-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CERT Advisory CA-2000-10 Inconsistent Warning Messages in Internet Explorer

   Original release date: June 6, 2000
   Last Revised: --
   Source: CERT/CC
   
   A complete revision history is at the end of this file.
   
Systems Affected

     * Systems running Microsoft Internet Explorer
       
Overview

   Several flaws exist in Microsoft Internet Explorer that could allow an
   attacker to masquerade as a legitimate web site if the attacker can
   compromise the validity of certain DNS information. These problems are
   different from the problems reported in CERT Advisory CA-2000-05 and
   CERT Advisory CA-2000-08, but they have a similar impact.
   
I. Description

   Digital certificates are small documents used to authenticate and
   encrypt information transmitted over the Internet. One very common use
   of digital certificates is to secure electronic commerce transactions
   through SSL (Secure Socket Layer). The kind of certificates used in
   e-commerce transactions are called X.509 certificates. The X.509
   certificates help a web browser and the user ensure that sensitive
   information transmitted over the Internet is readable only by the
   intended recipient. This requires verifying the recipient's identity
   and encrypting data so that only the recipient can decrypt it.
   
   The "padlock" icon used by Internet Explorer (as well as Netscape and
   other browsers) is an indication that an SSL-secured transaction has
   been established to someone. It does not necessarily indicate to whom
   the connection has been established. Internet Explorer (and other
   browsers) take steps to warn users when DNS-based information
   conflicts with the strongly authenticated information contained in the
   X.509 certificates used in SSL transactions. These warnings are
   supplemental information to help users decide if they're connecting to
   whom they think they are connecting. These steps and warnings are
   designed to protect against attacks on the DNS information.
   
   Descriptions of the problems provided by Microsoft are shown below.
   
IE fails to validate certificates in images or frames

   When a connection to a secure server is made via either an image or a
   frame, IE only verifies that the server's SSL certificate was issued
   by a trusted root - it does not verify the server name or the
   expiration date. When a connection is made via any other means, all
   expected validation is performed.
   
IE fails to revalidate certificates within the same session

   Even if the initial validation is made correctly, IE does not
   re-validate the certificate if a new SSL session is establish with the
   same server during the same IE session.
   
   We encourage you to read Microsoft Security Bulletin MS-039 for
   additional details provided by Microsoft. This document is available
   at
   
   http://www.microsoft.com/technet/security/bulletin/ms00-039.asp
          
II. Impact

   Attackers can trick users into disclosing information (such as credit
   card numbers, personal data, or other sensitive information) intended
   for a legitimate web site.
   
III. Solution

General Recommendations When Using SSL

   DNS information is fundamentally insecure, and there are a variety of
   means by which an attacker can provide false or misleading DNS
   information, even in the absence of any vulnerabilities in a DNS
   server. Browsers attempt to compensate for this insecurity by
   providing warning messages when the strongly authenticated certificate
   information does not match the DNS information. While we strongly
   recommend that you stay up to date with respect to patches and
   workarounds provided by your browser vendor, we also encourage you to
   take the following steps, particularly for sensitive transactions.
   
Check Certificates

   The CERT/CC recommends that prior to providing any sensitive
   information over SSL, you check the name recorded in the certificate
   to be sure that it matches the name of the site to which you think you
   are connecting. For example, in Internet Explorer 5 (for Windows),
   double click on the "padlock" icon to engage the "Certificate" dialog
   box. Click on the "Details" tab to see information about the
   certificate, including the thumbprint. Click on the "Certification
   Path" tab for information about the certificate authority that signed
   the certificate. If you do not trust the certificate authority or if
   the name of the server does not match the site to which you think
   you're connecting, be suspicious.
   
Validate Certificates Independently

   Web browsers come configured to trust a variety of certificate
   authorities. If you delete the certificates of all the certificate
   authorities in your browser, then whenever you encounter a new SSL
   certificate, you will be prompted to validate the certificate
   yourself. You can do this by validating the fingerprint on the
   certificate through an alternate means, such as the telephone. That
   is, the same dialog box mentioned above also lists a fingerprint for
   the certificate. If you wish to validate the certificate yourself,
   call the organization for which the certificate was issued and ask
   them to confirm the fingerprint on the certificate.
   
   Deleting the certificates of the certificate authorities in your
   browser will cause the browser to prompt you for validation whenever
   you encounter a new site certificate. This may be inconvenient and
   cumbersome, but it provides you with greater control over which
   certificates you accept.
   
   It is also important to note that this sort of verification is only
   effective if you have an independent means through which to validate
   the certificate. This sort of validation is called out-of-band
   validation. For example, calling a phone number provided on the same
   web page as the certificate does not provide any additional security.
   
   The CERT/CC encourages all organizations engaging in electronic
   commerce to train help desk or customer support personnel to answer
   questions about certificate fingerprints/thumbprints.
   
   Note: Microsoft Internet Explorer 5, Macintosh Edition, does not
   provide any means by which users can validate certificates by checking
   the fingerprint/thumbprint. Our conversations with Microsoft indicate
   that the Macintosh version of Internet Explorer is not affected by
   these specific problems, however, because of the fundamentally
   insecure nature of DNS, we recommend using a browser that does allow
   users to validate certificates on whatever platform they use,
   including MacOS
   
Specific Defenses Against These problems

   Stay up to date with patches, workarounds, and certificate management
   products. Appendix A lists information regarding these problems.
   
Appendix A Vendor Information

Microsoft Corporation

   Information from Microsoft is available at
   
   http://www.microsoft.com/technet/security/bulletin/ms00-039.asp
     _________________________________________________________________
   
   The CERT Coordination Center thanks the ACROS Security Team of
   Slovenia, who originally discovered this problem, and Ric Ford,
   President of MacInTouch, Inc.
     _________________________________________________________________
   
   Shawn Hernan was the primary author of this document.
   ______________________________________________________________________
   
   This document is available from:
   http://www.cert.org/advisories/CA-2000-10.html
   ______________________________________________________________________
   
CERT/CC Contact Information

   Email: cert@cert.org
          Phone: +1 412-268-7090 (24-hour hotline)
          Fax: +1 412-268-6989
          Postal address:
          CERT Coordination Center
          Software Engineering Institute
          Carnegie Mellon University
          Pittsburgh PA 15213-3890
          U.S.A.
          
   CERT personnel answer the hotline 08:00-20:00 EST(GMT-5) / EDT(GMT-4)
   Monday through Friday; they are on call for emergencies during other
   hours, on U.S. holidays, and on weekends.
   
Using encryption

   We strongly urge you to encrypt sensitive information sent by email.
   Our public PGP key is available from
   
   http://www.cert.org/CERT_PGP.key
       
   If you prefer to use DES, please call the CERT hotline for more
   information.
   
Getting security information

   CERT publications and other security information are available from
   our web site
   
   http://www.cert.org/
       
   To be added to our mailing list for advisories and bulletins, send
   email to cert-advisory-request@cert.org and include SUBSCRIBE
   your-email-address in the subject of your message.
   
   * "CERT" and "CERT Coordination Center" are registered in the U.S.
   Patent and Trademark Office.
   ______________________________________________________________________
   
   NO WARRANTY
   Any material furnished by Carnegie Mellon University and the Software
   Engineering Institute is furnished on an "as is" basis. Carnegie
   Mellon University makes no warranties of any kind, either expressed or
   implied as to any matter including, but not limited to, warranty of
   fitness for a particular purpose or merchantability, exclusivity or
   results obtained from use of the material. Carnegie Mellon University
   does not make any warranty of any kind with respect to freedom from
   patent, trademark, or copyright infringement.
     _________________________________________________________________
   
   Conditions for use, disclaimers, and sponsorship information
   
   Copyright 2000 Carnegie Mellon University.
   
   Revision History
June 6, 2000:  initial release

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQA/AwUBOT0FD1r9kb5qlZHQEQJsVACdEBzlJ7cgHNWerGK6Ix9MQxh2Y9EAoJC4
PSqEO0xNEc0rRFmnQs0L8lSi
=LUcH
-----END PGP SIGNATURE-----