Certificate Fingerprints

There have been some very nasty certificate based vulnerabilities announced recently and these amount to an attacker being able to act as  MITM (Man In The Middle) on pretty much any SSL conversation.  All the attacker has to do is insert themselves somewhere in your traffic chain between you and your target web site.

As these vulnerabilities turn into real exploits, you should be really really really (got the picture?) careful what sites you log into and give your personal info to.

The nature of these attacks will mean that your browser is completely fooled into thinking it is talking to the real PayPal.com or Ebay.com. When spoofed, you will most likely experience normal logon and purchasing, but your details are phished for future use.  Even certificate verification checks such as CRL, OCSP Validation and path validation will work as you would expect.  Nasty.

I suggest therefore that for the next few weeks, while we see how bad this really is, you check independently the certs of all sites that you need to log in to.

I have printed out the SSL certs for the sites that I use often so I can check them for myself, but you may want to use this article which has the cert hashes for 4 common sites, PayPal.com, Amazon.com, eBay.com and of course, TurboTas.co.uk.

It would be very hard for an attacker to make the fake cert match these hashes, so that’s what you need to check. Bear in mind though this web page could be MITM attacked too, so unless you know your connection to turbotas.co.uk is unspoofable, don’t trust this source either as the pictures could be replaced.

The best bet all around is for you to print out every cert you encounter for the next few weeks and every time you revisit a website, check the cert against your hard copy.  read on for the certs.

 

 

 

Amazon.com

eBay.com

PayPal.com

TurboTas.co.uk

Google

Yahoo

Leave a Reply