The review of most dangerous vulnerabilities in network environment in 2008

The group of hackers from USA and Europe has developed the fake Certification Authority (CA), by using computational power of more than 200 consoles PS3 and having spent about 700 US Dollars. This is like a “usual” CA allows producing certificates which are trusted by all modern browsers and great amount of users.

This is a demonstration of an effective way of penetration to modern browsers, while their protection is based on trusting to safe resources. And this way allows hackers to create fishing attacks which can’t be virtually detected.

Fake CA in combination with DNS-attack, which is described by Dan Kaminsky, can have serious consequences. He also noted that there is no direct solution of the problem at least until CAs stop using MD5 and switch to a more safe algorithm SHA-1. In this direction works are being conducted. But. A well-known expert in the field of cryptography Bruce Schneier has published in his blog the facts about new achievements of Chinese researchers who managed to reach collisions in hash function SHA-1 while implementing about 2^63 operations and it seems this is far from being the limit. The previous result was 2^69 and by a simple search about 2^80 operations are necessary.

These «revelations» in western press gained enormous attention. They excited the public, but Russian specialists weren’t surprised by this fact. Moreover, they gave some comments like: «Kaminsky hasn’t found out anything principally new, though his method of DNS attacks was used before and it should be helpful for young hackers, who usually don’t know any information about it».

Except for that Russian specialists have published on one of the popular recourses not less «nocuous» DNS vulnerabilities.

DNS-protocol can be running both on top TCP, and on top UDP, and in 99% of cases it is UDP which is used as faster and less recourse-intensive but at the same time less secure one. To send a fake package which will be taken by the victim as right one it is enough to sort out the identifier of sequence (TXID) and the number of the sender-port (SP#). This is where the first stage of the attack ends and the second one begins.

In the simplest case a hacker can send a fake DNS-response with a fake IP-address of some website which is being visited by a user. For example, one of the first ideas is to impose a fake IP of server of updating and to decoy user to a managed site with harmful code files.

After the release of a patches set killing the revealed by Dan Kaminsky vulnerability and after the recommendations about upgrading BIND to the last version, Evgeniy Polyakov discovered the ability of implementation of substitution of data in cache of DNS server of BIND last version.

The mechanism of network port numbers random distribution is being used in last versions BIND for compensation of a not large enough field size with identification request number in DNS package theoretically increased the time of successful attack from several minutes to a week (16 bit query id + 64 thousands of ports). Evgeniy managed to fulfill the successful attack to the new versions of BIND approximately within 10 hours attacking from two computers having access to gigabit link to DNS server (in practice such attack can be implemented from a Trojaned computer in one local network with DNS server). About 130 thousands of fake packages were sent for successful choice of the port number and of the identifier of a package.

General principles of the Kaminsky method attack are perfectly stated in the article "An Illustrated Guide to the Kaminsky DNS Vulnerability", containing detailed explanation of all points and clear evident illustrations.

Moreover, in summer 2008 project Debian informed its users about the released correction mentioning generation of random numbers in library OpenSSL, delivered in structure of operational system Debian Linux.. The error consisted in the fact that the following lines were deleted from the file:

These lines were deleted because the utilities Valgrind and Purify reported about the use of not initialized data in any code using OpenSSL. Removal of these lines has led to that as a random number the identifier of current process began to be used only.

All SSL and SSH keys are generated on derivatives from Debian systems since September, 2006 are weak from the cryptographic point of view. It means that a hacker can reconstruct a key and sign new certificates with its help. Thus, an intruder can implement a brute-force attack to a SSH server relying upon public keys by authentication, to a Web server authenticating users according to personal certificates and to other services. Also, there’s a possibility to implement an attack of the «Man in the middle» type and to decode an intercepted ciphered traffic.

This all means merely that level of the specialists constantly grows and the opposition between the attacking and the defending has no ending.