Just in:
First-Ever Fortune Innovation Forum Draws Top Global Leaders to Hong Kong, Promoting Agendas On Collective Cross-Sector Advancement // Superland Announced Annual Results for 2023, 2023 Net Profit Increased approximately 39.5% to approximately HK$22.2 million as Compared to the 2022 Adjusted One // Sharjah Chamber Breaks Ground on Final Expansion with New HQ Pact // Emirates Post Speeds Up Deliveries for GCC with Special Day // Andertoons by Mark Anderson for Thu, 28 Mar 2024 // Infineon and HD Korea Shipbuilding & Offshore Engineering jointly develop ship electrification technology // Samsung Partners National Heritage Board to Bring a Slice of Singapore’s Cultural Heritage to Samsung The Frame TV // Universal Language for Healthcare: General Authority Embraces Global Coding System // Arvind Kejriwal Was Used By BJP In 2011 Movement To Take On The Congress // Ajman Celebrates Conclusion of Ramadan Activities with Grand Ceremony // Lisboeta Macau’s world first LINE FRIENDS PRESENTS CASA DE AMIGO and BROWN & FRIENDS CAFE & BISTRO has officially opened // Ingdan Announces 2023 Annual Results // U.S. Compliance Takes Center Stage at OKX Following Industry Jitters // Meta Earth Official Website Launch: The Pioneer Explorer in the Modular Public Blockchain Domain // German Job Market Resilience Bodes Well for Economic Recovery // Global Audience to Witness Thrill of Dubai World Cup // Emirati Aid Reaches Ukraine as Food Shortages Bite // Renewables Surge Sets Record, But Global Equity Lags // Experts come together to support updating the city’s nature conservation masterplan // AI Boost for Galaxy Devices: Samsung Expands One UI 6.1 Update //
HomeBiz TechProject Zero calls out Kaspersky AV for SSL interception practices

Project Zero calls out Kaspersky AV for SSL interception practices

kaspersky

Google’s Project Zero has found that it was previously trivial to create an SSL certificate collision thanks to Kaspersky using only the first 32 bits of an MD5 hash in its SSL proxy packaged with its Anti-Virus product.

“You don’t have to be a cryptographer to understand a 32-bit key is not enough to prevent brute-forcing a collision in seconds,” Tavis Ormandy of Project Zero said in its issue tracker.

ADVERTISEMENT

According to Ormandy, Kaspersky uses a Windows Filtering Platform driver to intercept all outgoing secure HTTP connections from a client, and inject itself between the browser and website.

“They effectively proxy SSL connections, inserting their own certificate as a trusted authority in the system store and then replace all leaf certificates on the fly. This is why if you examine a certificate when using Kaspersky Anti-Virus, the issuer appears to be ‘Kaspersky Anti-Virus Personal Root’,” he said.

“It seems incredible that Kaspersky haven’t noticed that they sometimes get certificate errors for mismatching commonNames just by random chance. When they get those errors, it’s only because an active attacker didn’t fix up DNS responses that they’re not giving remote websites access to other domain owners.”

After Ormandy reported the bug and received acknowledgement from Kaspersky on November 1, despite learning the security vendor was doing some commonName checks, the bug was still able to be exploited.

“If you’re not being attacked, you would see random errors. A MITM [man in the middle] can send you packets from where you were expecting,” Ormandy said on Twitter.

Ormandy also found another bug on November 12 that allowed any unprivileged user to become a local certificate authority.

Kaspersky fixed both bugs on December 28.

In May last year, the Project Zero security researcher discovered that Symantec Antivirus Engine was vulnerable to buffer overflow when parsing malformed portable-executable header files that resulted in instant blue-screening and kernel memory corruption without user action on Windows.

“This is about as bad as it can possibly get,” Ormandy said at the time. “This is a remote code execution vulnerability. Because Symantec use a filter driver to intercept all system I/O, just emailing a file to a victim or sending them a link is enough to exploit it.”

(via PCMag)

ADVERTISEMENT

ADVERTISEMENT
Just in:
Emirates Post Speeds Up Deliveries for GCC with Special Day // Following the Money Trail: US and UK Investigate $20 Billion in USDT Transfers Tied to Sanctioned Russian Exchange // Sharjah Chamber Breaks Ground on Final Expansion with New HQ Pact // Renewables Surge Sets Record, But Global Equity Lags // AIA Hong Kong Wins More Than 20 Accolades at MPF Ratings MPF Awards, BENCHMARK MPF of The Year Awards and Bloomberg Businessweek Top Fund Awards // Experience Ultimate Shopping Freedom at 4.4 Shopee Spree: Don’t Worry, Shop Shopee! // No running of govt from jail, says Delhi Lt Governor // Experts come together to support updating the city’s nature conservation masterplan // Sharpening the Focus: Sharjah Health Department Refines Evaluation Criteria for “Healthy Schools Programme” // Samsung Partners National Heritage Board to Bring a Slice of Singapore’s Cultural Heritage to Samsung The Frame TV // Hope for Respite as UAE Endorses UN Plea for Gaza Truce // Global Audience to Witness Thrill of Dubai World Cup // Emirati Aid Reaches Ukraine as Food Shortages Bite // Superland Announced Annual Results for 2023, 2023 Net Profit Increased approximately 39.5% to approximately HK$22.2 million as Compared to the 2022 Adjusted One // Meta Earth Official Website Launch: The Pioneer Explorer in the Modular Public Blockchain Domain // Ajman Celebrates Conclusion of Ramadan Activities with Grand Ceremony // Arvind Kejriwal Was Used By BJP In 2011 Movement To Take On The Congress // Konica Minolta is named ASEAN 2023 Market Leader in Colour Light and Mid Digital Production Printers // Lisboeta Macau’s world first LINE FRIENDS PRESENTS CASA DE AMIGO and BROWN & FRIENDS CAFE & BISTRO has officially opened // Andertoons by Mark Anderson for Thu, 28 Mar 2024 //