The L0pht has issued a new advisory for an routing-type attack that can,
they say, allow for man-in-the-middle attacks against SSL-protected sessions
(http://www.l0pht.com/advisories/rdp.txt).
The implication -- that there's a flaw in SSL -- is probably wrong. But
they're dead-on right that there's a real risk of man-in-the-middle attacks,
because the attacker can go around the crypto.
By sending the proper ICMP packets to a vulnerable host (most Windows 95/98
boxes, and some Solaris/SunOS systems), outbound traffic can be routed to an
attacker's machine. This machine can pretend to be the destination of
the SSL-protected call; it in turn calls the real destination.
The obvious protection is for users to check the certificate. Most users, of
course, don't even know what a certificate is, let alone what the grounds are
for accepting one. It would also help if servers used client-side
certificates for authentication, since the man-in-the-middle can't spoof
the user's certificate. But almost no servers do that.
This is why I wrote, a year ago, that we effectively have no PKI for the Web.
It also underscores the importance of looking at the entire system design,
rather than just the crypto. Crypto alone can't save the world; it's
necessary, but far from sufficient.
