meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Friday, July 21st 2017

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 21 July 2017

⏱️ 11 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Symantec Sloppy Key Verification; Gnome Thumbnailer RCE;

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Friday, July 21st, 2017 edition of the Sands and its Storm Center's Stormcast. My name is Johannes Ulrich. And today I'm recording from Jacksonville, Florida.

0:12.4

Now, what better way to start a Friday podcast than a little bit of crypto? And what we got today is how to check whether or not a private key actually

0:24.6

matches a given public key for an RSA key like of course we often have with SEL certificates.

0:33.0

For SSL we do have our public key which is usually included in the certificate, and then we

0:38.7

have a private key that, of course, we should keep private.

0:41.5

Now, the private key file actually includes the public key in addition to the private key and

0:47.5

additional information.

0:50.5

Now, the reason is important is that certificate authorities, and in this case, Semantec,

0:55.6

have become more proactive in revoking certificates if the private key leak.

1:01.8

Now, this is a good thing because once the private key leaked, I can just get the certificate

1:06.9

from the website and impersonate that website. Or verse, if the ciphers aren't configured

1:13.3

quite well, I can even decrypt content I recorded from that site. So once Semantic finds a

1:21.4

private key out in the wild, they of course have to verify whether it matches a given certificate and apparently the only thing

1:29.2

they do here is they check whether the public key that's included in that private key file

1:34.5

matches the public key included in their certificate. They don't actually check the private key

1:40.7

for consistency whether or not the private and public part match.

1:45.6

Now, as you can imagine, it's pretty easy to get the public key.

1:49.1

I get it from the certificate, and then I can create an artificial private key file

1:54.6

that's, of course, invalid, but contains the public key from a known website.

2:00.7

So an ad hacker could create such a file, drop it on a site like PastePin, contains the public key from a known website.

2:06.4

So an attacker could create such a file, drop it on a site like PacePin, wait for Symantec to find it and have Cementac revoke the certificate for the given website, which of course

2:13.1

would then amount to a denial of service against this website.

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.