SSL/TLS์˜ MITM ์ทจ์•ฝ์„ฑ

3,583 views
Skip to first unread message

mongmong

unread,
Apr 8, 2009, 11:32:17โ€ฏPM4/8/09
to open web
SSL์˜ ์ค‘๊ฐ„๊ฐœ์ž…๊ณต๊ฒฉ(MITM)์— ์ทจ์•ฝ์„ฑ์ด ์žˆ๋‹ค๋Š” ์˜๊ฒฌ์ด ์žˆ๊ธด ํ•œ๋ฐ ๊ทธ ๊ธฐ์ˆ ์  ๋ฐฉ์‹์— ๋Œ€ํ•œ ์–ธ๊ธ‰์€ ์—†๋Š” ๊ฒƒ ๊ฐ™๋„ค์š”.
์ทจ์•ฝ์„ฑ์ด ์žˆ์œผ๋ฉด ๊ทธ ์ทจ์•ฝ์ ์ด ์ •ํ™•ํžˆ ์–ด๋–ค ๊ฒƒ์ธ์ง€ ์•„๋Š” ๊ฒƒ๋„ ์ค‘์š”ํ•˜๋‹ค๊ณ  ์ƒ๊ฐํ•ด์„œ
์ œ๊ฐ€ ์•„๋Š” ํ•œ๋„์—์„œ ์„ค๋ช…์„ ํ•ด๋ณด๊ฒ ์Šต๋‹ˆ๋‹ค.

๋ง ๊ทธ๋Œ€๋กœ MITM (man in the middle, ์ค‘๊ฐ„๊ฐœ์ž…) ์ทจ์•ฝ์„ฑ์ธ๋งŒํผ, ๊ทธ ์ทจ์•ฝ์„ฑ์ด ์‹œ์Šคํ…œ๊ถŒํ•œ ํƒˆ์ทจ๋ฅผ ํ•˜๋Š” ์›๊ฒฉ
exploit ๊ณผ ๊ฐ™์€ ๊ณต๊ฒฉ๊ณผ๋Š” ์ „ํ˜€ ๋‹ค๋ฅด๊ณ  ์„œ๋ฒ„/ํด๋ผ์ด์–ธํŠธ์— ๋Œ€ํ•œ ๊ถŒํ•œ์ด ์—†์ด๋„ ๊ฐ€๋Šฅํ•œ ๊ณต๊ฒฉ๋ฐฉ์‹์ž…๋‹ˆ๋‹ค.

SSL MITM ์˜ ๊ณต๊ฒฉ๋ฐฉ์‹์€ ๋„คํŠธ์›Œํฌ์ƒ์—์„œ ์„œ๋ฒ„์™€ ํด๋ผ์ด์–ธํŠธ์˜ ์ค‘๊ฐ„์œ„์น˜์— ์žˆ๋Š” ๊ณต๊ฒฉ์ž(proxy ์—ญํ• )๊ฐ€ SSL์˜
handshake step ์ค‘ share key(๋Œ€์นญ ๋น„๋ฐ€ํ‚ค) ๊ตํ™˜๋‹จ๊ณ„์—์„œ ๊ฐ€์งœ share key๋กœ ๋ฐ”๊พธ๋Š” ๋ฐฉ๋ฒ•์œผ๋กœ ๋ฐ์ดํ„ฐ๋ฅผ
๋ณ€์กฐํ•˜๊ฑฐ๋‚˜ id/pass ๋ฅผ ๋ณตํ˜ธํ™”ํ•ด๋‚ด๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.

๊ณต๊ฒฉ์ž A๋Š” ํด๋ผ์ด์–ธํŠธ๊ฐ€ ์„œ๋ฒ„์—๊ฒŒ ์ „์†กํ•˜๋Š” share key ๋ฅผ ๊ฐ€๋กœ์ฑ„์–ด์„œ ๊ฐ€์งœ share key๋กœ ๋ฐ”๊พผ ๋‹ค์Œ ์„œ๋ฒ„์—๊ฒŒ ์ „์†กํ•ฉ๋‹ˆ
๋‹ค. ๊ทธ๋Ÿฌ๋ฉด ์„œ๋ฒ„๋Š” ๊ฐ€์งœ share key ๋ฅผ ์•”ํ˜ธํ•œ ๋ฐ์ดํ„ฐ๋ฅผ ๊ณต๊ฒฉ์žA์—๊ฒŒ ๋ณด๋‚ด๊ณ  ๊ณต๊ฒฉ์žA๋Š” ๊ฐ€์งœ shared key๋กœ ๋ฐ์ดํ„ฐ
๋ฅผ ๋ณตํ˜ธํ™”ํ•˜๊ณ  ๋‹ค์‹œ ํด๋ผ์ด์–ธํŠธ์—๊ฒŒ์„œ ๊ฐ€๋กœ์ฑˆ shard key๋กœ ์•”ํ˜ธํ™”ํ•ด์„œ ํด๋ผ์ธ์–ธํŠธ์—๊ฒŒ๋กœ ์ „์†กํ•˜๋Š” ๊ณต๊ฒฉ๋ฐฉ์‹์ž…๋‹ˆ๋‹ค.

๋ฌธ์ œ๋Š” mitm ๊ณต๊ฒฉ์œผ๋กœ ์„œ๋ฒ„์™€ ํด๋ผ์ด์–ธํŠธ๋Š” ๋ฐ์ดํ„ฐ๊ฐ€ ๋ณ€์กฐ๋˜์–ด๋„ ์ „ํ˜€ ํ”ผํ•ด๋ฅผ ๋ˆˆ์น˜์ฑ„์ง€ ๋ชปํ•˜๋Š” ๊ฒƒ์— ๋Œ€ํ•ด ์‹ฌ๊ฐ์„ฑ์ด ์žˆ์Šต๋‹ˆ๋‹ค.

๋‹จ, ๊ทธ ๊ณต๊ฒฉ์ด ๊ฐ€๋Šฅํ• ๋ ค๋ฉด ๋„คํŠธ์›Œํฌ์ƒ์˜ ์ œ์•ฝ์ด ๋”ฐ๋ฆ…๋‹ˆ๋‹ค.

์ œ๊ฐ€ ์•„๋Š” ํ•œ๋„์—์„œ ๊ฐ€๋Šฅํ•œ ์กฐ๊ฑด์„ ์ƒ๊ฐํ•ด๋ณด๋ฉด

1. ๋™์ผ ์„œ๋ธŒ๋„ท์ƒ์˜ ๊ณต๊ฒฉ์ž๊ฐ€ arp spoofing ์œผ๋กœ ํŒจํ‚ท์„ ๊ฐ€๋กœ์ฑ„์–ด ๋ณ€์กฐ๊ฐ€ ๊ฐ€๋Šฅํ•  ๋•Œ.

2. dns ๋ณ€์กฐ(dns spoofing)๊ฐ€ ๊ฐ€๋Šฅํ•œ ๋ฌด์„  AP๋กœ ํ”ผํ•ด์ž๋“ค์˜ ์ ‘์†์„ ์œ ๋„ํ•˜์—ฌ ํŒจํ‚ท๋ณ€์กฐ๊ฐ€ ๊ฐ€๋Šฅํ•  ๋•Œ

mitm ๊ณต๊ฒฉ์„ ํ• ๋ ค๋ฉด ๊ณต๊ฒฉ์ž๋Š” ํŒจํ‚ท์˜ ๋ผ์šฐํŒ…์„ ์ œ์–ดํ•  ์ˆ˜ ์žˆ๊ธฐ ์œ„ํ•ด ํ”ผํ•ด์ž์™€ ๋™์ผ์„œ๋ธŒ๋„ท์ƒ์— ์žˆ๊ฑฐ๋‚˜ ํ”ผํ•ด์ž๊ฐ€ ์žˆ๋Š” ๋„คํŠธ์›Œํฌ๋‹จ
์— ์ œ์–ด๊ถŒ์ด ์žˆ์–ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.

์ด ์™ธ์— ๊ธฐ์ˆ ์ ์œผ๋กœ ssl/tls ๊ฐ€ mitm ๊ณต๊ฒฉ์— ๋…ธ์ถœ๋  ์ˆ˜ ์žˆ๋Š” ์–ด๋–ค ์กฐ๊ฑด๋“ค์ด ์žˆ๋Š” ์ง€ ์•„์‹œ๋ฉด ์•Œ๋ ค์ฃผ์‹œ๊ณ ,
์ œ ์„ค๋ช…์— ์˜ค๋ฅ˜๊ฐ€ ์žˆ๋‹ค๋ฉด ์ง€์ ํ•ด์ฃผ์‹œ๋ฉด ์ข‹๊ฒ ์Šต๋‹ˆ๋‹ค. ^^

๊ทธ๋ฆฌ๊ณ , ์ด๋Ÿฌํ•œ ssl mitm ๊ณต๊ฒฉ๋ฉ”์ปค๋‹ˆ์ฆ˜์„ ์‚ดํŽด๋ณด๊ฑด๋ฐ,
ssl/tls ๊ฐ€ mitm ๊ณต๊ฒฉ์— ์ทจ์•ฝํ•˜๋‹ค๋ฉด ํ˜„์žฌ ์ธํ„ฐ๋„ท๋ฑ…ํ‚น์ด activex ๋ณด์•ˆํ”Œ๋Ÿฌ๊ธด์„ ์‚ฌ์šฉํ•˜์—ฌ ๋ณด์•ˆ์ ‘์†ํ•˜๋Š” ๊ฒƒ๋„ ๋งค ํ•œ๊ฐ€์ง€
๋กœ mitm ์— ์ทจ์•ฝํ•  ๊ฒƒ์œผ๋กœ ์ƒ๊ฐ๋ฉ๋‹ˆ๋‹ค.

๋‹จ์ง€ activeX ๋ณด์•ˆ์ ‘์†์€ ssl์ฒ˜๋Ÿผ handshake spec ์ด ๊ณต๊ฐœ๋˜์–ด ์žˆ์ง€ ์•Š์•„์„œ ๊ทธ๊ฑธ ์•Œ์•„๋‚ด๋Š” ๋ฐ ์ข€ ๋” ์‹œ๊ฐ„์ด ์†Œ
์š”๋˜๋Š” ์ฐจ์ด๊ฐ€ ์žˆ๊ฒ ์ง€์š”.

์ฆ‰, ๋‘ ๊ฐ€์ง€ ๋ฐฉ์‹๋‹ค mitm ๊ณต๊ฒฉ์— ๋Œ€ํ•ด ๋„คํŠธ์›Œํฌ ๋ณด์•ˆ์„ฑ์„ ๋†’์—ฌ์•ผ ํ•  ๋ฌธ์ œ์ด์ง€
ssl/tls ๋งŒ ์ทจ์•ฝํ•˜๋‹ค๋Š” ๊ฑด ์•„๋‹ˆ๋ผ๊ณ  ์ƒ๊ฐํ•ฉ๋‹ˆ๋‹ค.

Matt Oh

unread,
Apr 8, 2009, 11:37:36โ€ฏPM4/8/09
to open...@googlegroups.com
์•„ ํ•œ๊ตญ์€ AP๋“ค์ด ๋งŽ์œผ๋‹ˆ rogue AP๋ฅผ ์ด์šฉํ•˜๋Š” ๊ฐ„๋‹จํ•œ ๋ฐฉ๋ฒ•๋„ ์žˆ์šธ ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค.

2009/4/8 mongmong <flyt...@gmail.com>



--
-matt

youknowit

unread,
Apr 9, 2009, 12:14:41โ€ฏAM4/9/09
to open web
mongmong/
์ž์„ธํ•œ ๊ธฐ์ˆ  ์„ค๋ช…, ๋Œ€๋‹จํžˆ ๊ฐ์‚ฌํ•ฉ๋‹ˆ๋‹ค. ๊ทธ๋Ÿฌ๋‚˜, ๋ง์”€ ํ•˜์‹  ์ทจ์•ฝ์ ์€ ํ˜น์‹œ SSL v. 2 ์—์„œ ๋ฌธ์ œ๊ฐ€ ๋˜์—ˆ๋˜ ๊ฒƒ์ด ์•„๋‹Œ์ง€์š”?
http://en.wikipedia.org/wiki/Transport_Layer_Security#Security ์ฐธ์กฐ.

SSL v.3 ๊ทธ๋ฆฌ๊ณ , ํ˜„์žฌ๋Š” ๊ฑฐ์˜ ๋Œ€๋ถ€๋ถ„์˜ ์‘์šฉํ”„๋กœ๊ทธ๋žจ์ด default ๋กœ ์ฑ„ํƒํ•˜๋Š” TLS ์—์„œ๋Š” ์„ ์ƒ๋‹˜๊ป˜์„œ ์ง€์ ํ•˜์…จ๋˜ ์ทจ์•ฝ์ 
์ด ๋Œ€๋ถ€๋ถ„ ๋ณด์™„๋œ ๊ฒƒ์œผ๋กœ ์ €๋Š” ์ดํ•ดํ•ฉ๋‹ˆ๋‹ค.

๊ทธ๋ฆฌ๊ณ , Client-authenticated TLS handshake ์˜ ๊ฒฝ์šฐ(์„œ๋ฒ„๋„ SSL ์ธ์ฆ์„œ๋ฅผ ์ œ์‹œํ•˜๊ณ , ์ ‘์†์ž๋„ ์ž
์‹ ์˜ user certificate ์„ ์ œ์‹œํ•˜๋Š” ์ ‘์†๋ฐฉ๋ฒ•)์—๋Š” ์ง€์ ํ•˜์‹  ๊ณต๊ฒฉ๋ฐฉ๋ฒ•์€ ํ˜„์‹ค์ ์œผ๋กœ ๋ถˆ๊ฐ€๋Šฅํ•œ ๊ฒƒ์œผ๋กœ ์ƒ๊ฐํ•ฉ๋‹ˆ๋‹ค.

SSL v.2๋Š” ํ˜„์žฌ ๋Œ€๋ถ€๋ถ„์˜ ์›น๋ธŒ๋ผ์šฐ์ €๊ฐ€ ๊ธฐ๋ณธ์ ์œผ๋กœ ์‚ฌ์šฉ๋ถˆ๊ฐ€ํ•˜๊ฒŒ ์„ค์ •๋˜์–ด ์žˆ๊ณ , ์˜คํŽ˜๋ผ ์›น๋ธŒ๋ผ์šฐ์ €๋Š” ์•„์˜ˆ ์ œ๊ฑฐํ•˜์˜€์Šต๋‹ˆ๋‹ค.

On Apr 9, 12:37 pm, Matt Oh <oh.jeongw...@gmail.com> wrote:
> ์•„ ํ•œ๊ตญ์€ AP๋“ค์ด ๋งŽ์œผ๋‹ˆ rogue AP๋ฅผ ์ด์šฉํ•˜๋Š” ๊ฐ„๋‹จํ•œ ๋ฐฉ๋ฒ•๋„ ์žˆ์šธ ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค.
>

> 2009/4/8 mongmong <flyto...@gmail.com>

mongmong

unread,
Apr 9, 2009, 1:26:53โ€ฏAM4/9/09
to open web
youknowit๋‹˜/

์ €๋กœ์„œ๋Š” SSL V2, V3 / TLS ์ŠคํŽ™๋ณ€๊ฒฝ์‚ฌํ•ญ์— ๋Œ€ํ•ด์„œ๋Š” ์ž˜ ์•Œ์ง€ ๋ชปํ•ฉ๋‹ˆ๋‹ค๋งŒ,
๋ณ„๋„๋กœ ์‹ ์›ํ™•์ธ์ ˆ์ฐจ๊ฐ€ ๋“ค์–ด๊ฐ€์ง€ ์•Š๋Š” ์ด์ƒ SSL MITM ์ทจ์•ฝ์„ฑ์€ ์—ฌ์ „ํžˆ ์กด์žฌํ•  ๊ฒƒ์ž…๋‹ˆ๋‹ค.


------------------------------------------------------- (์ธ์šฉ)
-------------------------------------------------------


๊ทธ๋ฆฌ๊ณ , Client-authenticated TLS handshake ์˜ ๊ฒฝ์šฐ(์„œ๋ฒ„๋„ SSL ์ธ์ฆ์„œ๋ฅผ ์ œ์‹œํ•˜๊ณ , ์ ‘์†์ž๋„
์ž
์‹ ์˜ user certificate ์„ ์ œ์‹œํ•˜๋Š” ์ ‘์†๋ฐฉ๋ฒ•)์—๋Š” ์ง€์ ํ•˜์‹  ๊ณต๊ฒฉ๋ฐฉ๋ฒ•์€ ํ˜„์‹ค์ ์œผ๋กœ ๋ถˆ๊ฐ€๋Šฅํ•œ ๊ฒƒ์œผ๋กœ ์ƒ๊ฐํ•ฉ๋‹ˆ๋‹ค.

--------------------------------------------------------------------------------------------------------------------
โ†‘
ssl mitm ์ด ๊ฐ€๋Šฅํ• ๋ ค๋ฉด ๋ณด์•ˆ์˜์‹์ด ๋‚ฎ์€ ์‚ฌ์šฉ์ž๊ฐ€ ssl์ธ์ฆ์„œ ๋ณด์•ˆ๊ฒฝ๊ณ ์ฐฝ์ด ๋– ๋„ ๋ฌด์‹ฌ์ฝ” "์˜ˆ"๋ฅผ ํด๋ฆญํ•ด์•ผ๋งŒ ๊ฐ€๋Šฅํ•ฉ๋‹ˆ๋‹ค.
๊ทธ๋ ‡์ง€๋งŒ Client-authenticated TLS handshake ์ฒ˜๋Ÿผ ํด๋ผ์ด์–ธํŠธ์˜ ์‹ ์›์„ ํ™•์ธํ•˜๋Š” ๊ณผ์ •์˜
handshake ๋ฅผ ํ•œ๋‹ค๋ฉด
์„œ๋ฒ„์ธก์—์„œ ๊ฐ€์งœ certificate ์— ์†์•„์ค„๋ฆฌ๊ฐ€ ๋งŒ๋ฌดํ•˜๊ฒ ์ง€์š”.

์ž˜ ์•„์‹œ๋‹ค์‹œํ”ผ Client-authenticated TLS handshake์œผ๋กœ ํด๋ผ์ด์–ธํŠธ์˜ ์‹ ์›ํ™•์ธ์ด ๋˜๋ ค๋ฉด
ํด๋ผ์ด์–ธํŠธ๊ฐ€ ์ž์ฒด๋ฐœ๊ธ‰ํ•œ certificate ๋กœ๋Š” ๋˜์งˆ ์•Š๊ณ  , ์ „์ž์„œ๋ช…์šฉ๋„๋Š” ์•„๋‹ˆ์ง€๋งŒ ๋งˆ์น˜ ActiveX ๋ณด์•ˆ์ ‘์†์‹œ ์ด์ฒด๊ฑฐ๋ž˜
์— ์‚ฌ์šฉ๋˜๋Š” ๊ณต์ธ์ธ์ฆ์„œ์ฒ˜๋Ÿผ ๊ณต์ธ๋œ ๊ธฐ๊ด€์œผ๋กœ๋ถ€ํ„ฐ ์‹ ์›ํ™•์ธ์šฉ ์ธ์ฆ์„œ(๊ณต๊ฐœํ‚ค) ๊ตฌ๋งค๊ฐ€ ํ•„์š”ํ•˜๊ฒ ์ง€์š”.
๊ทธ๋ž˜๋„ ์ค‘์š”ํ•œ ๊ฒƒ์€ ActiveX์ฒ˜๋Ÿผ ๋ณ„๋„ ํ”Œ๋Ÿฌ๊ทธ์ธ์œผ๋กœ ํ•˜์ง€ ์•Š๊ณ  ๋ธŒ๋ผ์šฐ์ €์ž์ฒด ๊ธฐ๋Šฅ๋งŒ์œผ๋กœ ๊ตฌํ˜„์ด ๊ฐ€๋Šฅํ•˜๋‹ค๋Š” ์ ์—์„œ๋Š” ์„œ๋กœ ๋‹ค๋ฆ…๋‹ˆ
๋‹ค.

ํ•˜์ง€๋งŒ, ์‹ค์ œ๋กœ๋Š” ์™ธ๊ตญ์€ํ–‰ ์ธํ„ฐ๋„ท๋ฑ…ํ‚น์‹œ์—๋„ ๋”ฐ๋กœ SSL/TLS ํด๋ผ์ด์–ธํŠธ ์ธ์ฆ๊ณผ์ •์€ ๊ฑฐ์น˜์ง€ ์•Š๋Š” ๊ฒƒ์œผ๋กœ ๋ณด์ž…๋‹ˆ๋‹ค.
๋ณด์•ˆ๊ฒฝ๊ณ ์— "์˜ˆ"๋ฅผ ํด๋ฆญํ•œ ์‚ฌ์šฉ์ž์—๊ฒŒ๋กœ ์ฑ…์ž„์„ ์ „๊ฐ€ํ•˜๋Š” ๊ฒƒ์ธ์ง€...

๊ทธ๋ฆฌ๊ณ  ์•„์ง IE 6.0 ์‚ฌ์šฉ์ž๋“ค์ด ๊ฝค ๋งŽ์€๋ฐ์š”.
์‚ฌ๋žŒ์ด๋ž€ ๊ทธ์ € ์ž์‹ ์ด ์˜ค๋ž˜ ์“ด ์ต์ˆ™ํ•œ ๊ฒƒ์ด ๋ฐ”๋€Œ๊ธฐ๋Š” ๊ฒƒ์— ๋Œ€ํ•ด ๋ณ€ํ™”๋ฅผ ์‹ซ์–ดํ•˜๊ฒŒ ๋งˆ๋ จ์ธ์ง€๋ผ..
์Šต๊ด€์ด ๋ฌด์„ญ๋‹ค๋ผ๋Š” ๋ง์ด ์ด๋ž˜์„œ ๋‚˜์˜จ ๊ฑฐ๊ฒ ์ฃ .

youknowit

unread,
Apr 9, 2009, 2:53:45โ€ฏAM4/9/09
to open web
client certificate ์ด๋ผ๋Š” ๊ฐœ๋…์€ "ํด๋ผ์ด์–ธํŠธ๊ฐ€ ์ž์ฒด ๋ฐœ๊ธ‰ํ•œ ์ธ์ฆ์„œ"๊ฐ€ ์•„๋‹ˆ๊ณ , ์‚ฌ๋žŒ๋“ค์ด ํ”ํžˆ ๋ฐœ๊ธ‰๋ฐ›์€ ๊ฐœ์ธ์šฉ ๊ณต
์ธ์ธ์ฆ์„œ๊ฐ€ ๋ฐ”๋กœ ํด๋ผ์ด์–ธํŠธ ์ธ์ฆ์„œ(user certificate) ์ž…๋‹ˆ๋‹ค.

์ผ๋ณธ์˜ ์€ํ–‰๋“ค์€ ์ด์ฒ˜๋Ÿผ ๊ฐœ์ธ ์ธ์ฆ์„œ๋ฅผ ์ œ์‹œํ•˜๋„๋ก ์š”๊ตฌํ•ฉ๋‹ˆ๋‹ค. ์ด๊ฒƒ(์ฆ‰, ๊ฐœ์ธ์ธ์ฆ์„œ ๋กœ๊ทธ์ธ)์„ ๊ตฌํ˜„ํ•˜๋Š”๋ฐ์—๋Š” ๋ณ„๋„์˜ ํ”Œ๋Ÿฌ๊ทธ์ธ์ด ํ•„
์š” ์—†์Šต๋‹ˆ๋‹ค. ์›น๋ธŒ๋ผ์šฐ์ €์— ์ด๋ฏธ ์ด ์ˆ˜์ค€์˜ ์ž‘์—…(๋กœ๊ทธ์ธ)์— ํ•„์š”ํ•œ ์„œ๋ช…๊ธฐ๋Šฅ์ด ์žˆ์Šต๋‹ˆ๋‹ค.

๊ตฌ๊ธ€์—์„œ client certificate authentication ์„ ๊ฒ€์ƒ‰ํ•˜์‹œ๋ฉด, ์„œ๋ฒ„ ์„ธํŒ…์„ ์–ด๋–ป๊ฒŒ ํ•˜๋ฉด ํด๋ผ์ด์–ธํŠธ ์›น๋ธŒ๋ผ
์šฐ์ €๋กœ ํ•˜์—ฌ๊ธˆ ์ธ์ฆ์„œ ๋กœ๊ทธ์ธ์„ ํ•˜๋„๋ก ํ•  ์ˆ˜ ์žˆ๋Š”์ง€์— ๋Œ€ํ•œ ์„ค๋ช…์„ ์ ์€ ํŽ˜์ด์ง€๋“ค์ด ๋‹ค์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. (๋ฌผ๋ก , ์ด๋ ‡๊ฒŒ ํ•˜๋ ค๋ฉด, ๊ณต์ธ
์ธ์ฆ์„œ๋ฅผ pfx ํŒŒ์ผํ˜•์‹์œผ๋กœ ๋ฏธ๋ฆฌ ๋‚ด๋ณด๋‚ด๊ธฐ ํ•ด๋‘์–ด์•ผ ํ•˜์ง€์š”)

youknowit

unread,
Apr 9, 2009, 3:07:25โ€ฏAM4/9/09
to open web
SSL v.3 ์™€ TLS ์˜ ๊ฒฝ์šฐ, shared key ๊ฐ€ ๋„คํŠธ์›์„ ์˜ค๊ฐ€์ง€๋Š” ์•Š์Šต๋‹ˆ๋‹ค. ๋”ฐ๋ผ์„œ ์ค‘๊ฐ„์— ๋ˆ„๊ฐ€ ๊ฐ€๋กœ์ฑŒ shared
key ์ž์ฒด๊ฐ€ ์—†์Šต๋‹ˆ๋‹ค.

๋Œ€์‹ ์—, ํด๋ผ์ด์–ธํŠธ๋Š” ์ž์‹ ์ด ์ž„์˜๋กœ ์ƒ์„ฑํ•œ ๋‚œ์ˆ˜(random number)๋ฅผ ์„œ๋ฒ„์ธ์ฆ์„œ๋กœ ์•”ํ˜ธํ™” ํ•œ ๊ฐ’์„ ์„œ๋ฒ„์—๊ฒŒ ๋ณด๋ƒ…๋‹ˆ๋‹ค.
์ด ๊ฐ’์„ ์ค‘๊ฐ„์—์„œ ๊ฐ€๋กœ์ฑ„ ๋ณธ๋“ค, ์„œ๋ฒ„์ธ์ฆ์„œ์— ์ƒ์‘ํ•˜๋Š” ๊ฐœ์ธํ‚ค(์˜ค์ง ์„œ๋ฒ„๋งŒ์ด ๊ฐ€์ง€๊ณ  ์žˆ์ง€์š”)๊ฐ€ ์—†๋Š” ๊ณต๊ฒฉ์ž๋Š” ๋‚œ์ˆ˜ ๊ฐ’์„ ํ™•์ธํ• 
์ˆ˜ ์—†์Šต๋‹ˆ๋‹ค.

shared key๋Š” ํด๋ผ์ด์–ธํŠธ๊ฐ€ ์•”ํ˜ธํ™” ํ•ด์„œ ๋ณด๋‚ด์˜จ ๋‚œ์ˆ˜(RN)๋ฅผ ์„œ๋ฒ„๊ฐ€ ๋ณตํ˜ธํ™” ํ•ด์„œ ํ™•์ธํ•œ ์ˆœ๊ฐ„๋ถ€ํ„ฐ ๊ฐ์ž์˜ ์ปดํ“จํ„ฐ์—์„œ (๋™์ผ
ํ•œ RN์—์„œ ์ถœ๋ฐœํ•˜์—ฌ) ๋…๋ฆฝ์ ์œผ๋กœ ์ƒ์„ฑ๋ฉ๋‹ˆ๋‹ค(๊ฒฐ๊ณผ ๊ฐ’์€ ๋ฌผ๋ก  ๊ฐ™์Šต๋‹ˆ๋‹ค. ๊ทธ๋ ‡์ง€ ์•Š์œผ๋ฉด "shared key" ๊ฐ€ ๋  ์ˆ˜ ์—†๊ฒ ์ง€
์š”). ์ด์ƒ์€ ์„œ๋ฒ„์ธ์ฆ์„œ์—๋งŒ ๊ธฐ์ดˆํ•œ SSL/TLS handshake ์ž…๋‹ˆ๋‹ค.

client certificate authentication ๊นŒ์ง€ ์ถ”๊ฐ€๋œ Handshake ์˜ ๊ฒฝ์šฐ์—๋Š”, ๋งˆ์ง€๋ง‰ ๋‹จ๊ณ„์—์„œ
client ์ปดํ“จํ„ฐ์˜ MAC ๊ฐ’๊นŒ์ง€ ํ™•์ธํ•˜๋Š” ๊ณผ์ •์ด ์žˆ์Šต๋‹ˆ๋‹ค. ๋”ฐ๋ผ์„œ MITM ๋Š” ํ˜„์‹ค์ ์œผ๋กœ ๋ถˆ๊ฐ€๋Šฅํ•ฉ๋‹ˆ๋‹ค.

http://en.wikipedia.org/wiki/Transport_Layer_Security ์„ ๋ณด์‹œ๋ฉด, ๋ณด๋‹ค ์ƒ์„ธํ•œ ์„ค๋ช…
์ด ์žˆ์Šต๋‹ˆ๋‹ค.

youknowit

unread,
Apr 9, 2009, 8:38:34โ€ฏPM4/9/09
to open web
https ์•”ํ˜ธํ™” ์ ‘์†์— ๋Œ€ํ•œ MITM ๊ณต๊ฒฉ ์‹œ์—ฐ(demo)์€ MS IE 6.0 ์—์„œ SSL2 ๋กœ ์ด๋ฃจ์–ด์กŒ๋˜ ์ ‘์†์„ ์ „์ œ๋กœ ํ•œ
๊ฒƒ๋“ค์ธ ๊ฒƒ์œผ๋กœ ๋ณด์ž…๋‹ˆ๋‹ค.

์„œ๋ฒ„๊ฐ€ SSLv2 ๋ฅผ ์•„์˜ˆ disable ์‹œํ‚ค๊ฑฐ๋‚˜, ํด๋ผ์ด์–ธํŠธ๊ฐ€ Firefox3๋‚˜ ๊ตฌ๊ธ€ํฌ๋กฌ, MS IE7 ์ดํ›„ ๋“ฑ, ๋น„๊ต์  ์ตœ
๊ทผ ๋ฒ„์ „์˜ ์›น๋ธŒ๋ผ์šฐ์ €๋ฅผ ์‚ฌ์šฉํ•˜๋Š” ๊ฒฝ์šฐ, ๋” ์ด์ƒ MITM ๋Š” ํ˜„์‹ค์„ฑ์ด ์—†๋Š” ์‹œ๋‚˜๋ฆฌ์˜ค๋ผ๊ณ  ์ƒ๊ฐํ•ฉ๋‹ˆ๋‹ค.

์•„ํŒŒ์น˜2 ์„œ๋ฒ„์˜ ๊ฒฝ์šฐ, ์„ค์ •ํŒŒ์ผ ์ค‘, ssl.conf ์—์„œ "SSLProtocol all -SSLv2" ๋ฅผ uncomment ํ•˜
๋ฉด, SSL2๋กœ๋Š” ์•„์˜ˆ ์ ‘์†ํ•  ์ˆ˜ ์—†๊ฒŒ ์„ค์ •์ด ๋ฉ๋‹ˆ๋‹ค.


On 4์›”9์ผ, ์˜คํ›„4์‹œ07๋ถ„, youknowit <keechang....@googlemail.com> wrote:
> SSL v.3 ์™€ TLS ์˜ ๊ฒฝ์šฐ, shared key ๊ฐ€ ๋„คํŠธ์›์„ ์˜ค๊ฐ€์ง€๋Š” ์•Š์Šต๋‹ˆ๋‹ค. ๋”ฐ๋ผ์„œ ์ค‘๊ฐ„์— ๋ˆ„๊ฐ€ ๊ฐ€๋กœ์ฑŒ shared
> key ์ž์ฒด๊ฐ€ ์—†์Šต๋‹ˆ๋‹ค.
>
> ๋Œ€์‹ ์—, ํด๋ผ์ด์–ธํŠธ๋Š” ์ž์‹ ์ด ์ž„์˜๋กœ ์ƒ์„ฑํ•œ ๋‚œ์ˆ˜(random number)๋ฅผ ์„œ๋ฒ„์ธ์ฆ์„œ๋กœ ์•”ํ˜ธํ™” ํ•œ ๊ฐ’์„ ์„œ๋ฒ„์—๊ฒŒ ๋ณด๋ƒ…๋‹ˆ๋‹ค.
> ์ด ๊ฐ’์„ ์ค‘๊ฐ„์—์„œ ๊ฐ€๋กœ์ฑ„ ๋ณธ๋“ค, ์„œ๋ฒ„์ธ์ฆ์„œ์— ์ƒ์‘ํ•˜๋Š” ๊ฐœ์ธํ‚ค(์˜ค์ง ์„œ๋ฒ„๋งŒ์ด ๊ฐ€์ง€๊ณ  ์žˆ์ง€์š”)๊ฐ€ ์—†๋Š” ๊ณต๊ฒฉ์ž๋Š” ๋‚œ์ˆ˜ ๊ฐ’์„ ํ™•์ธํ• 
> ์ˆ˜ ์—†์Šต๋‹ˆ๋‹ค.
>
> shared key๋Š” ํด๋ผ์ด์–ธํŠธ๊ฐ€ ์•”ํ˜ธํ™” ํ•ด์„œ ๋ณด๋‚ด์˜จ ๋‚œ์ˆ˜(RN)๋ฅผ ์„œ๋ฒ„๊ฐ€ ๋ณตํ˜ธํ™” ํ•ด์„œ ํ™•์ธํ•œ ์ˆœ๊ฐ„๋ถ€ํ„ฐ ๊ฐ์ž์˜ ์ปดํ“จํ„ฐ์—์„œ (๋™์ผ
> ํ•œ RN์—์„œ ์ถœ๋ฐœํ•˜์—ฌ) ๋…๋ฆฝ์ ์œผ๋กœ ์ƒ์„ฑ๋ฉ๋‹ˆ๋‹ค(๊ฒฐ๊ณผ ๊ฐ’์€ ๋ฌผ๋ก  ๊ฐ™์Šต๋‹ˆ๋‹ค. ๊ทธ๋ ‡์ง€ ์•Š์œผ๋ฉด "shared key" ๊ฐ€ ๋  ์ˆ˜ ์—†๊ฒ ์ง€
> ์š”). ์ด์ƒ์€ ์„œ๋ฒ„์ธ์ฆ์„œ์—๋งŒ ๊ธฐ์ดˆํ•œ SSL/TLS handshake ์ž…๋‹ˆ๋‹ค.
>
> client certificate authentication ๊นŒ์ง€ ์ถ”๊ฐ€๋œ Handshake ์˜ ๊ฒฝ์šฐ์—๋Š”, ๋งˆ์ง€๋ง‰ ๋‹จ๊ณ„์—์„œ
> client ์ปดํ“จํ„ฐ์˜ MAC ๊ฐ’๊นŒ์ง€ ํ™•์ธํ•˜๋Š” ๊ณผ์ •์ด ์žˆ์Šต๋‹ˆ๋‹ค. ๋”ฐ๋ผ์„œ MITM ๋Š” ํ˜„์‹ค์ ์œผ๋กœ ๋ถˆ๊ฐ€๋Šฅํ•ฉ๋‹ˆ๋‹ค.
>

> http://en.wikipedia.org/wiki/Transport_Layer_Security์„ ๋ณด์‹œ๋ฉด, ๋ณด๋‹ค ์ƒ์„ธํ•œ ์„ค๋ช…

์ • ํƒœ์˜

unread,
Apr 9, 2009, 9:02:42โ€ฏPM4/9/09
to open...@googlegroups.com
์ด๊ฒŒ ์‚ฌ์‹ค์ด๋ผ๊ณ  ํ•ด๋„ ๋ธŒ๋ผ์šฐ์ ธ ์—…๊ทธ๋ ˆ์ด๋“œ์— ์†Œ๊ทน์ ์ธ ๊ตญ๋‚ด ์‚ฌ์šฉ์ž ํ˜„ํ™ฉ๊ณผ
๊ทธ๋Ÿฐ ์‚ฌ์šฉ์ž๋“ค์„ ๋Œ์–ด์•ˆ์„ ์ˆ˜ ๋ฐ–์— ์—†๋Š” (๊ทธ๋Ÿฌ๋ฉด์„œ ์™œ FF, Opera, Safari,
Chrome ์‚ฌ์šฉ์ž๋“ค์„ ๋Œ์–ด์•ˆ๋Š”๋ฐ ์†Œ๊ทน์ ์ธ์ง€ ๋ชจ๋ฅด๊ฒ ์ง€๋งŒ) ์ƒํ™ฉ ์ƒ ๋ฌธ์ œ๊ฐ€ ์žˆ์„
์ˆ˜ ์žˆ๋‹ค๋Š” ๊ฒƒ์€ ์ธ์ •ํ•˜๋Š”๊ฒŒ ์ข‹์„ ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค.

๊ทธ๋Ÿฐ๋ฐ (๊ฑฐ๊ธฐ์„œ ๊ฑฐ๊ธฐ์ธ ๊ฒƒ์œผ๋กœ ๋ณด์ด๋Š”) XecureWeb, INISafeWeb ๋“ฑ์—์„œ๋„ ๋™์ผ
ํ•œ ๋ฌธ์ œ๊ฐ€ ์žˆ์„ํ…๋ฐ SSL์— ๋Œ€ํ•ด์„  ๊ทธ๋ ‡๊ฒŒ ๋น„ํŒํ•˜๋ฉด์„œ๋„ XecureWeb ์ด๋‚˜
INISafeWeb ๋“ฑ ๋งŒ์œผ๋กœ๋Š” ์•ˆ๋œ๋‹ค๋Š” ์–˜๊ธฐ๋Š” ์™œ ์•ˆ๋‚˜์˜ค๋Š”์ง€ ๋ชจ๋ฅด๊ฒ ์Šต๋‹ˆ๋‹ค.

์–ด์จŒ๊ฑฐ๋‚˜ ์ „์ž ์„œ๋ช… ๋“ฑ์ด 2์ฐจ์  ๋ณด์•ˆ ์žฅ์น˜๊ฐ€ ๋  ์ˆ˜ ์žˆ์œผ๋‹ˆ ํฐ ๋ฌธ์ œ๊ฐ€ ์—†๋‹ค๊ณ 
์ƒ๊ฐ๋˜๋Š”๋ฐ...



2009. 04. 10, ์˜ค์ „ 9:38, youknowit ์ž‘์„ฑ:

youknowit

unread,
Apr 9, 2009, 9:19:20โ€ฏPM4/9/09
to open web
ํ•˜ํ–ฅ ํ˜ธํ™˜์„ฑ(downward compatibility)๋ฅผ ์–ด๋А ์ •๋„๊นŒ์ง€ ํ™•๋ณดํ•ด ์ค„ ๊ฒƒ์ธ์ง€๋Š”, ์„œ๋น„์Šค์˜ ์„ฑ๊ฒฉ์— ๋”ฐ๋ผ ๋‹ค๋ฅด๊ฒŒ ํŒ๋‹จํ•ด
์•ผ ํ•˜์ง€ ์•Š์„๊นŒ์š”? ์˜ค๋ฝ๋ฌผ์ด๋ผ๊ฑฐ๋‚˜, ๋ณด์•ˆ๊ณผ ๋ณ„ ๊ด€๋ จ์ด ์—†๋Š” ์ฝ˜ํ…ํŠธ๋ผ๋ฉด, ๊ฐ€๊ธ‰์  ํ•˜ํ–ฅ ํ˜ธํ™˜์„ฑ์„ ๋„๋ฆฌ ํ™•๋ณดํ•ด์„œ ์ตœ๋Œ€ํ•œ ๋งŽ์€ ์ด์šฉ์ž
๋ฅผ ๋Œ์–ด์•ˆ์•„์•ผ ํ•˜๊ฒ ์ง€์š”.

๊ทธ๋Ÿฌ๋‚˜, ๋ฑ…ํ‚น ๋“ฑ ๋ณด์•ˆ์ด ํ•„์ˆ˜์ ์ธ ์„œ๋น„์Šค์˜ ๊ฒฝ์šฐ, ์ด๋ฏธ ์ทจ์•ฝ์ ์ด ๋“œ๋Ÿฌ๋‚œ SSL2 ๋ฅผ "๋Œ์–ด์•ˆ๊ณ  ๊ฐˆ" ์ด์œ ๋Š” ์ „ํ˜€ ์—†์Šต๋‹ˆ๋‹ค.
SSL2๋Š” ์ฆ‰๊ฐ disable ์‹œํ‚ค๊ณ , ์•ˆ์ „ํ•œ ํ”„๋กœํ† ์ฝœ(SSL3/TLS1)์„ ์‚ฌ์šฉํ•˜๋„๋ก ํ•ด์•ผ ํ•˜์ง€ ์•Š์„๊นŒ์š”? IE7์€ SSL3/
TLS1 ์„ ๊ธฐ๋ณธ์œผ๋กœ ์‚ฌ์šฉํ•ฉ๋‹ˆ๋‹ค. ์˜คํŽ˜๋ผ, ํŒŒ์ด์–ดํญ์Šค3 ๋“ฑ์€ ์•„์˜ˆ SSL2๋Š” ํ๊ธฐํ–ˆ์Šต๋‹ˆ๋‹ค.

๊ตญ๋‚ด ์€ํ–‰๋“ค์ด ์€๊ทผํžˆ ๊ณ ๊ฐ๋“ค์ด IE6๋ฅผ ๊ณ„์† ์‚ฌ์šฉํ•ด ์ฃผ๊ธฐ๋ฅผ ๋ฐ”๋ผ๋Š” ์ด์œ ๋Š” ์•กํ‹ฐ๋ธŒX ํ”Œ๋Ÿฌ๊ทธ์ธ ์„ค์น˜๊ฐ€ ์ƒ๋Œ€์ ์œผ๋กœ ์‰ฝ๊ธฐ ๋•Œ๋ฌธ์ด๋ผ๊ณ  ์ง
์ž‘ํ•ด ๋ด…๋‹ˆ๋‹ค. IE7์ด๋‚˜, IE8์—์„œ๋Š” ์›”๋“ฑ ๋งŽ์€ ๊ณ ๊ฐ๋ฌธ์˜๊ฐ€ ์‡„๋„ ํ•˜์ง€ ์•Š๊ฒ ์–ด์š”?

ํ˜„์žฌ ๋ฐฉ์‹(ํ”Œ๋Ÿฌ๊ทธ์ธ ์˜์กด ๋ฐฉ์‹)์€ ์กฐ๋งŒ๊ฐ„ ํ•œ๊ณ„์— ๋ถ€๋”›์น  ๊ฒƒ์œผ๋กœ ์ €๋Š” ์ƒ๊ฐํ•ฉ๋‹ˆ๋‹ค. ๋ง‰๋‹ค๋ฅธ ๊ณจ๋ชฉ์ด๋ž„๊นŒ...

ds1405s

unread,
Apr 9, 2009, 9:25:23โ€ฏPM4/9/09
to open web
ssl sniff ์ทจ์•ฝ์ ์— ๋Œ€ํ•˜์—ฌ์„œ๋Š” ์ตœ์‹  ๋ธŒ๋ผ์šฐ์ €๋“ค์ด ์–ด๋А์ •๋„ ๋Œ€์‘์„ ํ–ˆ์ง€๋งŒ,,
์–ผ๋งˆ์ „์— ๋ฐœํ‘œ๋œ ๋‚ด์šฉ์€ ssl strip์ž…๋‹ˆ๋‹ค..

http://www.circleid.com/posts/20090219_https_web_hijacking/
https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf

youknowit

unread,
Apr 9, 2009, 10:48:54โ€ฏPM4/9/09
to open web
๋„ค. ์•Œ๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.

sslstrip ์— ๋Œ€ํ•ด์„œ mountie ๋‹˜์ด ์ด๋ฏธ ๋Œ“๊ธ€์„ ๋‚จ๊ธฐ์‹  ๊ฒƒ์œผ๋กœ ๊ธฐ์–ตํ•ฉ๋‹ˆ๋‹ค๋งŒ, client certificate
authentication ์„ ์ฑ„ํƒํ•˜๋ฉด ๋งŒ์กฑ์Šค๋Ÿฝ๊ฒŒ ํ•ด๊ฒฐ๋  ๋ฌธ์ œ๋ผ๊ณ  ์ƒ๊ฐํ•ฉ๋‹ˆ๋‹ค.

sslstrip ์€ anonymous SSL session (์ฆ‰, ์„œ๋ฒ„๋งŒ์ด ์ธ์ฆ์„œ๋ฅผ ์‚ฌ์šฉํ•˜๊ณ , user๋Š” ์ž์‹ ์˜ ์ธ์ฆ์„œ๋ฅผ ์ œ์‹œํ•˜
์ง€ ์•Š๋Š” ์ ‘์†) ์—์„œ๋‚˜ ๊ฐ€๋Šฅํ•œ ๊ณต๊ฒฉ์ž…๋‹ˆ๋‹ค. ๊ตฌ๊ธ€, ํŽ˜์ดํŒ” ๋“ฑ ๋ง‰๋Œ€ํ•œ ์ˆ˜์˜ ์ด์šฉ์ž๋ฅผ ์ƒ๋Œ€๋กœ ์„œ๋น„์Šค๋ฅผ ์ œ๊ณตํ•˜๋Š” ๊ฒฝ์šฐ์—๋Š” ์ด์šฉ์ž๋“ค์—
๊ฒŒ ์ผ์ผ์ด ๊ฐœ์ธ์ธ์ฆ์„œ๋ฅผ ์š”๊ตฌํ•  ์ˆ˜ ์—†์ง€์š”.

๊ทธ๋Ÿฌ๋‚˜, ์€ํ–‰์€ ๋‹ค๋ฆ…๋‹ˆ๋‹ค. client authenticated session ์„ ์ฑ„ํƒํ•  ์ˆ˜ ์žˆ์ง€์š”. (๊ณต์ธ์ธ์ฆ์„œ ์ €์žฅ ์–‘์‹์„
pfx ๋‚˜ pkcs#11 ์œผ๋กœ ํ•˜๋ฉด ์ด์šฉ์ž์—๊ฒŒ ์•„๋ฌด๋Ÿฐ ๋ถˆํŽธ๋„ ์—†๊ณ , ๋ณ„๋„์˜ ํ”Œ๋Ÿฌ๊ทธ์ธ๋„ ํ•„์š” ์—†๊ฒ ์ง€์š”)

On 4์›”10์ผ, ์˜ค์ „10์‹œ25๋ถ„, ds1405s <ds14...@gmail.com> wrote:
> ssl sniff ์ทจ์•ฝ์ ์— ๋Œ€ํ•˜์—ฌ์„œ๋Š” ์ตœ์‹  ๋ธŒ๋ผ์šฐ์ €๋“ค์ด ์–ด๋А์ •๋„ ๋Œ€์‘์„ ํ–ˆ์ง€๋งŒ,,
> ์–ผ๋งˆ์ „์— ๋ฐœํ‘œ๋œ ๋‚ด์šฉ์€ ssl strip์ž…๋‹ˆ๋‹ค..
>

> http://www.circleid.com/posts/20090219_https_web_hijacking/https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-...

ds1405s

unread,
Apr 9, 2009, 11:19:00โ€ฏPM4/9/09
to open web
์ € ๊ณต๊ฒฉ์˜ ๊ฒฝ์šฐ์—๋Š”,,
์‚ฌ์šฉ์ž์—๊ฒŒ๋Š” http ์—ฐ๊ฒฐ์„ ์œ„ํ•œ handshake ์กฐ์ฐจ ์ด๋ฃจ์–ด์ง€์ง€ ์•Š๋Š” ๊ฒƒ์œผ๋กœ ๋ณด์ž…๋‹ˆ๋‹ค.
(์ž์‹ ์ด ์ ‘์†ํ•˜๋Š” ํŽ˜์ด์ง€๊ฐ€ SSL ์—ฐ๊ฒฐ์„ ์š”๊ตฌํ•˜๋Š”์ง€์กฐ์ฐจ ๋ชจ๋ฅด๋Š”,,,)
handshake ์‹œ ์„œ๋ฒ„์ธ์ฆ์„œ์™€ ํด๋ผ์ด์–ธํŠธ ์ธ์ฆ, ํ‚ค๊ตํ™˜ ๋“ฑ์˜ ๊ณผ์ •์„ ๊ฑฐ์น˜๋Š”๋ฐ
์ค‘๊ฐ„ ๊ณต๊ฒฉ์ž๊ฐ€ ์ด๋Ÿฐ ๊ณผ์ •์„ ๋Œ€์‹ ํ•˜๊ณ  http๊ฐ€ ์‚ฌ์šฉ์ž์—๊ฒŒ ์ „์†ก๋˜๊ธฐ ๋•Œ๋ฌธ์—
ํด๋ผ์ด์–ธํŠธ ์ธ์ฆ ๊ธฐ๋Šฅ์ด ์ œ๋Œ€๋กœ ๋™์ž‘ํ•˜์ง€ ์•Š์„ ๊ฒƒ ๊ฐ™๋„ค์š”..

๊ทธ๋ž˜์„œ Chrome์€ WhiteList๋ฐฉ์‹(๋ฐ˜๋“œ์‹œ SSL ์—ฐ๊ฒฐ์ด์–ด์•ผ ํ•˜๋Š” ์‚ฌ์ดํŠธ ๋ชฉ๋ก)์œผ๋กœ
์•ฝ๊ฐ„์˜ ๋Œ€์ฒ˜๋ฅผ ํ•˜๊ณ ์žˆ๋‹ค๊ณ  ํ•˜๋Š” ๊ฒƒ ์•„๋‹๋Ÿฐ์ง€์š”.

On 4์›”10์ผ, ์˜ค์ „11์‹œ48๋ถ„, youknowit <keechang....@googlemail.com> wrote:
> ๋„ค. ์•Œ๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.
>
> sslstrip ์— ๋Œ€ํ•ด์„œ mountie ๋‹˜์ด ์ด๋ฏธ ๋Œ“๊ธ€์„ ๋‚จ๊ธฐ์‹  ๊ฒƒ์œผ๋กœ ๊ธฐ์–ตํ•ฉ๋‹ˆ๋‹ค๋งŒ, client certificate
> authentication ์„ ์ฑ„ํƒํ•˜๋ฉด ๋งŒ์กฑ์Šค๋Ÿฝ๊ฒŒ ํ•ด๊ฒฐ๋  ๋ฌธ์ œ๋ผ๊ณ  ์ƒ๊ฐํ•ฉ๋‹ˆ๋‹ค.
>
> sslstrip ์€ anonymous SSL session (์ฆ‰, ์„œ๋ฒ„๋งŒ์ด ์ธ์ฆ์„œ๋ฅผ ์‚ฌ์šฉํ•˜๊ณ , user๋Š” ์ž์‹ ์˜ ์ธ์ฆ์„œ๋ฅผ ์ œ์‹œํ•˜
> ์ง€ ์•Š๋Š” ์ ‘์†) ์—์„œ๋‚˜ ๊ฐ€๋Šฅํ•œ ๊ณต๊ฒฉ์ž…๋‹ˆ๋‹ค. ๊ตฌ๊ธ€, ํŽ˜์ดํŒ” ๋“ฑ ๋ง‰๋Œ€ํ•œ ์ˆ˜์˜ ์ด์šฉ์ž๋ฅผ ์ƒ๋Œ€๋กœ ์„œ๋น„์Šค๋ฅผ ์ œ๊ณตํ•˜๋Š” ๊ฒฝ์šฐ์—๋Š” ์ด์šฉ์ž๋“ค์—
> ๊ฒŒ ์ผ์ผ์ด ๊ฐœ์ธ์ธ์ฆ์„œ๋ฅผ ์š”๊ตฌํ•  ์ˆ˜ ์—†์ง€์š”.
>
> ๊ทธ๋Ÿฌ๋‚˜, ์€ํ–‰์€ ๋‹ค๋ฆ…๋‹ˆ๋‹ค. client authenticated session ์„ ์ฑ„ํƒํ•  ์ˆ˜ ์žˆ์ง€์š”. (๊ณต์ธ์ธ์ฆ์„œ ์ €์žฅ ์–‘์‹์„
> pfx ๋‚˜ pkcs#11 ์œผ๋กœ ํ•˜๋ฉด ์ด์šฉ์ž์—๊ฒŒ ์•„๋ฌด๋Ÿฐ ๋ถˆํŽธ๋„ ์—†๊ณ , ๋ณ„๋„์˜ ํ”Œ๋Ÿฌ๊ทธ์ธ๋„ ํ•„์š” ์—†๊ฒ ์ง€์š”)
>
> On 4์›”10์ผ, ์˜ค์ „10์‹œ25๋ถ„, ds1405s <ds14...@gmail.com> wrote:
>
> > ssl sniff ์ทจ์•ฝ์ ์— ๋Œ€ํ•˜์—ฌ์„œ๋Š” ์ตœ์‹  ๋ธŒ๋ผ์šฐ์ €๋“ค์ด ์–ด๋А์ •๋„ ๋Œ€์‘์„ ํ–ˆ์ง€๋งŒ,,
> > ์–ผ๋งˆ์ „์— ๋ฐœํ‘œ๋œ ๋‚ด์šฉ์€ ssl strip์ž…๋‹ˆ๋‹ค..
>

> >http://www.circleid.com/posts/20090219_https_web_hijacking/https://ww......

Jung Tae-young

unread,
Apr 9, 2009, 11:58:04โ€ฏPM4/9/09
to open...@googlegroups.com
๋ˆ„๊ตฌ๋‚˜ ์ง‘(์ž์‹ ์˜ ์ปดํ“จํ„ฐ)์—์„œ ์ธํ„ฐ๋„ท ๋ฑ…ํ‚น์„ ์‚ฌ์šฉํ•˜๋Š”๊ฒŒ ์•„๋‹ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ด๋ฅผ
์ ์šฉํ•˜๊ธฐ ์‰ฝ์ง€ ์•Š์„ ๊ฒƒ ๊ฐ™์€๋ฐ์š”.

์ปดํ“จํ„ฐ๋ฅผ ์ž˜ ๋‹ค๋ฃจ์ง€ ๋ชปํ•˜๋Š” ๋ถ„๋“ค์ด ๊ฐ€์ด๋“œ๋ฅผ ํ†ตํ•ด ์–ด๋–ป๊ฒŒ๋“  ์ธํ„ฐ๋„ท ๋ฑ…ํ‚น์„ ํ•˜
๋Š”๋ฐ ์„ฑ๊ณตํ•  ์ˆ˜ ์žˆ์„์ง€๋Š” ๋ชจ๋ฅด์ง€๋งŒ, ๊ณผ์—ฐ ์ธํ„ฐ๋„ท ๋ฑ…ํ‚น์ด ๋๋‚˜๊ณ  ๋‚˜์„œ ์„ค์น˜ํ–ˆ
๋˜ ์ธ์ฆ์„œ๋ฅผ ์ž˜ ์ œ๊ฑฐํ•˜๊ณ  ์ผ์–ด๋‚ ์ง€ ์˜๋ฌธ์ž…๋‹ˆ๋‹ค.

๊ด€๋ จํ•ด์„œ ๋˜ ๋‹ค๋ฅธ ๋ฌธ์ œ๋ฅผ ์•ผ๊ธฐ์‹œํ‚ฌ ์ˆ˜๋„ ์žˆ์„ ๊ฒƒ ๊ฐ™๋„ค์š”.

youknowit ์“ด ๊ธ€:


> ๋„ค. ์•Œ๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.
>
> sslstrip ์— ๋Œ€ํ•ด์„œ mountie ๋‹˜์ด ์ด๋ฏธ ๋Œ“๊ธ€์„ ๋‚จ๊ธฐ์‹  ๊ฒƒ์œผ๋กœ ๊ธฐ์–ตํ•ฉ๋‹ˆ๋‹ค๋งŒ, client certificate
> authentication ์„ ์ฑ„ํƒํ•˜๋ฉด ๋งŒ์กฑ์Šค๋Ÿฝ๊ฒŒ ํ•ด๊ฒฐ๋  ๋ฌธ์ œ๋ผ๊ณ  ์ƒ๊ฐํ•ฉ๋‹ˆ๋‹ค.
>
> sslstrip ์€ anonymous SSL session (์ฆ‰, ์„œ๋ฒ„๋งŒ์ด ์ธ์ฆ์„œ๋ฅผ ์‚ฌ์šฉํ•˜๊ณ , user๋Š” ์ž์‹ ์˜ ์ธ์ฆ์„œ๋ฅผ ์ œ์‹œํ•˜
> ์ง€ ์•Š๋Š” ์ ‘์†) ์—์„œ๋‚˜ ๊ฐ€๋Šฅํ•œ ๊ณต๊ฒฉ์ž…๋‹ˆ๋‹ค. ๊ตฌ๊ธ€, ํŽ˜์ดํŒ” ๋“ฑ ๋ง‰๋Œ€ํ•œ ์ˆ˜์˜ ์ด์šฉ์ž๋ฅผ ์ƒ๋Œ€๋กœ ์„œ๋น„์Šค๋ฅผ ์ œ๊ณตํ•˜๋Š” ๊ฒฝ์šฐ์—๋Š” ์ด์šฉ์ž๋“ค์—
> ๊ฒŒ ์ผ์ผ์ด ๊ฐœ์ธ์ธ์ฆ์„œ๋ฅผ ์š”๊ตฌํ•  ์ˆ˜ ์—†์ง€์š”.
>
> ๊ทธ๋Ÿฌ๋‚˜, ์€ํ–‰์€ ๋‹ค๋ฆ…๋‹ˆ๋‹ค. client authenticated session ์„ ์ฑ„ํƒํ•  ์ˆ˜ ์žˆ์ง€์š”. (๊ณต์ธ์ธ์ฆ์„œ ์ €์žฅ ์–‘์‹์„
> pfx ๋‚˜ pkcs#11 ์œผ๋กœ ํ•˜๋ฉด ์ด์šฉ์ž์—๊ฒŒ ์•„๋ฌด๋Ÿฐ ๋ถˆํŽธ๋„ ์—†๊ณ , ๋ณ„๋„์˜ ํ”Œ๋Ÿฌ๊ทธ์ธ๋„ ํ•„์š” ์—†๊ฒ ์ง€์š”)

--
์˜ค๋žซ๋™์•ˆ ๊ฟˆ์„ ๊ทธ๋ฆฌ๋Š” ์‚ฌ๋žŒ์€ ๊ทธ ๊ฟˆ์„ ๋‹ฎ์•„๊ฐ„๋‹ค.

http://mytears.org/

dasony

unread,
Apr 10, 2009, 12:03:25โ€ฏAM4/10/09
to open web
๋™์˜ํ•ฉ๋‹ˆ๋‹ค. ํ˜„์žฌ Client Certificate๋ฅผ ๋„๋ฆฌ ์“ฐ์ง€๋Š” ์•Š๋‹ค๋ณด๋‹ˆ๊นŒ, ๊ฐ ๋ธŒ๋ผ์šฐ์ €์˜
ํ•ด๋‹น ๊ธฐ๋Šฅ์€ ํŽธ์˜์„ฑ์ด ๋งŽ์ด ๋–จ์–ด์ง€๋Š” ํŽธ์ž…๋‹ˆ๋‹ค. ๊ทธ๋ž˜์„œ USB ๋“ฑ์— ์ €์žฅํ•ด๋†“๊ณ 
์“ฐ๊ธฐ๋Š” ์ •๋ง ๊ท€์ฐฎ๊ฒŒ ๋˜์–ด์žˆ์ฃ . ๊ทธ๋ž˜์„œ ์ผ๋ฐ˜ ์‚ฌ์šฉ์ž๋“ค์ด ์‰ฝ๊ฒŒ ์“ธ ์ˆ˜ ์žˆ๋Š” UI๋ฅผ ๊ฐ€์ง„
Certificate ๊ด€๋ฆฌ ํ”„๋กœ๊ทธ๋žจ์„ ์ถ”๊ฐ€๋กœ ์ œ์ž‘ํ•˜์—ฌ ๋ฐฐํฌํ•ด์•ผ ํ•  ๊ฒƒ์ž…๋‹ˆ๋‹ค.
์ด๋Ÿฐ ํ”„๋กœ๊ทธ๋žจ์€ IE+ActiveX๋กœ ์ž‘์„ฑํ•ด๋„ ์ƒ๊ด€์—†๊ฒ ์ฃ . ํƒ€ ๋ธŒ๋ผ์šฐ์ €๋‚˜ ํƒ€ ํ”Œ๋žซํผ์€
๋ธŒ๋ผ์šฐ์ €์˜ ๊ธฐ๋Šฅ์„ ์‚ฌ์šฉํ•˜๊ฑฐ๋‚˜, ๋ถˆํŽธํ•œ ์‚ฌ๋žŒ์ด ์ง์ ‘ ๋งŒ๋“ค์–ด ๋ฐฐํฌํ•  ์ˆ˜๋„
์žˆ์„ํ…Œ๋‹ˆ๊นŒ์š”.

Jung Tae-young

unread,
Apr 10, 2009, 12:14:20โ€ฏAM4/10/09
to open...@googlegroups.com
์ด๋ ‡๊ฒŒ๊นŒ์ง€ ํ•˜๋Š”๊ฑฐ๋ผ๋ฉด ๊ณต์ธ ์ธ์ฆ ํ”Œ๋Ÿฌ๊ทธ์ธ์„ ํ™œ์šฉํ•˜๋Š”๊ฒŒ ๋” ํŽธํ•  ๊ฒƒ ๊ฐ™์Šต๋‹ˆ
๋‹ค. ํ”Œ๋Ÿฌ๊ทธ์ธ์ด๋“  activeX ์–ด์จŒ๊ฑด ํ•˜๋‚˜๋งŒ ์„ค์น˜ํ•˜๋ฉด ๋˜๋„๋ก์š”. ๊ทธ ์ „์— ๊ณต์ธ
์ธ์ฆ API๋ฅผ ํ‘œ์ค€ํ™”/๊ณต๊ฐœ ๋œ๋‹ค๋Š” ๊ฐ€์ • ํ•˜์—...


dasony ์“ด ๊ธ€:

swlee

unread,
Apr 10, 2009, 12:19:01โ€ฏAM4/10/09
to open web
์—ด๋ค ํ† ๋ก ์˜ ๋ถ„์œ„๊ธฐ๋„ค์š”..
์˜คํ”ˆ์›น์—์„œ ์ด๋Ÿฐ ์ง„์ง€ํ•œ ๋ณด์•ˆ ๊ธฐ์ˆ ์— ๋Œ€ํ•œ ๋…ผ์˜๊ฐ€ ๋ ์ค„์ด์•ผ...

์ด์™• ์‹œ์ž‘ํ–ˆ์œผ๋‹ˆ
๋ณด์•ˆ๊ด€๊ณ„์ž ๋ถ„๋“ค์ด ์šฐ๋ คํ•˜๋Š” ์ตœ์‹  ํ•ดํ‚น๊ธฐ๋ฒ•์— ๋Œ€ํ•œ SSL์˜ ํ•œ๊ณ„์— ๋Œ€ํ•ด์„œ
์ •ํ™•ํ•˜๊ฒŒ ์ดํ•ดํ•˜๋Š” ๊ฒƒ์ด ํ•„์š”ํ•  ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค.

์•„๋ž˜๋Š” ์˜จ๋ผ์ธ ๋ฑ…ํ‚น ์‹œ์Šคํ…œ์„ ๊ณต๊ฒฉํ•˜๋Š” ์•…์„ฑ์ฝ”๋“œ์— ๋Œ€ํ•œ ๊ฒฝ๊ณ ์ž…๋‹ˆ๋‹ค.
http://www.trustdefender.com/blog/2009/02/28/banking-malware-bankpatchc-shows-that-the-bad-guys-are-extremely-innovative/
BHO ํ˜•ํƒœ๋กœ ๋™์ž‘ํ•˜๊ธฐ ๋•Œ๋ฌธ์— SSL๋กœ๋Š” ๋ฐฉ์–ด๊ฐ€ ๋ถˆ๊ฐ€๋Šฅ ํ•ฉ๋‹ˆ๋‹ค.
๋‚ด์šฉ์—๋„ SSL๋กœ ์•”ํ˜ธํ™”๋œ HTML ์—์„œ๋„ ๋™์ž‘ํ•œ๋‹ค๋Š” ์ฝ”๋ฉ˜ํŠธ๊ฐ€ ์žˆ๋„ค์š”,,,

์ด๋ฏธ 2004๋…„์— BHO ๋กœ ๋™์ž‘ํ•˜๋Š” ๊ฒƒ์€ SSL ๋กœ ๋ฐฉ์–ด๊ฐ€ ๋ถˆ๊ฐ€๋Šฅ ํ•˜๋‹ค๊ณ  ํฌ์ŠคํŒ… ๋˜์–ด ์žˆ์Šต๋‹ˆ๋‹ค.
http://news.netcraft.com/archives/2004/06/30/hackers_manipulating_internet_explorer_addons.html

"It ultimately installs its keylogger trojan, which scans for https
sessions connecting to URLs of popular banks (including Citibank,
WestPac, Barcklays and HSBC) and then intercepts outbound data from IE
before it is encrypted using the Secure Sockets Layer (SSL) protocol."

์ด๋Ÿฐ ์•…์„ฑ์ฝ”๋“œ์— ๋Œ€ํ•ญํ•˜๊ธฐ ์œ„ํ•ด์„œ๋Š” ์•„๋ž˜ 4๊ฐ€์ง€ ๋ฐฉ๋ฒ•๋ฐ–์—๋Š” ์—†์„ ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค.
1, IE๋ฅผ ์‚ฌ์šฉํ•˜์ง€ ์•Š๋Š”๋‹ค.(BHO ๊ฐ€ IE ์ข…์†์ ์ธ ๊ธฐ์ˆ ์ด๊ธฐ ๋•Œ๋ฌธ์—)
2. ๋ฐ”์ด๋Ÿฌ์Šค ๋ฐฑ์‹  ํšŒ์‚ฌ๊ฐ€ ๋ฏธ์นœ๋“ฏ์ด ์—ด์‹ฌํžˆ ์ผํ•œ๋‹ค.
3. ์ด๋Ÿฐ ์•…์„ฑ์ฝ”๋“œ์— ๋Œ€ํ•œ ํ”ผํ•ด๋Š” ๊ฐ์ˆ˜ํ•œ๋‹ค.
4. APPLICATION ๋ ˆ๋ฒจ์—์„œ ๋ฐฉ์–ด๊ฐ€ ๋  ์ˆ˜ ์žˆ๋„๋ก ETE ๋ณด์•ˆ์ ‘์† ๋ชจ๋ธ์„ ํ•œ์ธต ๋” ๊ฐ•ํ™”์‹œํ‚จ๋‹ค..

ํ•œ๊ฐ€์ง€ ์žฌ๋ฏธ์žˆ๋Š” ์ ์€ ์ œ๊ฐ€ ์ž๋ฃŒ๋ฅผ ๊ฒ€์ƒ‰ํ•˜๋ฉด์„œ
์˜จ๋ผ์ธ ๋ฑ…ํ‚น ์•…์„ฑ์ฝ”๋“œ์˜ ์œ„ํ—˜๊ณผ ๊ฒฝ๊ณ ์— ๋Œ€ํ•ด ํฌ์ŠคํŒ… ๋œ ์‚ฌ๋ก€๊ฐ€
๊ตญ๋‚ด๋ณด๋‹ค๋Š” ์™ธ๊ตญ์ด ์••๋„์ ์œผ๋กœ ํ›จ์”ฌ ๋งŽ์•˜์Šต๋‹ˆ๋‹ค.

๊ตญ๋‚ด ์ธํ„ฐ๋„ท ๋ฑ…ํ‚น ๋ณด์•ˆํ™˜๊ฒฝ์ด ๊ทธ๋‚˜๋งˆ ์„ ๋ฐฉํ•˜๊ณ  ์žˆ๋‹ค๋Š” ๋А๋‚Œ์ž…๋‹ˆ๋‹ค.
๊ตฌ๊ธ€์—์„œ banking malware ๋กœ ๊ฒ€์ƒ‰ํ•ด ๋ณด๋‹ˆ ์–ด์ฐŒ๋‚˜ ๋งŽ์€ ์•…์„ฑ์ฝ”๋“œ๊ฐ€ ๋‚˜์˜ค๋˜์ง€,,,

๋˜ ์žฌ๋ฏธ์žˆ๋Š”๊ฒƒ์€ ํŒŒํญ์—์„œ ํ”Œ๋Ÿฌ๊ทธ์ธ์œผ๋กœ ๋™์ž‘ํ•˜๋Š” ์•…์„ฑ์ฝ”๋“œ์ž…๋‹ˆ๋‹ค.
http://blogs.zdnet.com/security/?p=2264

๊ตฌ๊ธ€์—์„œ FireFox banking malware ๋กœ ๊ฒ€์ƒ‰ํ•˜๋‹ˆ ์–ด์ฐŒ๋‚˜ ๋งŽ๋˜์ง€,,,

SSL๋งŒ์œผ๋กœ ์•ˆ์ „ํ•˜๋‹ค๋Š” ์™ธ๊ตญ ์€ํ–‰๋“ค ๋ณด๋‹ค๋Š”
์ธํ„ฐ๋„ท ๋ฑ…ํ‚น์‹œ ๋‹ค์–‘ํ•œ ๋ณด์•ˆ ํ™˜๊ฒฝ์„ ์•Œ์•„์„œ ์ œ๊ณตํ•˜๋Š”
๊ตญ๋‚ด ์€ํ–‰๋“ค์ด ๊ทธ๋‚˜๋งˆ ๋‚˜์€๊ฑด ์•„๋‹๊นŒ์š”?


On 4์›”10์ผ, ์˜ค์ „11์‹œ48๋ถ„, youknowit <keechang....@googlemail.com> wrote:

> ๋„ค. ์•Œ๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.
>
> sslstrip ์— ๋Œ€ํ•ด์„œ mountie ๋‹˜์ด ์ด๋ฏธ ๋Œ“๊ธ€์„ ๋‚จ๊ธฐ์‹  ๊ฒƒ์œผ๋กœ ๊ธฐ์–ตํ•ฉ๋‹ˆ๋‹ค๋งŒ, client certificate
> authentication ์„ ์ฑ„ํƒํ•˜๋ฉด ๋งŒ์กฑ์Šค๋Ÿฝ๊ฒŒ ํ•ด๊ฒฐ๋  ๋ฌธ์ œ๋ผ๊ณ  ์ƒ๊ฐํ•ฉ๋‹ˆ๋‹ค.
>
> sslstrip ์€ anonymous SSL session (์ฆ‰, ์„œ๋ฒ„๋งŒ์ด ์ธ์ฆ์„œ๋ฅผ ์‚ฌ์šฉํ•˜๊ณ , user๋Š” ์ž์‹ ์˜ ์ธ์ฆ์„œ๋ฅผ ์ œ์‹œํ•˜
> ์ง€ ์•Š๋Š” ์ ‘์†) ์—์„œ๋‚˜ ๊ฐ€๋Šฅํ•œ ๊ณต๊ฒฉ์ž…๋‹ˆ๋‹ค. ๊ตฌ๊ธ€, ํŽ˜์ดํŒ” ๋“ฑ ๋ง‰๋Œ€ํ•œ ์ˆ˜์˜ ์ด์šฉ์ž๋ฅผ ์ƒ๋Œ€๋กœ ์„œ๋น„์Šค๋ฅผ ์ œ๊ณตํ•˜๋Š” ๊ฒฝ์šฐ์—๋Š” ์ด์šฉ์ž๋“ค์—
> ๊ฒŒ ์ผ์ผ์ด ๊ฐœ์ธ์ธ์ฆ์„œ๋ฅผ ์š”๊ตฌํ•  ์ˆ˜ ์—†์ง€์š”.
>
> ๊ทธ๋Ÿฌ๋‚˜, ์€ํ–‰์€ ๋‹ค๋ฆ…๋‹ˆ๋‹ค. client authenticated session ์„ ์ฑ„ํƒํ•  ์ˆ˜ ์žˆ์ง€์š”. (๊ณต์ธ์ธ์ฆ์„œ ์ €์žฅ ์–‘์‹์„
> pfx ๋‚˜ pkcs#11 ์œผ๋กœ ํ•˜๋ฉด ์ด์šฉ์ž์—๊ฒŒ ์•„๋ฌด๋Ÿฐ ๋ถˆํŽธ๋„ ์—†๊ณ , ๋ณ„๋„์˜ ํ”Œ๋Ÿฌ๊ทธ์ธ๋„ ํ•„์š” ์—†๊ฒ ์ง€์š”)
>
> On 4์›”10์ผ, ์˜ค์ „10์‹œ25๋ถ„, ds1405s <ds14...@gmail.com> wrote:
>
>
>
> > ssl sniff ์ทจ์•ฝ์ ์— ๋Œ€ํ•˜์—ฌ์„œ๋Š” ์ตœ์‹  ๋ธŒ๋ผ์šฐ์ €๋“ค์ด ์–ด๋А์ •๋„ ๋Œ€์‘์„ ํ–ˆ์ง€๋งŒ,,
> > ์–ผ๋งˆ์ „์— ๋ฐœํ‘œ๋œ ๋‚ด์šฉ์€ ssl strip์ž…๋‹ˆ๋‹ค..
>

> >http://www.circleid.com/posts/20090219_https_web_hijacking/https://ww......

> > > > > ๋ฉด, SSL2๋กœ๋Š” ์•„์˜ˆ ์ ‘์†ํ•  ์ˆ˜ ์—†๊ฒŒ ์„ค์ •์ด ๋ฉ๋‹ˆ๋‹ค.- ๋”ฐ์˜จ ํ…์ŠคํŠธ ์ˆจ๊ธฐ๊ธฐ -
>
> - ๋”ฐ์˜จ ํ…์ŠคํŠธ ๋ณด๊ธฐ -

swlee

unread,
Apr 10, 2009, 12:26:59โ€ฏAM4/10/09
to open web
์•— ์ด๊ฑด ์ƒˆ๋กœ์šด ํฌ์ŠคํŠธ๋กœ ์˜ฌ๋ฆฌ๋ ค๋˜ ๊ฒƒ์ธ๋ฐ..
์ •์‹ ์ด ์—†๋‹ค๋ณด๋‹ˆ ์ด๊ณณ์— ์˜ฌ๋ผ ๊ฐ”๋„ค์š”.,
๋ฌด์Šจ์ƒ๊ฐํ•˜๊ณ  ์‚ฌ๋Š”๊ฑด์ง€.. ์ฃ„์†กํ•ฉ๋‹ˆ๋‹ค.

On 4์›”10์ผ, ์˜คํ›„1์‹œ19๋ถ„, swlee <Bang...@gmail.com> wrote:
> ์—ด๋ค ํ† ๋ก ์˜ ๋ถ„์œ„๊ธฐ๋„ค์š”..
> ์˜คํ”ˆ์›น์—์„œ ์ด๋Ÿฐ ์ง„์ง€ํ•œ ๋ณด์•ˆ ๊ธฐ์ˆ ์— ๋Œ€ํ•œ ๋…ผ์˜๊ฐ€ ๋ ์ค„์ด์•ผ...
>
> ์ด์™• ์‹œ์ž‘ํ–ˆ์œผ๋‹ˆ
> ๋ณด์•ˆ๊ด€๊ณ„์ž ๋ถ„๋“ค์ด ์šฐ๋ คํ•˜๋Š” ์ตœ์‹  ํ•ดํ‚น๊ธฐ๋ฒ•์— ๋Œ€ํ•œ SSL์˜ ํ•œ๊ณ„์— ๋Œ€ํ•ด์„œ
> ์ •ํ™•ํ•˜๊ฒŒ ์ดํ•ดํ•˜๋Š” ๊ฒƒ์ด ํ•„์š”ํ•  ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค.
>

> ์•„๋ž˜๋Š” ์˜จ๋ผ์ธ ๋ฑ…ํ‚น ์‹œ์Šคํ…œ์„ ๊ณต๊ฒฉํ•˜๋Š” ์•…์„ฑ์ฝ”๋“œ์— ๋Œ€ํ•œ ๊ฒฝ๊ณ ์ž…๋‹ˆ๋‹ค.http://www.trustdefender.com/blog/2009/02/28/banking-malware-bankpatc...


> BHO ํ˜•ํƒœ๋กœ ๋™์ž‘ํ•˜๊ธฐ ๋•Œ๋ฌธ์— SSL๋กœ๋Š” ๋ฐฉ์–ด๊ฐ€ ๋ถˆ๊ฐ€๋Šฅ ํ•ฉ๋‹ˆ๋‹ค.
> ๋‚ด์šฉ์—๋„ SSL๋กœ ์•”ํ˜ธํ™”๋œ HTML ์—์„œ๋„ ๋™์ž‘ํ•œ๋‹ค๋Š” ์ฝ”๋ฉ˜ํŠธ๊ฐ€ ์žˆ๋„ค์š”,,,
>

> ์ด๋ฏธ 2004๋…„์— BHO ๋กœ ๋™์ž‘ํ•˜๋Š” ๊ฒƒ์€ SSL ๋กœ ๋ฐฉ์–ด๊ฐ€ ๋ถˆ๊ฐ€๋Šฅ ํ•˜๋‹ค๊ณ  ํฌ์ŠคํŒ… ๋˜์–ด ์žˆ์Šต๋‹ˆ๋‹ค.http://news.netcraft.com/archives/2004/06/30/hackers_manipulating_int...


>
> "It ultimately installs its keylogger trojan, which scans for https
> sessions connecting to URLs of popular banks (including Citibank,
> WestPac, Barcklays and HSBC) and then intercepts outbound data from IE
> before it is encrypted using the Secure Sockets Layer (SSL) protocol."
>
> ์ด๋Ÿฐ ์•…์„ฑ์ฝ”๋“œ์— ๋Œ€ํ•ญํ•˜๊ธฐ ์œ„ํ•ด์„œ๋Š” ์•„๋ž˜ 4๊ฐ€์ง€ ๋ฐฉ๋ฒ•๋ฐ–์—๋Š” ์—†์„ ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค.
> 1, IE๋ฅผ ์‚ฌ์šฉํ•˜์ง€ ์•Š๋Š”๋‹ค.(BHO ๊ฐ€ IE ์ข…์†์ ์ธ ๊ธฐ์ˆ ์ด๊ธฐ ๋•Œ๋ฌธ์—)
> 2. ๋ฐ”์ด๋Ÿฌ์Šค ๋ฐฑ์‹  ํšŒ์‚ฌ๊ฐ€ ๋ฏธ์นœ๋“ฏ์ด ์—ด์‹ฌํžˆ ์ผํ•œ๋‹ค.
> 3. ์ด๋Ÿฐ ์•…์„ฑ์ฝ”๋“œ์— ๋Œ€ํ•œ ํ”ผํ•ด๋Š” ๊ฐ์ˆ˜ํ•œ๋‹ค.
> 4. APPLICATION ๋ ˆ๋ฒจ์—์„œ ๋ฐฉ์–ด๊ฐ€ ๋  ์ˆ˜ ์žˆ๋„๋ก ETE ๋ณด์•ˆ์ ‘์† ๋ชจ๋ธ์„ ํ•œ์ธต ๋” ๊ฐ•ํ™”์‹œํ‚จ๋‹ค..
>
> ํ•œ๊ฐ€์ง€ ์žฌ๋ฏธ์žˆ๋Š” ์ ์€ ์ œ๊ฐ€ ์ž๋ฃŒ๋ฅผ ๊ฒ€์ƒ‰ํ•˜๋ฉด์„œ
> ์˜จ๋ผ์ธ ๋ฑ…ํ‚น ์•…์„ฑ์ฝ”๋“œ์˜ ์œ„ํ—˜๊ณผ ๊ฒฝ๊ณ ์— ๋Œ€ํ•ด ํฌ์ŠคํŒ… ๋œ ์‚ฌ๋ก€๊ฐ€
> ๊ตญ๋‚ด๋ณด๋‹ค๋Š” ์™ธ๊ตญ์ด ์••๋„์ ์œผ๋กœ ํ›จ์”ฌ ๋งŽ์•˜์Šต๋‹ˆ๋‹ค.
>
> ๊ตญ๋‚ด ์ธํ„ฐ๋„ท ๋ฑ…ํ‚น ๋ณด์•ˆํ™˜๊ฒฝ์ด ๊ทธ๋‚˜๋งˆ ์„ ๋ฐฉํ•˜๊ณ  ์žˆ๋‹ค๋Š” ๋А๋‚Œ์ž…๋‹ˆ๋‹ค.
> ๊ตฌ๊ธ€์—์„œ banking malware ๋กœ ๊ฒ€์ƒ‰ํ•ด ๋ณด๋‹ˆ ์–ด์ฐŒ๋‚˜ ๋งŽ์€ ์•…์„ฑ์ฝ”๋“œ๊ฐ€ ๋‚˜์˜ค๋˜์ง€,,,
>

> ๋˜ ์žฌ๋ฏธ์žˆ๋Š”๊ฒƒ์€ ํŒŒํญ์—์„œ ํ”Œ๋Ÿฌ๊ทธ์ธ์œผ๋กœ ๋™์ž‘ํ•˜๋Š” ์•…์„ฑ์ฝ”๋“œ์ž…๋‹ˆ๋‹ค.http://blogs.zdnet.com/security/?p=2264

> > - ๋”ฐ์˜จ ํ…์ŠคํŠธ ๋ณด๊ธฐ -- ๋”ฐ์˜จ ํ…์ŠคํŠธ ์ˆจ๊ธฐ๊ธฐ -

Jung Tae-young

unread,
Apr 10, 2009, 12:27:54โ€ฏAM4/10/09
to open...@googlegroups.com
swlee ์“ด ๊ธ€:

> ์ด๋Ÿฐ ์•…์„ฑ์ฝ”๋“œ์— ๋Œ€ํ•ญํ•˜๊ธฐ ์œ„ํ•ด์„œ๋Š” ์•„๋ž˜ 4๊ฐ€์ง€ ๋ฐฉ๋ฒ•๋ฐ–์—๋Š” ์—†์„ ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค.
> 1, IE๋ฅผ ์‚ฌ์šฉํ•˜์ง€ ์•Š๋Š”๋‹ค.(BHO ๊ฐ€ IE ์ข…์†์ ์ธ ๊ธฐ์ˆ ์ด๊ธฐ ๋•Œ๋ฌธ์—)
๊ตญ๋‚ด ์ƒํ™ฉ์— ๋Œ€์ž…ํ•˜๋ฉด '์ธํ„ฐ๋„ท ๋ฑ…ํ‚น์„ ์‚ฌ์šฉํ•˜์ง€ ์•Š๋Š”๋‹ค.'๊ฐ€ ๋˜๊ฒ ๊ตฐ์š”.

์•…์„ฑ ์ฝ”๋“œ์˜ ์œ„ํ—˜์„ฑ์ด ๋ฐœํ‘œ๋œ ์‚ฌ๋ก€๊ฐ€ ๊ตญ๋‚ด๋ณด๋‹ค๋Š” ์™ธ๊ตญ์ด ์••๋„์ ์œผ๋กœ ๋งŽ๋‹ค๋Š”
์ ์ด ๊ตญ๋‚ด ์ธํ„ฐ๋„ท ๋ฑ…ํ‚น์ด ๋” ์„ ๋ฐฉํ•˜๊ณ  ์žˆ๋Š”๊ฒŒ ์•„๋‹ˆ๋ƒ๋Š” ๊ฒฐ๋ก ์€ ์กฐ๊ธˆ ์ด๋ฅด๋‹ค๊ณ 
์ƒ๊ฐํ•ฉ๋‹ˆ๋‹ค. ๊ด€๋ จ ์ธ๋ ฅ์˜ ์ˆ˜ ์ฐจ์ด๋„ ์žˆ๊ฒ ๊ณ , ๊ตญ๋‚ด์—์„œ๋Š” ๋ฌธ์ œ์ ์„ ์•Œ์•„๋„ ๊ณต
๊ฐœํ•˜์ง€ ์•Š๋Š” ์„ฑํ–ฅ(์ž๊ธฐ๋งŒ ์•Œ๊ณ  ์žˆ์œผ๋ ค๊ณ  ํ•˜๋Š”)์ด ๋งค์šฐ ๊ทน์‹ฌํ•˜๋‹ค๋Š” ๊ฒƒ์„ ๊ณ ๋ ค
ํ•ด์•ผ๋‹ˆ๊นŒ์š”.

swlee

unread,
Apr 10, 2009, 12:45:32โ€ฏAM4/10/09
to open web
> ์•…์„ฑ ์ฝ”๋“œ์˜ ์œ„ํ—˜์„ฑ์ด ๋ฐœํ‘œ๋œ ์‚ฌ๋ก€๊ฐ€ ๊ตญ๋‚ด๋ณด๋‹ค๋Š” ์™ธ๊ตญ์ด ์••๋„์ ์œผ๋กœ ๋งŽ๋‹ค๋Š”
> ์ ์ด ๊ตญ๋‚ด ์ธํ„ฐ๋„ท ๋ฑ…ํ‚น์ด ๋” ์„ ๋ฐฉํ•˜๊ณ  ์žˆ๋Š”๊ฒŒ ์•„๋‹ˆ๋ƒ๋Š” ๊ฒฐ๋ก ์€ ์กฐ๊ธˆ ์ด๋ฅด๋‹ค๊ณ 
> ์ƒ๊ฐํ•ฉ๋‹ˆ๋‹ค. ๊ด€๋ จ ์ธ๋ ฅ์˜ ์ˆ˜ ์ฐจ์ด๋„ ์žˆ๊ฒ ๊ณ , ๊ตญ๋‚ด์—์„œ๋Š” ๋ฌธ์ œ์ ์„ ์•Œ์•„๋„ ๊ณต
> ๊ฐœํ•˜์ง€ ์•Š๋Š” ์„ฑํ–ฅ(์ž๊ธฐ๋งŒ ์•Œ๊ณ  ์žˆ์œผ๋ ค๊ณ  ํ•˜๋Š”)์ด ๋งค์šฐ ๊ทน์‹ฌํ•˜๋‹ค๋Š” ๊ฒƒ์„ ๊ณ ๋ ค
> ํ•ด์•ผ๋‹ˆ๊นŒ์š”.

๋ณด์•ˆ ๊ธฐ์ˆ ์— ๋Œ€ํ•ด์„œ๋Š” ๊ทธ๋Ÿด์ˆ˜๋„ ์žˆ์„ ๊ฒƒ์ž…๋‹ˆ๋‹ค.

ํ•˜์ง€๋งŒ ์•…์„ฑ์ฝ”๋“œ๋งŒํผ์€ ๋‹ค๋ฆ…๋‹ˆ๋‹ค.
๊ตญ๋‚ด๋„ ๋‚จ๋ณด๋‹ค ๋จผ์ € ๋ฐœ๊ฒฌํ•ด์„œ ๋ณด๊ณ ํ•˜๋Š”๊ฒƒ์€
์™ธ๊ตญ๊ณผ ๊ฒฐ์ฝ” ๋‹ค๋ฅด์ง€ ์•Š์Šต๋‹ˆ๋‹ค.
๋ฐฑ์‹ ์—…์ฒด ์ž…์žฅ์„ธ์„œ ์ƒˆ๋กœ์šด ์•…์„ฑ์ฝ”๋“œ์˜ ๋ฐœ๊ฒฌ๋ฐ ๋ฐœํ‘œ, ๋ฐฑ์‹  ์—…๋ฐ์ดํŠธ๋Š”
์‚ฌํ™œ์ด ๊ฑธ๋ฆฐ ๋ฌธ์ œ์ธ๋ฐ์š”..

์ƒˆ๋กœ์šด ํฌ์ŠคํŠธ ์ฃผ๊ฒŒ๋กœ ๊ธ€ ์˜ฌ๋ ธ์Šต๋‹ˆ๋‹ค.

์ œ ๊ธ€์— ๋Œ€ํ•œ ๋ฐ˜๋ก ๋ฐ ์˜๊ฒฌ์€ ์ƒˆ๋กœ์šด ํฌ์ŠคํŠธ์— ๋ถ€ํƒ ๋“œ๋ฆฝ๋‹ˆ๋‹ค.
์ด ์“ฐ๋ ˆ๋“œ์—์„œ ์ฝ”๋ฉ˜ํŠธ๋กœ ์˜ฌ๋ฆฐ์ 
๋‹ค์‹œ ์‚ฌ๊ณผ ๋“œ๋ฆฝ๋‹ˆ๋‹ค.

youknowit

unread,
Apr 10, 2009, 10:45:07โ€ฏAM4/10/09
to open web
SSL strip ์— ๋Œ€ํ•œ ๊ฐ€์žฅ ํ™•์‹คํ•œ ๋ฐฉ์–ด์ฑ…์€ ๋ฌผ๋ก  ์„œ๋ฒ„์ธ์ฆ์„œ์— ๋”ํ•˜์—ฌ, user certificate ์ œ์‹œ๋ฅผ ์š”๊ตฌํ•˜๋Š” ๋ฐฉ๋ฒ•์ด
์ง€๋งŒ, ๊ณต์ธ์ธ์ฆ์„œ๊ฐ€ ํ˜„์žฌ ์ €์žฅ๋˜๋Š” ๋ฐฉ์‹์ด ์ข€ ๋…ํŠนํ•ด์„œ ์›น๋ธŒ๋ผ์šฐ์ €์— ๊ธฐ๋ณธ ํƒ‘์žฌ๋œ user certificate login ๊ธฐ๋Šฅ์„
๊ทธ๋Œ€๋กœ ์‚ฌ์šฉํ•  ์ˆ˜๋Š” ์—†์Šต๋‹ˆ๋‹ค(๋ณด์•ˆ ํ† ํฐ์— PKCS#11 ๋ฐฉ์‹์œผ๋กœ ์ €์žฅ๋˜๋Š” ๊ณต์ธ์ธ์ฆ์„œ์ธ ๊ฒฝ์šฐ์—๋Š” ๋ณ„ ๋ฌธ์ œ ์—†์Šต๋‹ˆ๋‹ค๋งŒ). ๊ณ ๊ฐ์ด ์ž
์‹ ์˜ ๊ณต์ธ์ธ์ฆ์„œ๋ฅผ pfx (PKCS#12 ์–‘์‹)์œผ๋กœ ๋ณ€ํ™˜ํ•ด์•ผ ํ•˜๋Š”๋ฐ, ์ด ๋ฐฉ๋ฒ•์„ ์•„๋Š” ์‚ฌ๋žŒ์ด ๋งŽ์ง€๋Š” ์•Š์ง€์š”(ํ˜„์žฌ๋„ ๊ฐ€๋Šฅํ•˜๊ธด ํ•˜์ง€
๋งŒ: ์ธ์ฆ์„œ ๋‚ด๋ณด๋‚ด๊ธฐ)

๊ทธ๋Ÿฌ๋‚˜, ์„œ๋ฒ„๊ฐ€ EV ์ธ์ฆ์„œ๋ฅผ ์ฑ„ํƒํ•  ๊ฒฝ์šฐ, sslstrip ๊ณต๊ฒฉ์€ ๊ฑฐ์˜ ํ˜„์‹ค์„ฑ์ด ์—†๊ฒŒ ๋ฉ๋‹ˆ๋‹ค. sslstrip ๊ณต๊ฒฉ์€ ๊ณ ๊ฐ์ด
์›น์ฃผ์†Œ ๋“ฑ์„ ๊ผผ๊ผผํžˆ ํ™•์ธํ•˜์ง€ ์•Š๊ณ  ๊ฑฐ๋ž˜๋ฅผ ์ง„ํ–‰ํ•œ๋‹ค๋Š” ํ–‰ํƒœ(user behaviour)์— ์˜์กดํ•˜๋Š” ๊ณต๊ฒฉ์ž…๋‹ˆ๋‹ค. ๊ทธ๋Ÿฌ๋‚˜, EV ์ธ์ฆ
์„œ๋ฅผ ์„œ๋ฒ„๊ฐ€ ์ฑ„ํƒํ•˜๋ฉด, ๋กœ๊ทธ์ธ ๋“ฑ https ์ ‘์† ํŽ˜์ด์ง€ ์ฃผ์†Œ์ฐฝ์—๋Š” ๋ˆˆ์— "ํ™• ๋„๋Š”" ํผ์งํ•œ ์”ฐ(seal) ์ด ๋‚˜ํƒ€๋‚ฉ๋‹ˆ๋‹ค. ์˜ˆ
๋ฅผ ๋“ค์–ด, ๋‹ค์Œ(daum) ๋กœ๊ทธ์ธ ํŽ˜์ด์ง€๋ฅผ ๋ณด์‹œ๊ธฐ ๋ฐ”๋ž๋‹ˆ๋‹ค.

์€ํ–‰์ด ๊ณ ๊ฐ๋“ค์—๊ฒŒ, ๋กœ๊ทธ์ธ ํ• ๋•Œ ์ฃผ์†Œ์ฐฝ์— ์”ฐ์ด ๋‚˜ํƒ€๋‚˜๋Š” ๊ฒƒ์„ ํ™•์ธํ•˜๋ผ๊ณ  ์•ˆ๋‚ดํ•  ๊ฒฝ์šฐ, ๊ทธ๋Ÿฐ ์”ฐ์ด ์—†๋Š”๋ฐ ๋กœ๊ทธ์ธ ํ•˜๊ณ  ๊ฑฐ๋ž˜ํ•˜๋Š” ๊ณ 
๊ฐ์˜ ์ˆ˜๋Š” ํ˜„์ €ํžˆ ์ค„์–ด๋“ญ๋‹ˆ๋‹ค. EV ์ธ์ฆ์„œ๊ฐ€ ๊ณ ๊ฐ์—๊ฒŒ ์ œ๊ณตํ•˜๋Š” alert ํšจ๊ณผ๋Š” ๋ณด์•ˆ๊ฒฝ๊ณ ์ฐฝ์— ๋ฒ„๊ธˆ๊ฐ‘๋‹ˆ๋‹ค.

skon

unread,
Apr 10, 2009, 4:24:12โ€ฏPM4/10/09
to open web
๋ฉฐ์น  ๋ณด์•ˆ ์ „๋ฌธ๊ฐ€ ๋ช‡๋ถ„์ด์„œ ๋ถ„๋…ธ์— ์ฐฌ ๋Œ“๊ธ€๋“ค์„ ๋‹ฌ์•„์ฃผ์…จ๋‹ค๊ฐ€ ์ด์   ํ•™์„ ๋•Œ์—ˆ๋‹ค๋Š” ์‹์œผ๋กœ ๋”์ด์ƒ ํ† ๋ก ์— ์ฐธ์—ฌํ•ด์ฃผ์ง€ ์•Š์œผ์…จ๋Š”๋ฐ...
๊ธฐ์ˆ ์ ์ธ ๋ถ€๋ถ„์—์„œ ๋ณด๋‹ค ์ œ๋Œ€๋กœ๋œ ๊ณต๋ถ€๊ฐ€ ํ•„์š”ํ•œ ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค.
ํ˜น์‹œ๋‚˜ ํ•˜๋Š” ๋งˆ์Œ์— ์ด๊ฒฝ๋ฌธ๋‹˜ ํ™ˆํŽ˜์ด์ง€(http://www.gilgil.co.kr)์— ์ฐพ์•„๊ฐ€์„œ ๊ธ€์„ ์‚ดํŽด๋ดค๋”๋‹ˆ ๋…ผ์˜๋œ ์–˜๊ธฐ๋“ค์ด ๊ธฐ
์ˆ ์ ์œผ๋กœ ์˜ค๋ฅ˜๊ฐ€ ๋งŽ๋‹ค๊ณ  ํ™ง๊น€์— ์“ฐ์‹  ๊ฑฐ ๊ฐ™๋”๊ตฐ์š”.. ํ‹€๋ ธ๋‹ค๋Š” ์–˜๊ธฐ๋งŒ ์“ฐ์—ฌ์žˆ์–ด์„œ ์•ˆํƒ€๊น์ง€๋งŒ ํ•ด๋‹นํ•˜๋Š” ๋ณด์•ˆ๋ฌธ์ œ๋Š” ์•Œ์•„์„œ ๊ณต๋ถ€ํ•ด๋ผ๋Š”
์‹์ธ ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค. (๋ฌผ๋ก  ์ „๋ฌธ๊ฐ€๋ถ„๋“ค์€ ํ•ด๋‹น ๊ธฐ์ˆ  ๋…ผ์˜๋ฅผ ์‚ดํŽด๋ณด๋Š” ๊ฒƒ์œผ๋กœ ๋ฌด์—‡์ด ๋ฌธ์ œ๊ณ  ์–ด๋–ป๊ฒŒ ๋Œ€์‘ํ•ด์•ผ ํ•ด๊ฒฐ์ฑ…์ด ๋˜๋Š”์ง€๋ฅผ ์•Œ ๊ฒƒ
๋ผ๊ณ  ์ƒ๊ฐํ•ฉ๋‹ˆ๋‹ค๋งŒ, ์ปดํ“จํ„ฐ์— ์–ด๋А์ •๋„ ๊ด€์‹ฌ์ด ์žˆ์—ˆ๋˜ ์ €์˜ ๊ฒฝ์šฐ์—๋„ ์‰ฝ๊ฒŒ ์•Œ๊ธฐ ์–ด๋ ต๋”๊ตฐ์š”..)

์›๋ž˜ ์˜คํ”ˆ์›น์˜ ์ทจ์ง€๋Š” ๊ตญ๋‚ด ์ธํ„ฐ๋„ท ํ™˜๊ฒฝ์— ๋Œ€ํ•œ ์ •์ฑ…์  ๋ฐฉํ–ฅ์„ฑ ์ œ์‹œ์™€ ๊ฐ์‹œ๋ผ๊ณ  ์ƒ๊ฐํ–ˆ์—ˆ์Šต๋‹ˆ๋‹ค๋งŒ, ๊ทธ๊ฐ„์˜ ์†Œ์†ก์œผ๋กœ ์ธํ•ด ๊ธฐ์ˆ ์  ๋Œ€
์•ˆ ์กฐ์ฐจ๋„ ์ œ์‹œํ•ด์•ผ๋˜๋Š” ์‚ฌํƒœ์— ์ง๋ฉดํ•˜๊ฒŒ ๋˜์—ˆ๊ตฐ์š”.. ์˜คํ”ˆ์›น ์ทจ์ง€์— ๋™์˜ํ•˜๋Š” ๋ณด์•ˆ์ „๋ฌธ๊ฐ€ ์˜์ž…ํ•ด์„œ ์˜คํ”ˆ์›น์˜ ๊ธฐ์ˆ ์  ๊ธฐ์ดˆ๋ฅผ ๋งˆ๋ จํ•ด์•ผ
ํ•  ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค. ๊ทธ๋ ‡์ง€ ์•Š๊ณ ์„œ๋Š” ํ˜„์žฌ์˜ ๋ถˆ๋งŒ์— ๊ฐ€๋“์ฐฌ ๋ณด์•ˆ์ „๋ฌธ๊ฐ€์™€๋Š” ์ ์ ๋” ์ฒ™์„ ์ง€๊ฒŒ ๋˜๊ธฐ๋งŒ ํ•  ๊ฒƒ ๊ฐ™๊ตฐ์š”..

์ „๋ฌธ๊ฐ€๋„ ์•„๋‹Œ ์˜คํ”ˆ์›น์—์„œ ์™œ ๊ธฐ์ˆ ์ ์œผ๋กœ ์™„๋น„๋œ ๊ฒฐ๊ณผ๋ฌผ์„ ์ œ์‹œํ•ด์•ผํ•˜๋Š”์ง€๋Š” ๋ชจ๋ฅด๊ฒ ์ง€๋งŒ...
์•ˆํƒ€๊น์Šต๋‹ˆ๋‹ค.

Matt Oh

unread,
Apr 10, 2009, 4:35:47โ€ฏPM4/10/09
to open...@googlegroups.com
์•„ skon๋‹˜ ์˜คํ”ˆ์›น์— ์™„๋น„๋œ ๋Œ€์•ˆ์ฑ…์„ ์ œ์‹œํ•˜๋ผ๊ณ  ์ฃผ์žฅํ•˜๋Š” ๊ฒƒ์€ ์•„๋‹ˆ๊ตฌ์š”.
ย 
๋‹ค๋งŒ ๊ธฐ์กด์— ๋ช‡๊ฐ€์ง€ ์˜คํ•ด๋ฅผ ๋ฐ”๋กœ ์žก์•„ ์ฃผ๋ ค๋Š” ์‹œ๋„๋กœ ์‹œ์ž‘ ๋œ ๊ฒƒ์ด์—ˆ์Šต๋‹ˆ๋‹ค.
๊ทธ ๊ณผ์ •์—์„œ ๋ถˆ๋ฏธ์Šค๋Ÿฌ์šด ์ผ๋“ค์ด ์žˆ์—ˆ๊ณ  ๊ทธ ๋ถ€๋ถ„์€ ๊ต์ˆ˜๋‹˜๋„ ์ž˜๋ชป์„ ์ธ์ •ํ•œ ๋ถ€๋ถ„๋„ ์žˆ๊ณ  ๋‹น์‚ฌ์ž๋“ค์˜ ์‚ฌ๊ณผ์™€ ์ดํ•ด๋กœ ๋„˜์–ด ๊ฐ”์Šต๋‹ˆ๋‹ค. ๋‹ค๋งŒ ์•„์ง๋„ ์ด์ „์— ์˜คํ”ˆ์›น์˜ ๊ฐ•๊ฒฝํ•˜๊ฒŒ ๋ณด์•ˆ ์—…์ฒด์™€ ์ „๋ฌธ๊ฐ€๋ฅผ ๋น„๋‚œํ•˜๋˜ ๋ชฉ์†Œ๋ฆฌ์— ์ƒ์ฒ˜๋ฅผ ๋ฐ›์œผ์‹  ๋ถ„๋“ค์ด ๋งŽ๋‹ค๋ผ๋Š” ๊ฒƒ์ด ๋ฌธ์ œ์ž…๋‹ˆ๋‹ค. ์ด ๋ถ€๋ถ„์€ ์‹œ๊ฐ„์ด ๊ฑธ๋ฆฌ๋Š” ๋ฌธ์ œ์ž…๋‹ˆ๋‹ค.
ย 
ํ•˜์ง€๋งŒ ์˜คํ”ˆ์›น์— ์šฐํ˜ธ์ ์ธ ๋ณด์•ˆ ์ „๋ฌธ๊ฐ€๋“ค๋„ ๊ฝค ๋˜์‹ญ๋‹ˆ๋‹ค. ์—ฌ๊ธฐ์— ์ ์–ด๋„ ๋Œ“๊ธ€์„ ๋‹ค์‹œ๋Š” ๋ถ„๋“ค์€ ๊ทธ๋ž˜๋„ ์˜คํ”ˆ์›น์— ๋Œ€ํ•œ ์• ์ •์ด ๋‚จ์•„ ์žˆ๋Š” ๋ถ„๋“ค์ด๊ตฌ์š”.
ย 
ํ•˜์ง€๋งŒ ์ €๋Š” ๊ฐœ์ธ์ ์œผ๋กœ ์˜คํ”ˆ์›น์—์„œ ๊ธฐ์ˆ ์ ์ธ ๋Œ€์•ˆ์„ ์ œ์‹œํ•ด์•ผ ํ•œ๋‹ค๊ณ  ์ƒ๊ฐํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค. ๋‹ค๋งŒ, ์–ด๋– ํ•œ ์ด์ƒ์ ์ธ ์ƒํ™ฉ์— ๋Œ€ํ•œ ์ฃผ์žฅ์ด ๊ธฐ์ˆ ์ ์œผ๋กœ ์‹คํ˜„์ด ์–ด๋ ต๊ฑฐ๋‚˜ ํ•œ ๊ฒฝ์šฐ๊ฐ€ ์žˆ๋‹ค๋ผ๋Š” ๊ฒƒ์ด์ฃ . ๊ทธ๋ฆฌ๊ณ  ์€ํ–‰๊ถŒ ๋ฌธ์ œ๋Š” ์€ํ–‰์ด ์•Œ์•„์„œ ํŒ๋‹จํ•  ๋ฌธ์ œ์ด์ง€๋งŒ ๊ทธ๋ƒฅ ์—ฌ๊ธฐ์—์„œ ๊ธฐ์ˆ ์ ์œผ๋กœ ํ† ๋ก ํ•ด ๋ณด๋Š” ๊ฒƒ์€ ์˜๋ฏธ๊ฐ€ ์žˆ๋‹ค๊ณ  ๋ด…๋‹ˆ๋‹ค. ์ด์ƒ์€ ์˜คํ”ˆ์›น์ด์ง€๋งŒ ํ˜„์‹ค์€ ๋‚˜์œ ๊ณต๊ฒฉ์ž๋“ค์ด ๋“์‹ค๋Œ€๋Š” ์„ธ์ƒ์ด๋‹ˆ๊นŒ์š”. ๊ธฐ์กด์— ์€ํ–‰๊ถŒ์˜ ์„œ๋น„์Šค์— ๋Œ€ํ•ด์„œ ๊ฐœ์„ ์„ ์š”๊ตฌํ•˜๋Š” ๋‚ด์šฉ์„ ์ •๋ฆฌํ•ด์„œ ์š”๊ตฌํ•ด ๋ณผ ์ˆ˜๋„ ์žˆ๊ตฌ์š”.
2009/4/10 skon <skon...@gmail.com>



--
-matt
Message has been deleted

์ • ํƒœ์˜

unread,
Apr 11, 2009, 3:32:09โ€ฏPM4/11/09
to open...@googlegroups.com
์•„๋ž˜ ๋‚ด์šฉ์„ ํ™•์ธํ•˜๊ธฐ ์œ„ํ•ด daum์— ๋กœ๊ทธ์ธ์„ ํ•ด๋ณด์•˜๋Š”๋ฐ, ์ด๊ฒŒ ๋ธŒ๋ผ์šฐ์ ธ๋งˆ๋‹ค
๊ฐ•์กฐํ•ด์ฃผ๋Š” ์ •๋„๊ฐ€ ๋‹ค๋ฆ…๋‹ˆ๋‹ค. ์ผ๋ก€๋กœ ์‚ฌํŒŒ๋ฆฌ์—์„œ๋Š” ํ•ด๋‹น ๋‚ด์šฉ์ด ์žˆ๋‹ค๋Š” ๊ฒƒ์„
์•Œ๊ณ  ์ฐพ์•„๋ณด๊ธฐ ์ „์—๋Š” ์‰ฝ๊ฒŒ ๋ˆˆ์— ๋„์งˆ ์•Š์Šต๋‹ˆ๋‹ค.

๋ญ ์–ด์จŒ๊ฑฐ๋‚˜ ์ง€๊ธˆ๊นŒ์ง€ ๋‚˜์™”๋˜ ๋ณด์•ˆ ๋ฌธ์ œ์— ๋Œ€ํ•œ ๋‚ด์šฉ์„ ์กฐ๊ธˆ ์ •๋ฆฌํ•ด๋ดค์Šต๋‹ˆ๋‹ค.

http://b.mytears.org/2009/04/1936

์•„๋ž˜ ์Šฌ๋ผ์ด๋“œ์— ์žˆ๋Š” ๋‚ด์šฉ์„ ๋งŽ์ด ์ฐธ๊ณ ํ–ˆ๋Š”๋ฐ, ํ˜น์‹œ ์ œ๊ฐ€ ์ž˜๋ชป ์ดํ•ดํ•œ ๊ฒŒ ์žˆ
๋‹ค๋ฉด ์ง€์  ๋ถ€ํƒ๋“œ๋ฆฝ๋‹ˆ๋‹ค.

https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf



2009. 04. 10, ์˜คํ›„ 11:45, youknowit ์ž‘์„ฑ:

> EV ์ธ์ฆ์„œ๊ฐ€ ๊ณ ๊ฐ์—๊ฒŒ ์ œ๊ณตํ•˜๋Š” alert ํšจ๊ณผ๋Š” ๋ณด์•ˆ๊ฒฝ๊ณ ์ฐฝ์— ๋ฒ„๊ธˆ๊ฐ‘๋‹ˆ๋‹ค.

Reply all
Reply to author
Forward
0 new messages