[ISN] Crypto breakthrough shows Flame was designed by world-class scientists

From: InfoSec News <alerts_at_private>
Date: Fri, 8 Jun 2012 02:54:56 -0500 (CDT)
http://arstechnica.com/security/2012/06/flame-crypto-breakthrough/

By Dan Goodin
ars technica
June 7, 2012

The Flame espionage malware that infected computers in Iran achieved 
mathematic breakthroughs that could only have been accomplished by 
world-class cryptographers, two of the world's foremost cryptography 
experts said.

"We have confirmed that Flame uses a yet unknown MD5 chosen-prefix 
collision attack," Marc Stevens and B.M.M. de Weger wrote in an e-mail 
posted to a cryptography discussion group earlier this week. "The 
collision attack itself is very interesting from a scientific viewpoint, 
and there are already some practical implications."

"Collision" attacks, in which two different sources of plaintext 
generate identical cryptographic hashes, have long been theorized. But 
it wasn't until late 2008 that a team of researchers made one truly 
practical. By using a bank of 200 PlayStation 3 consoles to find 
collisions in the MD5 algorithm—and exploiting weaknesses in the way 
secure sockets layer certificates were issued—they constructed a rogue 
certificate authority that was trusted by all major browsers and 
operating systems. Stevens, from the Centrum Wiskunde & Informatica in 
Amsterdam, and de Wegwer, of the Technische Universiteit Eindhoven were 
two of the driving forces behind the research that made it possible.

Flame is the first known example of an MD5 collision attack being used 
maliciously in a real-world environment. It wielded the esoteric 
technique to digitally sign malicious code with a fraudulent certificate 
that appeared to originate with Microsoft. By deploying fake servers on 
networks that hosted machines already infected by Flame—and using the 
certificates to sign Flame modules—the malware was able to hijack the 
Windows Update mechanism Microsoft uses to distribute patches to 
hundreds of millions of customers.

[...]


--
We're in a bit of a budget crunch,
Help InfoSec News with a Donation
http://www.infosecnews.org/donate.html
Received on Fri Jun 08 2012 - 00:54:56 PDT

This archive was generated by hypermail 2.2.0 : Fri Jun 08 2012 - 00:50:49 PDT