Solution : for this we need to update the latest security patch for the security or the university to patch the flaw on the system. Using the assign on Microsoft page fallowing KGB 2. We have identified a vulnerability in the Internet Public Key Infrastructure (PKZIP) used to issue digital certificates for secure websites. As a proof of concept we executed a practical attack scenario and successfully created a rogue Certification Authority (CA) certificate trusted by all common web browsers.
This certificate allows us to impersonate any website on the Internet, including banking and e- commerce sites secured using the HTTPS protocol. Our attack takes advantage of a weakness in the MAD cryptographic hash unction that allows the construction of different messages with the same MAD hash. This is known as an MAD “collision”. Previous work on MAD collisions between 2004 and 2007 showed that the use of this hash function in digital signatures can lead to theoretical attack scenarios.
Our current work proves that at least one attack scenario can be exploited in practice, thus exposing the security infrastructure of the web to realistic threats . Solution: Well what I do is again maintain a update and secure the necessary SSL ports and redirecting the source of the attack and check were is coming. 3. A secure cryptographic hash algorithm is one that generates a unique identifier of a fixed size (known as a “digest” or simply “hash”) for a block of data of arbitrary size.
The MAD algorithm is a standard, widely used example of such an algorithm and is defined in IETF RFC 1321. One of the requirements of secure cryptographic hash algorithms is that it be extremely unlikely for two different inputs to the algorithm to generate the same digest. This property is generally referred to as collision resistance and cases where an algorithm generates the same digest for two different blocks of data are known as collisions. Solution : There’s no a solution for this type of Algorithm 4.
This is the Cisco response to research done by Alexander Sootier, Marc Stevens, Jacob Appellate, Arcane Leanest, David Molar, Tag Earn Skip, and Been De Wager pertaining to MAD collisions in certificates issued by vulnerable certificate authorities. Cisco has released an Intelligences activity bulletin detailing the specifics of this issue. This bulletin is available at the following link: http://tools. Cisco. Com/security/center/viewfinder. X? Alerted=17341.
The Cisco Adaptive Security Appliance (AS) and ISO may both serve as certificate authorities and by default use the MAD hashing algorithm in the digital signatures of certificates issued to end users and devices. The hashing algorithm used in digital certificates on the Cisco AS cannot be changed; however, the AS is unlikely to be affected by the attacks described in this research due to the way certificates are generated on the device. Cisco recognizes the weaknesses in MAD and plans to alter the signature algorithm used in digital certificates and modify the methods utilized in creation of CA and endpoint certificates.
This will be addressed by Cisco Bug ID: Chickasaws registered customers only) . The Cisco ISO CA may be vulnerable to the attack described in this research when configured to utilize MAD hashes in endpoint certificates. This is the default behavior; however, the device can be reconfigured to utilize a more secure hashing algorithm. Cisco plans to change this default behavior and modify the methods utilized in creation of CA and endpoint certificates.