.

Interesting to note..win7 64 bit Machines were not infected by flame.
OZO
Premium Member
join:2003-01-17

1 recommendation

OZO

Premium Member

Why Terminal Service becomes an important point here?

Perhaps Microsoft's Terminal Services was actually used as a signing procedure in this particular occasion. But it's not important at all. There are hundreds of different and proper ways to make valid signatures without using TS. And it's platform agnostic, BTW. I have sets of my own signed certificates and I don't need to use TS in order to make them valid. So, why it becomes important here?

StuartMW
Premium Member
join:2000-08-06

1 edit

StuartMW

Premium Member

said by OZO:

I have sets of my own signed certificates and I don't need to use TS in order to make them valid.

Are they self-signed or signed by Microsoft?

The point, made quite clearly by Name Game See Profile, is that the certificates were issued by Microsoft. Did Microsoft willingly issue them? No, they were fraudulently obtained. What is unclear?

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

Name Game to OZO

Premium Member

to OZO
It's important because that's how the whole thing came down.
OZO
Premium Member
join:2003-01-17

OZO to StuartMW

Premium Member

to StuartMW
I'm the CA, of course.

If you want to send signed mail you can use your own mail certificate, signed by your own root certificate. If someone receives your mail first time, their computer will ask something like this - the mail is singed with certificate, that is not in your root list. What do you want to do? If you trust it (it's a good time to check its thumbprint now) - include it in your list (and computer will never ask that question again). If you don't, you may open and use mail, but next time the question will appear again. That's how my root CA may come into your computer (by your will only, of course). Other certificates signed by the same root CA are used for many other and different purposes (secure connections between computers, etc). They all are signed by my root CA.

You may want to look at it and start using your own certs as well. The only disadvantage that you will encounter with your PKI comparing to those, that require big money to sign, is your peers will be asked (once) if they want to add your root CA cert into their cert store... That's all. If you don't want your recipients to be asked that question - pay big money to companies that put their root CA certs into default distribution packages coming with OS or web browsers. That's how all they make money...

But again, you don't need TS to make your own PKI.
OZO

OZO to StuartMW

Premium Member

to StuartMW
said by StuartMW:

the certificates were issued by Microsoft. Did Microsoft willingly issue them? No, they were fraudulently obtained. What is unclear?

Fraudulently obtained? How is that clear?

StuartMW
Premium Member
join:2000-08-06

StuartMW to OZO

Premium Member

to OZO
said by OZO:

But again, you don't need TS to make your own PKI.

You're totally missing the point.

The "Flame" malware was digitally signed by a valid, although fraudulently obtained, Microsoft certificate. Anyone installing the malware software would see it as genuine Microsoft software.

TS is only relevant in that the Microsoft certificate came from a Microsoft CA used for TS applications.

I really don't understand what is unclear about it.
The Snowman
Premium Member
join:2007-05-20

The Snowman to Name Game

Premium Member

to Name Game

OZO said :
" Fraudulently obtained? How is that clear? "

_________________________

*** Note: the following is pure speculation ( yeah again )

Is it possible that a certain person is wondering if those Certs were really " Fraudulently obtained " ? ? ?
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20 to Name Game

Premium Member

to Name Game
said by Name Game:

Interesting to note..win7 64 bit Machines were not infected by flame.

Why is this? It surprises me. I realize 64 bit is more secure by nature but what exactly is the protection here?

DevilFrank
join:2003-07-13

DevilFrank

Member

said by Mele20:

said by Name Game:

Interesting to note..win7 64 bit Machines were not infected by flame.

Why is this? It surprises me. I realize 64 bit is more secure by nature but what exactly is the protection here?

+1
what is the difference between vista-64 and w7-64?

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

1 edit

Name Game

Premium Member

no idea..was reported by one of the AV's analyzing Flame.

My guess is that no one in there right mind runs vista of any flavor.
Name Game

Name Game to Mele20

Premium Member

to Mele20
said by Mele20:

said by Name Game:

Interesting to note..win7 64 bit Machines were not infected by flame.

Why is this? It surprises me. I realize 64 bit is more secure by nature but what exactly is the protection here?

Here is the tweet..

Kaspersky Lab @kaspersky
RT @e_kaspersky Guys, let me say this again: the known versions of #TheFlame do NOT run under 64-bit Win7

»www.securelist.com/en/bl ··· _Servers

My guess is that it is programmed to just back out.

"The vast majority of Flame infections are machines running Windows 7 32 bit. Windows XP is following next. It’s important to say that Flame does not run on Windows 7 64 bit, which we previously recommended as a good solution against infections with other malware."

Had posted that link already..guess no one really reads the stuff.
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20

Premium Member

I saw that link you posted and saw at least two references to "it will not run on Win 7 64bit" in various articles...but why specifically? If it backs out, if on Win 7 64bit, why is it programmed to do that? Is it something to do with W7 64 bit memory protection or what?

Plus, why were the creators so sure that the target computers would be running W7 32bit? In the USA, almost all new computers for sale run 64bit. That is not true in the middle east or other areas of the world? I read this was brilliant...not that brilliant if the creators could not make it work on W7 64bit.

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

1 edit

Name Game

Premium Member

I would suggest to you..the developers and the CC knew their target..were interested in Secrecy..were not interested in collateral damage on this test run..and that not so much they could not..but rather did not...that is brilliant. We call it precision attack.

Cool how they can back it out..shut it down..and not leave a trace.
current version of Flame are w32 BTW .

DKS
Damn Kidney Stones

join:2001-03-22
Owen Sound, ON

DKS

said by Name Game:

I would suggest to you..the developers and the CC knew their target..were interested in Secrecy..were not interested in collateral damage on this test run..and that not so much they could not..but rather did not...that is brilliant. We call it precision attack.

Cool how they can back it out..shut it down..and not leave a trace.
current version of Flame are w32 BTW .

Flame "virus" is now self destructing.

KodiacZiller
Premium Member
join:2008-09-04
73368

1 edit

KodiacZiller to OZO

Premium Member

to OZO
said by OZO:

I think they intentionally create fog around the story, covering how it's actually happened. Yes, MD5 collision could happen (it's true for any hash). But it'd require a very long time and to use super computers to achieve.

Wrong. MD5 collisions were found a long time ago and various researchers have publicly demonstrated how to forge fake certificates with MD5 (and they used a cluster of 200 Playstation 3's to do it). The truth is MD5 is extremely easy to break and it does *not* take supercomputers. From Wikipedia:
quote:
In 1996, a flaw was found with the design of MD5, and while it was not a clearly fatal weakness, cryptographers began recommending the use of other algorithms, such as SHA-1Ć¢€”which has since been found also to be vulnerable. In 2004, more serious flaws were discovered in MD5, making further use of the algorithm for security purposes questionableĆ¢€”specifically, a group of researchers described how to create a pair of files that share the same MD5 checksum.[4][5] Further advances were made in breaking MD5 in 2005, 2006, and 2007.[6] In December 2008, a group of researchers used this technique to fake SSL certificate validity,[7][8] and US-CERT now says that MD5 "should be considered cryptographically broken and unsuitable for further use."[9] and most U.S. government applications now require the SHA-2 family of hash functions.[10]
MD5 is not theoretically broken, but is practically broken. Anyone with modest computing power and know-how can easily forge MD5 certs. It doesn't take the NSA or millions of dollars.

I am with you 100% on Microsoft distrust -- I don't trust them one bit. I wouldn't be surprised if NSA is not up to some funny business somewhere with MS. But there is really no evidence that they worked with MS's cooperation with the Flame malware. They could *easily* forge MD5 certs without the help of MS since MD5 is so easy to break.

Security experts have been saying for years to stop using MD5, but a lot of people don't listen. You should really be using SHA-1 (preferably SHA-2) for new certificates.

Bottom line: All MD5 certs need to be revoked right now. It amazes me that MS still uses them.