More IE security woes uncovered

A PROGRAMMER, Mike Benham, has posted details of a vulnerability in Microsoft's Internet Explorer that, under certain circumstances, allows webmasters to generate what seems a valid Certificate Authority for any site, once they themselves have registered their own Certificate.

Benham's posting here says "Internet Explorer's implementation of SSL contains a vulnerability that allows for an active, undetected, man in the middle attack. No dialogs are shown, no warnings are given."

"This means," says Benham, "that as far as IE is concerned, anyone with a valid CA-signed certificate for ANY domain can generate a valid CA-signed certificate for ANY OTHER domain."

Benham, says Internet Explorer does not check the Basic Constraints of digital certificates that may be issued by localised, intermediary services. He says the security implications are "incredibly severe".

Separately, details have emerged of a rather convoluted yet still significant way of unravellng a PGP personal key. Researchers Bruce Schneier of Counterpane Internet Security Inc. and Jonathan Katz of the University of Maryland at College Park, say they found a way to modify an intercepted PGP message without descrambling it, the Wall Street Journal reports.

In the scenario, an intercepted message would be modified by the attacker and then passed to the recipient. If the recipient then tries to decode the message and is somehow persuaded to send the file back to the attacker, the resulting gibberish would expose the key and allow the message to be reconstructed.

A developer of OpenPGP, Jonathan Callas, told the Journal that an updated version of a OpenPGP that fixes the flaw had been developed. µ