Community member D.W. nominated this week’s question: What cryptographic flaw was exploited by Flame to get its code signed by Microsoft?
Hendrik Brummerman provided an in depth answer which was subsequently confirmed by updates from Microsoft:
There are multiple purposes a certificate may be used for. For example it may be used as a proof of identity of a person or webserver. It may be used for code sining or to sign other certificates.
In this case a certificate that was intended to sign license information was able to sign code.
It might be as simple as Microsoft not checking the purpose-flag of customer certificates they signed:
Specifically, when an enterprise customer requests a Terminal Services activation license, the certificate issued by Microsoft in response to the request allows code signing.
MD5 collision attackThe reference to an old algorithm might indicate a collision attack on the signing process: There was a talk at CCC 2008 called MD5 considered harmful today – Creating a rogue CA Certificate
The combination of a collision attack and a misuse of the certificate purpose were both theoretical possibilities before this attack, but the researchers of the original md5 collision attack published that the attackers used a new variant of the known md5 chosen prefix attack.
Mark Hillick listed a few useful links, around the wider problems the antivirus industry has – being a very reactionary industry its effectiveness is reduced – and a related presentation by Moxie Marlinspike on authentication.
Makerofthings7‘s answer focused on reducing the surface area of public trust – in this instance, it wouldn’t have prevented the attack, as the cert was signed by Microsoft, but it would improve security in general.
Liked this question of the week? Interested in reading it or adding an answer? See the question in full. Have questions of a security nature of your own? Security expert and want to help others? Come and join us at security.stackexchange.com.