I would like to know if someone already knows if some of the following assumptions may or may not work. Mike Benham under Bugtraq released an advisory about how the MS IE browser and some others does NOT check the basic constraints extension in an X.509v3 certificate. This enables the potential for someone to do a man in the middle attack. Assumption 1: Could the same affect happen with authenticode certificates used to validate code by MS Windows? I'm figuring that the underlying code is the same; therefore, both end systems (SSL and authenticode) should behave similarly. Assumption 2: If a hacker was able to control, the DNS entries for a user, and the hacker was able to fake out the SSL session and the authenticode authentication using Ben's find and assumption 1, then the hacker should be able to completely control the windows update feature. A hacker could control the user's DNS entries through a trojan horse that is able to poisen the internal DNS. If assumption 1 and 2 can be accomplished, then a hacker through a trojan horse should be able to use MS' windows update to install any component into the victim's computer including mod'ing the kernel. The interesting part of this is that the trojan'd computer would actually not have to infect other computers to be able to have all computers using windows update and the same DNS to be taken over. The trojan'd computer just needs to mod the local DNS and possibly be the web site for the attack. All other victims would come willingly. __________________________________________________________________ Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/ Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/
This archive was generated by hypermail 2b30 : Thu Aug 15 2002 - 15:16:42 PDT