Is MD5 certificate attack a lethal hit to SSL?

Posted on January 12, 2009 by wunderbarb

MD5 is known to be a weak hashing algorithms for many years. Thus, it was vanishing from the scope. The scope was more on attacking SHA family. Nevertheless, researchers (Alex Sotirov, Marc Stevens, Jake Appelbaum, Arjen Lenstra, Benne de Weger, and David Molnar) have brightly combined three weaknesses: MD5 collision, the fact the some certification Authorities (CA) still use MD5 to sign SSL certificates, and that browsers poorly manage root certificates. They presented their attack at Chaos Computer Club conference.

The researchers asked a legitimate CA to sign with MD5 a legitimate SSL certificate. Then they forged a root key using the same signature. Bingo! They could now generate and sign “legitimate” SSL certificates.

Is it dangerous? Not really. First of all, the majority CAs are not anymore using MD5. The attack does not work on certificates that were already issued. In other words, when receiving new certificates signed with MD5 (normally very few) be cautious with the issuing date. You can still trust SSL. :Wink:

The cure is extremely simple. No CA should anymore use MD5 to sign certificates. The CA that signed the certificate used for the demonstration announced that it will soon get rid of MD5 :Happy:

Although not lethal attack, the work of the researchers is a an extremely nice and smart attack. The attack will be detailed in Security newsletter #12

DRM free music

Posted on January 9, 2009 by wunderbarb

The movement towards DRM free music continues. The biggest event is of course iTunes that announces that its complete catalog will be available as DRM free songs. iTunes announced also a new price list adding $0.69 songs (in addition to $0.99 and $1.29)

Warner France followed this movement. It announced that its two sites Fnac Music and Virgin Media will sell DRM free songs in 2009. Nevertheless, it is a trial and the final decision will be taken in 2010.

DRM free music is a trend that will not stop. Will it extend to other fields such as games or video? I am not sure. of course, customers would like it. DRM free distribution with a session watermark to detect eventual illegal distribution is promoted, for instance by the Digital Watermark Alliance.. Nevertheless, there are several differences with music. According to me, the biggest one is that the investments are far huger than music. In the case of video, the release windows strategy and commercial agreements are also problems.

We will continue to monitor this trend in 2009.

MediaSentry loses RIAA contract

Posted on January 8, 2009 by wunderbarb

Monday 5 January 2009: RIAA’s spokersperson Jonathan LAMY has officially confirmed that RIAA does not anymore use the services of MediaSentry. He informed that RIAA uses a Danish company DtecNet.

Many reasons may have driven this decision. It seems that the way the supposed infringing IP address were collected may not sustain the non repudiation of illegal sharing. This is an extremely tough issue. How do you legally prove (in an efficient way) that the peer really shared illegal content? MediaSentry was also using techniques to spoil (For an overview, see Fighting piracy in Security Newsletter #11). These techniques are somewhat controversial. This summer, a leakage of emails of MediaDefender, a competitor of MediaDefender, shaded some lights on the types of thwarting techniques. Furthermore, some mails described the results of competitive intelligence on MediaSentry. In other words, MediaDefender’s story generated very bad reputation for the sector. Is MediaSentry a collateral victim of MediaDefender’s leakage?

The toolbox of DectNet, at least as announced on their site, does only offer non controversial techniques: Cease and Desist Letter, Litigation Tools and Evidence, Prerelease Monitoring, and statistics. In other words, they do not announce any throttling or poisoning techniques, only monitoring tools. Far less controversial.

Does it mean a change in RIAA’s strategy? I doubt. It is probably a good communication movement. RIAA will continue to track illegal downloading, send Cease and Desist Letters, and sue infringers. RIAA will not sponsor any borderline activity (at least not openly :Wink: )

DNS weakness starts to be cured

Posted on January 6, 2009 by wunderbarb

In security newsletter #11, Patrice AUFFRET recounted the latest attack on DNS by Dan KAMINSKY. Patrice’s conclusion was that the only cure was wide deployment of DNSSEC. DNSSEC is a secure version of DNS that binds textual internet addresses to actual numerical IP addresses. DNSSEC exists for about 14 years but was not yet seriously deployed.

The cure starts! The Public Interest Registry is deploying DNSSEC for all addresses it handles. The Public Interest Registry handles all the .org addresses. The US government, that handles .gov addresses, will also turn to DNSSEC.

With these two big domain spaces turning to DNSSEC, we may expect a snowball effect with more and more domains switching to DNSSEC. The Internet will become (a little bit) more secure. This is a good news for this new year :Happy:

Happy new year 2009

Posted on January 5, 2009 by wunderbarb

I wish to all my readers a prosperous and interesting year 2009. I will not take the risk to make some forecasts. Nevertheless, I will share some thoughts with you.

Will 2009 bring new initiatives in content protection? How will evolve music? Totally DRM free at the end of the year? As long as we will not see new business models appear there will be a problem.

The battle will continue between User Generated Content sites (YouTube, WAT, DailyMotion, Tudou, …) and content owners. Everybody has the feeling that the solution is to share the advertising revenues. But who has an idea on how to make a positive business with UGC? Are we sure that advertising revenues will be sufficient? And the fight with be on the ratio between UGC and content owners. Meanwhile, UGC sites will need to filter out copyrighted contents.

It will be interesting to see at which speed some candidates for the succession of SHA will be dismissed.

And you, what do you foresee?

Music industry strikes for revenue

Posted on December 23, 2008 by wunderbarb

In these last days, there were two main events in the field of copyright for music industry. First, Warner Music requires YouTube to remove all the music clips that “belong” to Warner music. It corresponds to the artists currently under contracts with Warner, but also songs whose rights belong to Warner although the artist is under contract with another company. Warner Music and YouTube negotiated for a long time. They were not able to converge on a repartition of advertising revenues. Warner Music estimates that the proposed value is ridiculous. This is a blow to the promises of free music through ad revenue sharing. What will be the next move? Another studio that sues YouTube? Another UGC site in target such as DailyMotion? Or an agreement between YouTube on a big music studio?

Second, MySpace has removed all the playlists of its members. RIAA is already suing the PlayList Project (see RIAA attacks project PlayList) Facing legal actions, MySpace stepped back. They removed the PlayList widget without prior notice to their users. FaceBook resists and refuses to remove PlayList. The battle continues.

2009 will be an interesting year. Will it be the year where UGC and studios will find some commercial agreements?

US passport and RFID

Posted on December 22, 2008 by wunderbarb

Once more, the use of RFID with ID cards raises many concerns. This time it is for the new US passport cards. These cards are only valid for sea and land travel. It seems that the design was only driven by cost consideration. There are two main characteristics

It uses off the shelf standard EPC chips (i.e., low cost tags as used for inventory tracking)
The reading distance is 50 meters!

Being a standard EPC, the card just delivers a unique ID. This unique ID can be eavesdropped and reprogrammed in a blank EPC. Of course, the security relies on the guard who should check that the corresponding record points to the right owner. But we all know that vigilance decreases with time.
The long range of reading is an obvious privacy issue. With such a distance, it is easy to trace somebody. The solution proposed by the Administration is a privacy sleeve! This would never work with me. I would sooner or later forget it or loose it.
But the nicest is the “Kill” command. For privacy issue, EPC have a kill command that mutes definitively the chip. EPC are used for inventory tracking. Once the item sold, it must be possible to desactivate the chip. This command is legitimate for its initial use but not for this one. In a March post, I described a Denial Of Service attack to pass a border. With this type of card, it is extremely easy to mount it.
As usually, Administration downgrades the risks. According to them, the risks are improbable! When security design is driven by money, the result is often a catastrophe.

The blog of content protection

A site managed by Eric Diehl