SlideShare una empresa de Scribd logo

What is-flame-miniflame

Descargar como KEY, PDF
Venafi
Venafi
1 de 32
Venafi Enterprise Key and Certificate Management presents. What is Flame? “One of the most complex threats ever discovered.”
What is Flame? Flame’s creators used a Microsoft certificate with an MD5 signature to create a forged certificate with the same MD5 signature. This new forged certificate created spoofed certificates, and also signed parts of Flame’s code, making it appear as if it all came from Microsoft. This is what gave Flame dangerous access to inter nal IT systems. Once on the network, Flame copies d o c u m e n t s , re c o rd s k e y s t ro k e s , network data and verbal conversations.
Why This Matters Flame was a specific attack that exploited MD5 certificates, but the same technique can be used by anyone. If you have MD5 certificates on your network, you are a target for any attacker exploiting this flaw in MD5. Continue to see how this all happened, and what you can do to remediate it on you network.
“MD5 is no longer acceptable where collision resistance is required such as digital signatures.” Updated Security Considerations for the MD5 Message-Digest and the HMAC-MD5 Algorithms Turner, S. and L. Chen
The Reason Signatures are Important Signatures are made by a “signing algorithm.” Identical inputs get identical signatures: And different inputs, even if only slightly different, produce totally different signatures:
As you’d expect, two unique certificates generate two unique signatures... Unique signatures are how you identify and authenticate different certificates.
But what if your algorithm had a flaw which allowed two certificates to create the same signature?
I’m Looking at the Man in the Middle Flame’s creators forged a certificate that contained the same signature trusted by millions of computers. Let’s see this in action.
A simple scenario of how signatures keep you safe. 1. Client wants to connect, asks for a signed certificate. 2. The Man in the Middle server has an untrusted signature on its certificate. The client chooses not to connect. 3. The client knows it can trust this server because of the signed certificate.
Everything changes when signatures may not be unique. 1. Client wants to connect, asks for a signed certificate. 2. The Man in the Middle server has a forged signature and the client accepts the malicious connection. The Man in the Middle can now intercept and relay all traffic. 3. The target server can’t tell the difference and accepts the connection, transmitting data as normal.
A man in the Middle server can: 1.Impersonate a server entirely. 2.Manipulate data as it is transferred. 3.Act as an invisible eavesdropper.
A Signature Problem How an MD5 Signature is Forged In the world of pen and ink, a signature is meant to represent an individual and to give authenticity to whatever is signed. Two unique people, two unique signatures.
How certificate signing should work: If you have an authentic certificate, and a spoofed certificate, the different certificates should have different signatures. In this case, we are using the SHA2 algorithm to make the signature. SHA2 doesn’t have the same weakness that MD5 has. Trusted Signature Untrusted Signature
Two unique certificates, two unique signatures. The signature cannot be forged.
What happens when it doesn’t work? The fatal flaw in the MD5 algorithm is that a spoofed certificate can be manipulated to generate the same MD5 signature.
Two unique certificates, one shared signature. The signature is now forged. This is the key vulnerability in MD5 exploited by Flame.
“It’s imperative that browsers and CAs stop using MD5” Marc Stevens, 2008 - Cryptology Group, CWI
The Bad News 450 organizations, a sample of the Global 2000, had their networks assessed for MD5 certificate vulnerability. 17.4 % of the certificates found were signed using MD5. Venafi Assessor MD5 Report, June 2012
Think about that number for a minute. 17% Roughly 17 in 100... Are susceptible to the same attack that made Flame possible.
Hiding on your network. “Shhhhh...”
“The risk-based evaluation your company needs to make right now is not about your vulnerability to the Flame virus; it is about your vulnerability to MD5-signed certificates.” June 27, 2012, Derek Brink, Aberdeen Group
The Good News Introducing Venafi MD5 Certificate Assessor™ We have developed a special version of Venafi Assessor™ that is targeted specifically to find MD5 certificates and vulnerabilities and help you remediate them.
MD5 Certificate Assessor: Scan and Locate MD5 Certificates Find the risks so you can eliminate them. Catch the High-Rick Vulnerabilities Protect your company security and reputation. Venafi Assessor is 100% Free Generate your personalized report at no cost. Venafi provides cutting edge enterprise key and certificate management to the world’s largest corporations and government bodies. Any key. Any certificate. Anywhere. Get Venafi MD5 Assessor
1. Download Venafi MD5 Certificate Assessor, and simply enter the IP and port range you want to scan. 2. Let the free tool run a secure, anonymous survey. 3. You will receive an instant report showing you the breakdown of the MD5 certificates on you network.
Assess your MD5 risk fast and easy. Venafi MD5 Certificate Assessor runs within its own VM on your network. Simply specify IP/port ranges and let Assessor discover certificates across your network and generate risk profile reports for you.
The Venafi MD5 certificate Assessor Risk Report Identify areas of risk and vulnerability with the insights that Assessor provides: -Discovery population details -Certificates by CA -Ports that respond to SSL or -STARTTLS handshakes -Days before certificates expire -Certificate validity periods -Certificate key lengths -Signing algorithms -Wildcard certificates -Multiple certificate instances
Prevent outages, breaches & mitigate risks with Venafi. Venafi offers the only EKCM (enterprise key and certificate management) platform that is: -Vendor Neutral -Independent & universal -A full lifecycle management
Will Flame burn your image?
Alarming Increase in Security Breaches – No Longer a Hypothetical Risk 360,000 Customer Accounts Breached Estimated Cost $250 Million Tokens Compromised Replacing All Estimated Cost $100 Million 90,000 Military Emails Breached (md5) ‘Directors Desk’ Attack Substantial Cost and NSA Investigating Network Breach Reputation Damage Reputational Damage Jan 2011 Feb 2011 March 2011 April 2011 May 2011 June 2011 July 2011 May 2012 PlayStation Network Fraudulently Issued Breached Estimated Domain Certificates Cost + $1 Billion Multiple Email Breaches Suspended Operations SQL Injection Attack Millions of Email Accounts Flame Malware attacks Estimated Cost $4 Billion computers running the Fraudulent Issue 7 Domains Microsoft Windows Substantial Reputation Damage operating system Reputation Damage © 2011 Venafi Proprietary and Confidential
Don’t make Damage control the only constant in you cyber defense.
Stuxnet infected Chevron Gauss Flame Reported: (8-nov) Duqu miniFlame Elvis Barbara Tiffany Fiona Sonia Sam Eve Drake Charles Alex
Let us help today! Get the sample report and one-sheet on Venafi MDF Certificate AssessorTM

Recomendados

Sophos a-to-z
Sophos a-to-z Sophos a-to-z
Sophos a-to-z Cheng Olayvar
 
Symantec Website Security Threat Report
Symantec Website Security Threat ReportSymantec Website Security Threat Report
Symantec Website Security Threat Reportcheinyeanlim
 
Shmat ccs12
Shmat ccs12Shmat ccs12
Shmat ccs12Rahul Sule
 
RSAC2013 CME Group case study
RSAC2013 CME Group case studyRSAC2013 CME Group case study
RSAC2013 CME Group case studyVenafi
 
Trust Online is at the Breaking Point
Trust Online is at the Breaking PointTrust Online is at the Breaking Point
Trust Online is at the Breaking PointVenafi
 
Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Four Must Know Certificate and Key Management Threats That Can Bring Down You...Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Four Must Know Certificate and Key Management Threats That Can Bring Down You...Venafi
 
Præsentation Greenland Hostels
Præsentation Greenland HostelsPræsentation Greenland Hostels
Præsentation Greenland HostelsJohn Harry Enggaard
 
SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...
SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...
SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...Venafi
 

Recomendados

Sophos a-to-z
Sophos a-to-z Sophos a-to-z
Sophos a-to-z Cheng Olayvar
 
Symantec Website Security Threat Report
Symantec Website Security Threat ReportSymantec Website Security Threat Report
Symantec Website Security Threat Reportcheinyeanlim
 
Shmat ccs12
Shmat ccs12Shmat ccs12
Shmat ccs12Rahul Sule
 
RSAC2013 CME Group case study
RSAC2013 CME Group case studyRSAC2013 CME Group case study
RSAC2013 CME Group case studyVenafi
 
Trust Online is at the Breaking Point
Trust Online is at the Breaking PointTrust Online is at the Breaking Point
Trust Online is at the Breaking PointVenafi
 
Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Four Must Know Certificate and Key Management Threats That Can Bring Down You...Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Four Must Know Certificate and Key Management Threats That Can Bring Down You...Venafi
 
Præsentation Greenland Hostels
Præsentation Greenland HostelsPræsentation Greenland Hostels
Præsentation Greenland HostelsJohn Harry Enggaard
 
SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...
SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...
SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...Venafi
 
fucking shit
fucking shitfucking shit
fucking shiteyalrav
 
Managing identity frauds
Managing identity fraudsManaging identity frauds
Managing identity fraudsEddy Cormon
 
Ransomware: Hard to Stop for Enterprises, Highly Profitable for Criminals
Ransomware: Hard to Stop for Enterprises, Highly Profitable for CriminalsRansomware: Hard to Stop for Enterprises, Highly Profitable for Criminals
Ransomware: Hard to Stop for Enterprises, Highly Profitable for CriminalsExtraHop Networks
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
The Evolution of Cyber Attacks
The Evolution of Cyber AttacksThe Evolution of Cyber Attacks
The Evolution of Cyber AttacksVenafi
 
Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismGlobal Micro Solutions
 
Cyper security & Ethical hacking
Cyper security & Ethical hackingCyper security & Ethical hacking
Cyper security & Ethical hackingCmano Kar
 
Mitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 AitpMitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 AitpJoann Davis
 
BSides Philly Finding a Company's BreakPoint
BSides Philly Finding a Company's BreakPointBSides Philly Finding a Company's BreakPoint
BSides Philly Finding a Company's BreakPointAndrew McNicol
 
BSidesJXN 2016: Finding a Company's BreakPoint
BSidesJXN 2016: Finding a Company's BreakPointBSidesJXN 2016: Finding a Company's BreakPoint
BSidesJXN 2016: Finding a Company's BreakPointAndrew McNicol
 
cyber crime
cyber crimecyber crime
cyber crimeAshwaniKangotra1
 
Event - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security PerimetersEvent - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security PerimetersSomyos U.
 
presentation_cybercrime_1486105587_257582.ppt
presentation_cybercrime_1486105587_257582.pptpresentation_cybercrime_1486105587_257582.ppt
presentation_cybercrime_1486105587_257582.pptJatinRajput67
 
Online Gaming Cyber security and Threat Model
Online Gaming Cyber security and Threat ModelOnline Gaming Cyber security and Threat Model
Online Gaming Cyber security and Threat ModelEoin Keary
 
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration TestingAsegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration TestingSoftware Guru
 
Why do THEY want your digital devices?
Why do THEY want your digital devices?Why do THEY want your digital devices?
Why do THEY want your digital devices?ESET
 
How websites are attacked
How websites are attackedHow websites are attacked
How websites are attackedMykonos Software
 
Common Cyberthreats and How to Prevent Them (2019)
Common Cyberthreats and How to Prevent Them (2019)Common Cyberthreats and How to Prevent Them (2019)
Common Cyberthreats and How to Prevent Them (2019)Evan Clark
 
Application Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingApplication Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingPriyanka Aash
 
How Credential Stuffing is Evolving - PasswordsCon 2019
How Credential Stuffing is Evolving - PasswordsCon 2019How Credential Stuffing is Evolving - PasswordsCon 2019
How Credential Stuffing is Evolving - PasswordsCon 2019Jarrod Overson
 
Where Are My SSH Keys?
Where Are My SSH Keys?Where Are My SSH Keys?
Where Are My SSH Keys?Venafi
 
When a Certificate Authority Fails, How Quickly Can You Restore Trust?
When a Certificate Authority Fails, How Quickly Can You Restore Trust?When a Certificate Authority Fails, How Quickly Can You Restore Trust?
When a Certificate Authority Fails, How Quickly Can You Restore Trust?Venafi
 

Más contenido relacionado

Similar a What is-flame-miniflame

fucking shit
fucking shitfucking shit
fucking shiteyalrav
 
Managing identity frauds
Managing identity fraudsManaging identity frauds
Managing identity fraudsEddy Cormon
 
Ransomware: Hard to Stop for Enterprises, Highly Profitable for Criminals
Ransomware: Hard to Stop for Enterprises, Highly Profitable for CriminalsRansomware: Hard to Stop for Enterprises, Highly Profitable for Criminals
Ransomware: Hard to Stop for Enterprises, Highly Profitable for CriminalsExtraHop Networks
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
The Evolution of Cyber Attacks
The Evolution of Cyber AttacksThe Evolution of Cyber Attacks
The Evolution of Cyber AttacksVenafi
 
Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismGlobal Micro Solutions
 
Cyper security & Ethical hacking
Cyper security & Ethical hackingCyper security & Ethical hacking
Cyper security & Ethical hackingCmano Kar
 
Mitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 AitpMitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 AitpJoann Davis
 
BSides Philly Finding a Company's BreakPoint
BSides Philly Finding a Company's BreakPointBSides Philly Finding a Company's BreakPoint
BSides Philly Finding a Company's BreakPointAndrew McNicol
 
BSidesJXN 2016: Finding a Company's BreakPoint
BSidesJXN 2016: Finding a Company's BreakPointBSidesJXN 2016: Finding a Company's BreakPoint
BSidesJXN 2016: Finding a Company's BreakPointAndrew McNicol
 
Event - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security PerimetersEvent - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security PerimetersSomyos U.
 
presentation_cybercrime_1486105587_257582.ppt
presentation_cybercrime_1486105587_257582.pptpresentation_cybercrime_1486105587_257582.ppt
presentation_cybercrime_1486105587_257582.pptJatinRajput67
 
Online Gaming Cyber security and Threat Model
Online Gaming Cyber security and Threat ModelOnline Gaming Cyber security and Threat Model
Online Gaming Cyber security and Threat ModelEoin Keary
 
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration TestingAsegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration TestingSoftware Guru
 
Why do THEY want your digital devices?
Why do THEY want your digital devices?Why do THEY want your digital devices?
Why do THEY want your digital devices?ESET
 
Common Cyberthreats and How to Prevent Them (2019)
Common Cyberthreats and How to Prevent Them (2019)Common Cyberthreats and How to Prevent Them (2019)
Common Cyberthreats and How to Prevent Them (2019)Evan Clark
 
Application Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingApplication Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingPriyanka Aash
 
How Credential Stuffing is Evolving - PasswordsCon 2019
How Credential Stuffing is Evolving - PasswordsCon 2019How Credential Stuffing is Evolving - PasswordsCon 2019
How Credential Stuffing is Evolving - PasswordsCon 2019Jarrod Overson
 

Similar a What is-flame-miniflame (20)

fucking shit
fucking shitfucking shit
fucking shit
 
Managing identity frauds
Managing identity fraudsManaging identity frauds
Managing identity frauds
 
Ransomware: Hard to Stop for Enterprises, Highly Profitable for Criminals
Ransomware: Hard to Stop for Enterprises, Highly Profitable for CriminalsRansomware: Hard to Stop for Enterprises, Highly Profitable for Criminals
Ransomware: Hard to Stop for Enterprises, Highly Profitable for Criminals
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
 
The Evolution of Cyber Attacks
The Evolution of Cyber AttacksThe Evolution of Cyber Attacks
The Evolution of Cyber Attacks
 
Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivism
 
Cyper security & Ethical hacking
Cyper security & Ethical hackingCyper security & Ethical hacking
Cyper security & Ethical hacking
 
Mitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 AitpMitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 Aitp
 
BSides Philly Finding a Company's BreakPoint
BSides Philly Finding a Company's BreakPointBSides Philly Finding a Company's BreakPoint
BSides Philly Finding a Company's BreakPoint
 
BSidesJXN 2016: Finding a Company's BreakPoint
BSidesJXN 2016: Finding a Company's BreakPointBSidesJXN 2016: Finding a Company's BreakPoint
BSidesJXN 2016: Finding a Company's BreakPoint
 
cyber crime
cyber crimecyber crime
cyber crime
 
Event - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security PerimetersEvent - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security Perimeters
 
presentation_cybercrime_1486105587_257582.ppt
presentation_cybercrime_1486105587_257582.pptpresentation_cybercrime_1486105587_257582.ppt
presentation_cybercrime_1486105587_257582.ppt
 
Online Gaming Cyber security and Threat Model
Online Gaming Cyber security and Threat ModelOnline Gaming Cyber security and Threat Model
Online Gaming Cyber security and Threat Model
 
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration TestingAsegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
 
Why do THEY want your digital devices?
Why do THEY want your digital devices?Why do THEY want your digital devices?
Why do THEY want your digital devices?
 
How websites are attacked
How websites are attackedHow websites are attacked
How websites are attacked
 
Common Cyberthreats and How to Prevent Them (2019)
Common Cyberthreats and How to Prevent Them (2019)Common Cyberthreats and How to Prevent Them (2019)
Common Cyberthreats and How to Prevent Them (2019)
 
Application Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingApplication Security Architecture and Threat Modelling
Application Security Architecture and Threat Modelling
 
How Credential Stuffing is Evolving - PasswordsCon 2019
How Credential Stuffing is Evolving - PasswordsCon 2019How Credential Stuffing is Evolving - PasswordsCon 2019
How Credential Stuffing is Evolving - PasswordsCon 2019
 

Más de Venafi

Where Are My SSH Keys?
Where Are My SSH Keys?Where Are My SSH Keys?
Where Are My SSH Keys?Venafi
 
When a Certificate Authority Fails, How Quickly Can You Restore Trust?
When a Certificate Authority Fails, How Quickly Can You Restore Trust?When a Certificate Authority Fails, How Quickly Can You Restore Trust?
When a Certificate Authority Fails, How Quickly Can You Restore Trust?Venafi
 
Ponemon Report: When Trust Online Breaks, Businesses Lose Customers
Ponemon Report: When Trust Online Breaks, Businesses Lose CustomersPonemon Report: When Trust Online Breaks, Businesses Lose Customers
Ponemon Report: When Trust Online Breaks, Businesses Lose CustomersVenafi
 
How an Attack by a Cyber-espionage Operator Bypassed Security Controls
How an Attack by a Cyber-espionage Operator Bypassed Security ControlsHow an Attack by a Cyber-espionage Operator Bypassed Security Controls
How an Attack by a Cyber-espionage Operator Bypassed Security ControlsVenafi
 
Breaching the NSA Graphic
Breaching the NSA GraphicBreaching the NSA Graphic
Breaching the NSA GraphicVenafi
 
Breaching the NSA
Breaching the NSABreaching the NSA
Breaching the NSAVenafi
 
Ponemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and AttacksPonemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and AttacksVenafi
 
Five Must Haves to Prevent Encryption Disasters
Five Must Haves to Prevent Encryption DisastersFive Must Haves to Prevent Encryption Disasters
Five Must Haves to Prevent Encryption DisastersVenafi
 

Más de Venafi (8)

Where Are My SSH Keys?
Where Are My SSH Keys?Where Are My SSH Keys?
Where Are My SSH Keys?
 
When a Certificate Authority Fails, How Quickly Can You Restore Trust?
When a Certificate Authority Fails, How Quickly Can You Restore Trust?When a Certificate Authority Fails, How Quickly Can You Restore Trust?
When a Certificate Authority Fails, How Quickly Can You Restore Trust?
 
Ponemon Report: When Trust Online Breaks, Businesses Lose Customers
Ponemon Report: When Trust Online Breaks, Businesses Lose CustomersPonemon Report: When Trust Online Breaks, Businesses Lose Customers
Ponemon Report: When Trust Online Breaks, Businesses Lose Customers
 
How an Attack by a Cyber-espionage Operator Bypassed Security Controls
How an Attack by a Cyber-espionage Operator Bypassed Security ControlsHow an Attack by a Cyber-espionage Operator Bypassed Security Controls
How an Attack by a Cyber-espionage Operator Bypassed Security Controls
 
Breaching the NSA Graphic
Breaching the NSA GraphicBreaching the NSA Graphic
Breaching the NSA Graphic
 
Breaching the NSA
Breaching the NSABreaching the NSA
Breaching the NSA
 
Ponemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and AttacksPonemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and Attacks
 
Five Must Haves to Prevent Encryption Disasters
Five Must Haves to Prevent Encryption DisastersFive Must Haves to Prevent Encryption Disasters
Five Must Haves to Prevent Encryption Disasters
 

What is-flame-miniflame

  • 1. Venafi Enterprise Key and Certificate Management presents. What is Flame? “One of the most complex threats ever discovered.”
  • 2. What is Flame? Flame’s creators used a Microsoft certificate with an MD5 signature to create a forged certificate with the same MD5 signature. This new forged certificate created spoofed certificates, and also signed parts of Flame’s code, making it appear as if it all came from Microsoft. This is what gave Flame dangerous access to inter nal IT systems. Once on the network, Flame copies d o c u m e n t s , re c o rd s k e y s t ro k e s , network data and verbal conversations.
  • 3. Why This Matters Flame was a specific attack that exploited MD5 certificates, but the same technique can be used by anyone. If you have MD5 certificates on your network, you are a target for any attacker exploiting this flaw in MD5. Continue to see how this all happened, and what you can do to remediate it on you network.
  • 4. “MD5 is no longer acceptable where collision resistance is required such as digital signatures.” Updated Security Considerations for the MD5 Message-Digest and the HMAC-MD5 Algorithms Turner, S. and L. Chen
  • 5. The Reason Signatures are Important Signatures are made by a “signing algorithm.” Identical inputs get identical signatures: And different inputs, even if only slightly different, produce totally different signatures:
  • 6. As you’d expect, two unique certificates generate two unique signatures... Unique signatures are how you identify and authenticate different certificates.
  • 7. But what if your algorithm had a flaw which allowed two certificates to create the same signature?
  • 8. I’m Looking at the Man in the Middle Flame’s creators forged a certificate that contained the same signature trusted by millions of computers. Let’s see this in action.
  • 9. A simple scenario of how signatures keep you safe. 1. Client wants to connect, asks for a signed certificate. 2. The Man in the Middle server has an untrusted signature on its certificate. The client chooses not to connect. 3. The client knows it can trust this server because of the signed certificate.
  • 10. Everything changes when signatures may not be unique. 1. Client wants to connect, asks for a signed certificate. 2. The Man in the Middle server has a forged signature and the client accepts the malicious connection. The Man in the Middle can now intercept and relay all traffic. 3. The target server can’t tell the difference and accepts the connection, transmitting data as normal.
  • 11. A man in the Middle server can: 1.Impersonate a server entirely. 2.Manipulate data as it is transferred. 3.Act as an invisible eavesdropper.
  • 12. A Signature Problem How an MD5 Signature is Forged In the world of pen and ink, a signature is meant to represent an individual and to give authenticity to whatever is signed. Two unique people, two unique signatures.
  • 13. How certificate signing should work: If you have an authentic certificate, and a spoofed certificate, the different certificates should have different signatures. In this case, we are using the SHA2 algorithm to make the signature. SHA2 doesn’t have the same weakness that MD5 has. Trusted Signature Untrusted Signature
  • 14. Two unique certificates, two unique signatures. The signature cannot be forged.
  • 15. What happens when it doesn’t work? The fatal flaw in the MD5 algorithm is that a spoofed certificate can be manipulated to generate the same MD5 signature.
  • 16. Two unique certificates, one shared signature. The signature is now forged. This is the key vulnerability in MD5 exploited by Flame.
  • 17. “It’s imperative that browsers and CAs stop using MD5” Marc Stevens, 2008 - Cryptology Group, CWI
  • 18. The Bad News 450 organizations, a sample of the Global 2000, had their networks assessed for MD5 certificate vulnerability. 17.4 % of the certificates found were signed using MD5. Venafi Assessor MD5 Report, June 2012
  • 19. Think about that number for a minute. 17% Roughly 17 in 100... Are susceptible to the same attack that made Flame possible.
  • 20. Hiding on your network. “Shhhhh...”
  • 21. “The risk-based evaluation your company needs to make right now is not about your vulnerability to the Flame virus; it is about your vulnerability to MD5-signed certificates.” June 27, 2012, Derek Brink, Aberdeen Group
  • 22. The Good News Introducing Venafi MD5 Certificate Assessor™ We have developed a special version of Venafi Assessor™ that is targeted specifically to find MD5 certificates and vulnerabilities and help you remediate them.
  • 23. MD5 Certificate Assessor: Scan and Locate MD5 Certificates Find the risks so you can eliminate them. Catch the High-Rick Vulnerabilities Protect your company security and reputation. Venafi Assessor is 100% Free Generate your personalized report at no cost. Venafi provides cutting edge enterprise key and certificate management to the world’s largest corporations and government bodies. Any key. Any certificate. Anywhere. Get Venafi MD5 Assessor
  • 24. 1. Download Venafi MD5 Certificate Assessor, and simply enter the IP and port range you want to scan. 2. Let the free tool run a secure, anonymous survey. 3. You will receive an instant report showing you the breakdown of the MD5 certificates on you network.
  • 25. Assess your MD5 risk fast and easy. Venafi MD5 Certificate Assessor runs within its own VM on your network. Simply specify IP/port ranges and let Assessor discover certificates across your network and generate risk profile reports for you.
  • 26. The Venafi MD5 certificate Assessor Risk Report Identify areas of risk and vulnerability with the insights that Assessor provides: -Discovery population details -Certificates by CA -Ports that respond to SSL or -STARTTLS handshakes -Days before certificates expire -Certificate validity periods -Certificate key lengths -Signing algorithms -Wildcard certificates -Multiple certificate instances
  • 27. Prevent outages, breaches & mitigate risks with Venafi. Venafi offers the only EKCM (enterprise key and certificate management) platform that is: -Vendor Neutral -Independent & universal -A full lifecycle management
  • 28. Will Flame burn your image?
  • 29. Alarming Increase in Security Breaches – No Longer a Hypothetical Risk 360,000 Customer Accounts Breached Estimated Cost $250 Million Tokens Compromised Replacing All Estimated Cost $100 Million 90,000 Military Emails Breached (md5) ‘Directors Desk’ Attack Substantial Cost and NSA Investigating Network Breach Reputation Damage Reputational Damage Jan 2011 Feb 2011 March 2011 April 2011 May 2011 June 2011 July 2011 May 2012 PlayStation Network Fraudulently Issued Breached Estimated Domain Certificates Cost + $1 Billion Multiple Email Breaches Suspended Operations SQL Injection Attack Millions of Email Accounts Flame Malware attacks Estimated Cost $4 Billion computers running the Fraudulent Issue 7 Domains Microsoft Windows Substantial Reputation Damage operating system Reputation Damage © 2011 Venafi Proprietary and Confidential
  • 30. Don’t make Damage control the only constant in you cyber defense.
  • 31. Stuxnet infected Chevron Gauss Flame Reported: (8-nov) Duqu miniFlame Elvis Barbara Tiffany Fiona Sonia Sam Eve Drake Charles Alex
  • 32. Let us help today! Get the sample report and one-sheet on Venafi MDF Certificate AssessorTM

Notas del editor

  1. The content is duplicated on this slide. Is there a reason for the duplication?\n
  2. Added title for slide. Added timeline on right.\n
  3. \n
  4. \n
  5. The text at the top repeats the copy in the image. Does our SEO need the copy in addition to the images in the slide deck?\n
  6. Refer to comment on slide 5.\n
  7. Refer to comment on slide 5.\n
  8. \n
  9. Left aligned the steps, applied the numbered list formatting.\n
  10. Left aligned the numbered list, moved the list down, applied the numbered list format.\n
  11. Left aligned the numbered list, moved the list up and centered, applied the numbered list format.\n
  12. Ditto to slide 5 comment.\n
  13. Header copy is duplicated\n
  14. Ditto to comment on slide 5. Made duplicate text larger, bolded, and moved to top of slide.\n
  15. The duplicate text really doesn’t work on this slide.\n
  16. Ditto to comment on slide 5.\n
  17. Updated reference\n
  18. \n
  19. Ditto to comment on slide 5. Would work better if the image were trimmed on the top and bottom and the text recreated.\n
  20. Ditto to comments on slide 5 and 20.\n
  21. \n
  22. Please add the link to request MD5 Assessor: http://www.venafi.com/md5-certificate-assessor/. \n
  23. The duplicate text really doesn’t work here. If we need the text to stay, could we hide it behind the image? Please add the link to request MD5 Assessor: http://www.venafi.com/md5-certificate-assessor/. \n
  24. \n
  25. \n
  26. Ditto to comment on slide 24.\n
  27. Ditto to comment on slide 24.\n
  28. Ditto to comment on slide 24.\n
  29. \n
  30. \n
  31. \n
  32. \n
  33. Please add the link to request MD5 Assessor: http://www.venafi.com/md5-certificate-assessor/. \n