From: lucifer@dhp.com (lucifer Anonymous Remailer)
Date: Sun, 23 Feb 1997 17:09:14 -0800 (PST)
To: cypherpunks@toad.com
Subject: It is time to break Authenticode
Message-ID: <199702240109.UAA17912@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


Microsoft's recent arrogant and irresponsible reply to the Chaos
Computer Club hack on ActiveX requires response. An effective response
would be to steal the key of a major code signer and produce a signed,
malicious ActiveX control. Such an attack would demonstrate the
serious problems of Microsoft's security philosophy.


Hackers have known since ActiveX was announced that its security model
is ridiculous. Signatures are not enough to protect users from
malicious code. Exploder and the CCC hack have done a great job of
demonstrating practical examples of why ActiveX is dangerous.

The CCC hack in particular has made the ActiveX security issue visible
enough that Microsoft has been forced to respond publically.
Unfortunately, their published response on http://www.microsoft.com/security/
does not begin to admit the fundamental flaws in ActiveX. Instead,
they continue to hide behind code signatures and mislead the public
that their system is no less secure than Java.

The obvious response to Microsoft's attempt at damage control is to
demonstrate an attack with a control signed by a reputable party.
There are three ways to do this: subvert an existing signed control,
subvert the signature protocols, or steal a signing key.


Subverting existing signed controls is an interesting avenue.
Currently used ActiveX controls have implementation bugs that could
be exploited in an attack. Finding one would be a fair amount of work,
however, and a successful attack would only show that code has bugs,
not demonstrate the fundamental flaw in relying on code signatures.

The signature protocols of Authenticode are presumably secure -
getting signatures right is well understood. Still, does anyone have
information on exactly how the signatures work?


The best avenue of attack is stealing the secret key of a respected
code signer. The target should be one of the major players, if not
Microsoft itself. Someone is sloppy to store their secret key on a
machine hooked to the Internet. Stealing it would be a very nice
challenge. It should be doable.

Stealing the key itself will almost certainly be an illegal act.
Morally, the demonstration signed control should itself not do damage.
Something like the Exploder control (which warns the user before
shutting down the machine) should be good enough to show the flaws of
ActiveX without causing trouble.


A public discussion about how to best go about this attack should be
interesting. For obvious reason, the attack itself would have to be
done in secrecy.