On 2-Jan-09, at 9:56 AM, Robert Mathews (OSIA) wrote:
Joe Greco wrote:
[ .... ]
Either we take the potential for transparent MitM attacks
seriously, or
we do not. I'm sure the NSA would prefer "not." :-)
As for the points raised in your message, yes, there are additional
problems with clients that have not taken this seriously. It is,
however,
one thing to have locks on your door that you do not lock, and
another
thing entirely not to have locks (and therefore completely lack the
ability to lock). I hope that there is some serious thought going
on in
the browser groups about this sort of issue.
[ ... ]
... JG
F Y I, see:
SSL Blacklist 4.0 - for a Firefox extension able to detect 'bad'
certificates @
http://www.codefromthe70s.org/sslblacklist.aspx
Best.
Snort rule to detect said...
url: http://vrt-sourcefire.blogspot.com/2009/01/md5-actually-harmful.html
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"POLICY Weak
SSL OSCP response -- MD5 usage"; content:"content-type: application/
ocsp-response"; content:"2A 86 48 86 F7 0D 01 01 05"; metadata: policy
security-ips drop, service http; reference: url, www.win.tue.nl/hashclash/rogue-ca/
; classtype: policy-violation; sid:1000001;)
cheers,
--dr
--
World Security Pros. Cutting Edge Training, Tools, and Techniques
Vancouver, Canada March 16-20 2009 http://cansecwest.com
London, U.K. May 27/28 2009 http://eusecwest.com
pgpkey http://dragos.com/ kyxpgp
