What is-flame-miniflame
Upcoming SlideShare
Loading in...5
×
 

What is-flame-miniflame

on

  • 3,035 views

 

Statistics

Views

Total Views
3,035
Views on SlideShare
2,749
Embed Views
286

Actions

Likes
3
Downloads
25
Comments
0

4 Embeds 286

http://jacobsparry.com 226
https://twitter.com 52
http://www.linkedin.com 4
http://twitter.com 4

Accessibility

Categories

Upload Details

Uploaded via as Apple Keynote

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • The content is duplicated on this slide. Is there a reason for the duplication?\n
  • Added title for slide. Added timeline on right.\n
  • \n
  • \n
  • The text at the top repeats the copy in the image. Does our SEO need the copy in addition to the images in the slide deck?\n
  • Refer to comment on slide 5.\n
  • Refer to comment on slide 5.\n
  • \n
  • Left aligned the steps, applied the numbered list formatting.\n
  • Left aligned the numbered list, moved the list down, applied the numbered list format.\n
  • Left aligned the numbered list, moved the list up and centered, applied the numbered list format.\n
  • Ditto to slide 5 comment.\n
  • Header copy is duplicated\n
  • Ditto to comment on slide 5. Made duplicate text larger, bolded, and moved to top of slide.\n
  • The duplicate text really doesn’t work on this slide.\n
  • Ditto to comment on slide 5.\n
  • Updated reference\n
  • \n
  • Ditto to comment on slide 5. Would work better if the image were trimmed on the top and bottom and the text recreated.\n
  • Ditto to comments on slide 5 and 20.\n
  • \n
  • Please add the link to request MD5 Assessor: http://www.venafi.com/md5-certificate-assessor/. \n
  • The duplicate text really doesn’t work here. If we need the text to stay, could we hide it behind the image? Please add the link to request MD5 Assessor: http://www.venafi.com/md5-certificate-assessor/. \n
  • \n
  • \n
  • Ditto to comment on slide 24.\n
  • Ditto to comment on slide 24.\n
  • Ditto to comment on slide 24.\n
  • \n
  • \n
  • \n
  • \n
  • Please add the link to request MD5 Assessor: http://www.venafi.com/md5-certificate-assessor/. \n

What is-flame-miniflame What is-flame-miniflame Presentation Transcript

  • Venafi Enterprise Key and Certificate Management presents. What is Flame?“One of the most complex threats ever discovered.”
  • What is Flame?Flame’s creators used a Microsoftcertificate with an MD5 signature tocreate a forged certificate with thesame MD5 signature.This new forged certificate createdspoofed certificates, and also signedparts of Flame’s code, making itappear as if it all came fromMicrosoft. This is what gave Flamedangerous access to inter nal ITsystems.Once on the network, Flame copiesd o c u m e n t s , re c o rd s k e y s t ro k e s ,network data and verbal conversations.
  • Why This MattersFlame was a specific attack that exploited MD5 certificates,but the same technique can be used by anyone.If you have MD5 certificates on your network, you are atarget for any attacker exploiting this flaw in MD5.Continue to see how this all happened, and what you cando to remediate it on you network. View slide
  • “MD5 is no longer acceptable where collision resistance is requiredsuch as digital signatures.” Updated Security Considerations for the MD5 Message-Digest and the HMAC-MD5 Algorithms Turner, S. and L. Chen View slide
  • The Reason Signatures are Important Signatures are made by a “signing algorithm.” Identical inputs get identical signatures: And different inputs, even if only slightly different, produce totally different signatures:
  • As you’d expect, two unique certificates generate two unique signatures...Unique signatures are how you identify and authenticate different certificates.
  • But what if your algorithm had a flaw which allowed two certificates to create the same signature?
  • I’m Looking at the Man in the MiddleFlame’s creators forged a certificate that contained the same signature trusted by millions of computers. Let’s see this in action.
  • A simple scenario of how signatures keep you safe.1. Client wants to connect, asks for a signed certificate.2. The Man in the Middle server has an untrusted signature on its certificate. The client chooses not to connect.3. The client knows it can trust this server because of the signed certificate.
  • Everything changes when signatures may not be unique. 1. Client wants to connect, asks for a signed certificate. 2. The Man in the Middle server has a forged signature and the client accepts the malicious connection. The Man in the Middle can now intercept and relay all traffic. 3. The target server can’t tell the difference and accepts the connection, transmitting data as normal.
  • A man in the Middle server can:1.Impersonate a server entirely.2.Manipulate data as it is transferred.3.Act as an invisible eavesdropper.
  • A Signature ProblemHow an MD5 Signature is Forged In the world of pen and ink, a signature is meant to represent an individual and to give authenticity to whatever is signed. Two unique people, two unique signatures.
  • How certificate signing should work: If you have an authentic certificate, and a spoofed certificate, the different certificates should have differentsignatures. In this case, we are using the SHA2 algorithm to make the signature. SHA2 doesn’t have the same weakness that MD5 has. Trusted Signature Untrusted Signature
  • Two unique certificates, two unique signatures. The signature cannot be forged.
  • What happens when it doesn’t work?The fatal flaw in the MD5 algorithm is that a spoofed certificate can be manipulated to generate the same MD5 signature.
  • Two unique certificates, one shared signature. The signature is now forged. This is the key vulnerability in MD5 exploited by Flame.
  • “It’s imperative that browsers and CAs stop using MD5” Marc Stevens, 2008 - Cryptology Group, CWI
  • The Bad News450 organizations, a sample of the Global 2000, had their networksassessed for MD5 certificate vulnerability. 17.4 % of the certificates found were signed using MD5. Venafi Assessor MD5 Report, June 2012
  • Think about that number for a minute. 17% Roughly 17 in 100...Are susceptible to the same attack that made Flame possible.
  • Hiding on your network. “Shhhhh...”
  • “The risk-based evaluation your company needs to make right nowis not about your vulnerability to the Flame virus; it is about yourvulnerability to MD5-signed certificates.” June 27, 2012, Derek Brink, Aberdeen Group
  • The Good News Introducing Venafi MD5 Certificate Assessor™We have developed a special version of Venafi Assessor™ that is targeted specifically to find MD5 certificates and vulnerabilities and help you remediate them.
  • MD5 Certificate Assessor:Scan and Locate MD5 CertificatesFind the risks so you can eliminate them.Catch the High-Rick VulnerabilitiesProtect your company security and reputation.Venafi Assessor is 100% FreeGenerate your personalized report at no cost.Venafi provides cutting edge enterprise keyand certificate management to the world’slargest corporations and government bodies.Any key. Any certificate. Anywhere. Get Venafi MD5 Assessor
  • 1. Download Venafi MD5 Certificate Assessor, and simply enter the IP and port range you want to scan.2. Let the free tool run a secure, anonymous survey.3. You will receive an instant report showing you the breakdown of the MD5 certificates on you network.
  • Assess your MD5 risk fast andeasy.Venafi MD5 Certificate Assessorruns within its own VM on yournetwork. Simply specify IP/portranges and let Assessor discovercertificates across your networkand generate risk profile reportsfor you.
  • The Venafi MD5 certificateAssessor Risk ReportIdentify areas of risk andvulnerability with the insightsthat Assessor provides:-Discovery population details-Certificates by CA-Ports that respond to SSL or-STARTTLS handshakes-Days before certificates expire-Certificate validity periods-Certificate key lengths-Signing algorithms-Wildcard certificates-Multiple certificate instances
  • Prevent outages, breaches &mitigate risks with Venafi.Venafi offers the only EKCM(enterprise key and certificatemanagement) platform thatis:-Vendor Neutral-Independent & universal-A full lifecycle management
  • Will Flame burn your image?
  • Alarming Increase in Security Breaches – No Longer a Hypothetical Risk 360,000 Customer Accounts Breached Estimated Cost $250 Million Tokens Compromised Replacing All Estimated Cost $100 Million 90,000 Military Emails Breached (md5) ‘Directors Desk’ Attack Substantial Cost and NSA Investigating Network Breach Reputation Damage Reputational DamageJan 2011 Feb 2011 March 2011 April 2011 May 2011 June 2011 July 2011 May 2012 PlayStation Network Fraudulently Issued Breached Estimated Domain Certificates Cost + $1 Billion Multiple Email Breaches Suspended Operations SQL Injection Attack Millions of Email Accounts Flame Malware attacks Estimated Cost $4 Billion computers running the Fraudulent Issue 7 Domains Microsoft Windows Substantial Reputation Damage operating system Reputation Damage © 2011 Venafi Proprietary and Confidential
  • Don’t make Damage control the onlyconstant in you cyber defense.
  • Stuxnet infected Chevron Gauss Flame Reported: (8-nov) Duqu miniFlame Elvis Barbara Tiffany Fiona Sonia Sam Eve Drake Charles Alex
  • Let us help today! Get the sample report and one-sheet on Venafi MDF Certificate AssessorTM