9th
Fallout from Debian OpenSSL fiasco gets worse…
While researching SSL for Pro PHP Security, I discovered that Certificate Revocation Lists are generally ignored by browsers and http-fetching libraries. Perhaps I was too cynical at the time (this was 2004, in the middle of MSIE’s browser stagnation plan), but I chalked it up to business as usual: CRLs just aren’t a visible part of security infrastructure, therefore developers don’t publish them, therefore browsers don’t check, and therefore CRLs aren’t visible, repeat.
Unfortunately for all of us, lack of support for Certificate Revocation means that all of the weak SSL Certs that resulted from Debian’s blunder can still be considered “live” until they finally expire. Laurie and Clayton exploit this in CVE-2008-3280, using an OpenID example.
If an attacker has a copy of an oldish SSL cert with a predictable key (and it only takes seconds to find out), they can host their own secure server that spoofs the domain listed in the certificate. This wasn’t a big deal before, because who would go to mybank.attacker.com and think that it was really mybank.com?
But now that attackers can re-engineer DNS to suit their nefarious ends, they can trick your browser into looking for mybank.com on their own server. With a still-valid security certificate and no warnings. Good times.
