Re: Security flaw in how Outlook verifies digital signatures

From: Roberto Franceschetti (roberto_remove_n.o.s.p.a.m_tag_at_logsat.com)
Date: 02/21/05 

Date: Mon, 21 Feb 2005 05:10:32 GMT

Guys,

Apparently you focus too much on the particular scenarios I talk about and
the names they contain and assume all users have the same knowledge you do.
Ok then, I won't send the email to my competitor since they may know my
name. I'll send an email apparently from CERT to an administrator who posted
a very stupid question on a newsgroup - I have hundreds to chose from, no
offense, I'm saying this just as an example. This will tell me he's your
average user and not a super expert. In the email I'll have a fake CERT
article that invites him to either read an attached (infected) Word
document, or have him download the self-extracting Word document (since
Microsoft now really likes to make avail for download these self-extracting
Word docs...) from
http://download.microsoft.com.d-na.com/support/docs/Q435679/Q435679.exe. If
I make the document confusing enough, he won't notice the real d-na.com
website in there... And please don't get fixated on the "it's his fault, he
should be more careful on what he downloads, as I my whole point is that he
received a digitally signed email, which is *perfectly* valid according to
Outlook. And if he really does check the actual signature and sees Roberto
Franceschetti in there, so what??? HE does not know me, how in the world
does is he to know that I don't belong to CERT?? After all, he received an
email that comes from CERT, digitally signed, valid, and he's sure his
Outlook client, LIKE ALL OTHER CLIENTS, would notify if the sender was not
who signed the message.

My whole point is that now with a digitally signed email it will be 100
times easier to trick the guy in doing something I than without it. ***YOUR
AVERAGE USER WILL NOT GO IN THAT MUCH DETAIL TO VERIFY A DIGITAL
SIGNATURE***, they will rely on the fact that the documentation says what
all other clients *actually do*, and that is, among other things, to ensure
the identity of the *SENDER*, not just the identity of the person who simply
signed the email, please note the identity OF THE SENDER, not of the person
who signed the email.

...And Vanguard, apparently I was too subtle in my explanation of what
happened to my private key. I am a hacker, I send you an evil, infected,
false, however bad you like, email, digitally signed. I also place *on
purpose* my private key for download on a website and advertise it, so that
when your lawyer tries to sue me, I'll say it can be any of the 10,000
people who downloaded my private key that could have sent it. I hope now you
understand that talking about protecting my own key is futile, as I, the
hacker, all that interested me was to spend $10 to get a valid certificate
so I could cause harm using a digitally signed email, without being worried
that what you thing is a unique and absolutely identifiable digital
signature can be traced back to me. You see, I have the logs of the
thousands of IP address who downloaded my private key... any one of them,
especially the one from China and Korea, could have sent you the viruses...

"Jeff Stephenson [MSFT]" <stephenson@online.microsoft.com> wrote in message
news:1xv39z2399lob$.dlg@jeff.stephenson.microsoft.com...
> On Sat, 19 Feb 2005 05:13:53 GMT, Roberto Franceschetti wrote:
>
>> Simple exploit. I use my own Verisign digital certificate to sign an
>> email.
>> I then alter the from in the email to make it appear from Microsoft. I
>> then
>> send the signed email to my competitor. He sees an email coming from
>> Microsoft, digitally signed, with a valid signature, but unfortunately
>> he's
>> using Outlook which does not warn him that the sender does not match the
>> certificate (if he had only used Mozilla or Outlook Express he'd see
>> flags
>> everywhere...)
>
> And apparently your competitor also didn't bother reading the line in the
> message that said "Signed by: Roberto Franceschetti".
>
> You're totally ignoring the fact that there is more displayed than the
> fact
> that the message is signed - *who* signed it is also displayed. So your
> exploit won't work, except on the same people that are turning their bank
> account numbers over to Nigerians to help them transfer money...
>
>> Yes, if you look deep down in the signature a *very* computer-savvy user
>> will eventually understand that the sender is not really the person who
>> signed the email. But I stress on the computer savvy words. Your average
>> and
>> even above average computer user will have no idea that the email was not
>> from Microsoft, as the vast majosrity of users have no idea how these
>> certificates work. They just care about "the email is digitally signed"
>> and
>> "my email program says it's valid".
>
> You don't have to be particularly savvy to be able to read the line that
> says "Signed by: Roberto Franceschetti". Outlook tells you that the
> message was signed by a valid certificate and it tells you whose
> certificate it is without any need to delve into the details. It's all
> right there in plain view. What it *doesn't* do is start raising bogus
> red
> flags about legitimately signed mail that is sent by someone other than
> the
> person that signed it. Go back and read the mail posted on your site for
> examples of such legitimate uses...
>
> --
> Jeff Stephenson
> Outlook Development
> This posting is provided "AS IS" with no warranties, and confers no rights

Relevant Pages

  • Re: how to enable that private key can be exported
    ... Once you download and install this certificate to e.g. your PC, ... also be able to export the private key. ...
    (microsoft.public.windows.server.security)
  • Re: ?Expired Security Certif for MS Update
    ... Steven, I couldn't get the MBSA to run -- it seemed to download okay, but it ... faith in the downloads I have, that used the expired certificate to get the ... At the risk of sounding like an alien abductee, this security invasion ... Microsoft and signed by a CA that your computer trusts I would not worry ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Verifying Signed Files Downloaded via HTTP
    ... one of your xml elements for the file. ... verify the new hash run over the file bits match the hash from the server. ... > associated with the main application and will automatically download ... > Another thing to note is that I renewed my Digital Certificate on ...
    (microsoft.public.dotnet.security)
  • Re: Brigadoon Software kosher?
    ... But when I attempted to download the trial software, Safari spat the dummy and warned that it couldn't identify the indentity of "www.pcphonehome.com", noting that it was signed by an unknown certification authority, with the attendant risk it may be a spoof site. ... I'm guessing the download form you fill out to get the download redirects to an HTTPS page, and Safari is notifying you that the certificate that is associated with these pages is not verifiable. ... This may be something as simply as you not having a local cert for their CA, or they are using a self-signed cert. ... the lack of a properly setup site certificate has no bearing on the quality (or lack thereof) of the software offered by the site. ...
    (comp.sys.mac.system)
  • Re: [opensuse] best file distribution technology for my case?
    ... Or does BitTorrent already incorporate certificate validation? ... Tell me, when I download opensuse, using http, for instance, do I get such ...
    (SuSE)