Members
  • Total Members: 12814
  • Latest: Rono
Stats
  • Total Posts: 28517
  • Total Topics: 8240
  • Online Today: 976
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: BitDefender is in trouble with "revoked certificates"!  (Read 913 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


Bitdefender is set to fix a security flaw in its products that meant revoked certificates for potentially malicious sites could be replaced with legitimate ones.

The problem, which the security vendor considered a low-level threat, arose when revoked certificates were replaced with a BitDefender certificate for the purpose of scanning HTTPS traffic.

That meant admins of potentially dodgy sites could be given a means of attacking users.

The Chief Research Officer of Risk Based Security, Carsten Eiram, reported the flaws in BitDefender's Antivirus Plus, Internet Security, and Total Security lines which are set to be fixed this week.

“HTTPS scanning issues are something that a lot of people are focusing on,” Eiram told the IDG News Service: http://www.networkworld.com/article/2889693/some-bitdefender-products-break-https-certificate-revocation.html

“Someone is bound to download and check certificate validation in various security products including BitDefender.

“It’s just a matter of downloading the product and then visiting a site with a revoked certificate to see the unsafe behaviour.”

BitDefender's slip was light years from the dangers posed by the privacy-annihilating SuperFish interception kit or the borked PrivDog HTTPS fondler which prompted anger from privacy and security types over the last fortnight.

Its platforms replace HTTPS certificates to ensure a given site is legitimate. It first checks that a certificate is listed for the correct site and that is not expired, but failed to look for revocation status.

Eiram said feasible attacks include ARP spoofing, DNS hijacking, and evil twin WiFi attacks which can allow attackers to steal a victim's authentication tokens.

He says it it would be easy for attackers to test if other security platforms were meddling with certificate revocation checking using online services (*test by yourself): https://revoked.grc.com/

In July researcher Stefan Viehbock found since fixed holes in BitDefender's Gravity end-point protection platform that allow hackers to target corporate infrastructure allowing attackers to move laterally through a network: https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-3_Bitdefender_GravityZone_Multiple_critical_vulnerabilities_v10.txt

(ElReg)

Samker's Computer Forum - SCforum.info





 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising