Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: World’s best cryptography brains behind Flame spy virus

21 Sep 2012   #1

Windows 7 Ultimate x64
World’s best cryptography brains behind Flame spy virus

Guys have a read on this

The spy malware Flame used bogus Microsoft certificates to infect new computers, a prominent cybersecurity expert says. The science needed to pull the trick probably required some of the world’s best knowledge of cryptography.
The virus, which spread across the Middle East and particularly Iran, can mask itself as legitimate patches distributed through a Windows Update, reports Marc Stevens from the Centrum Wiskunde & Informatica (CWI) in Amsterdam.
It does so by providing a fake digital certificate, stating that the malware is a code originating from a trusted producer, which appears to have been issued by Microsoft itself.
Obtaining such a fraudulent certificate required a so-called chosen-prefix collision attack. It’s an attack targeting a specific cybersecurity algorithm called Message-Digest algorithm 5, or MD5. MD5 basically takes a piece of data and turns it into a unique digital fingerprint called a hash.
The important feature of a hash is that it cannot be used to reverse-engineer the original data, so, for instance, a database of password hashes cannot be used to establish the passwords, but can be used to match a password to its hash and verify it. Hash functions are vital to online commerce, safe file distribution and other important parts of cyber infrastructure.
A malign party would want to find a way to find pairs of data, which would generate identical hashes, called a collision. A criminal using hash collisions may intercept communication and act as a middle man, eavesdropping on the exchange or modifying it as he pleases.
For MD5, which was developed in the early 1990s, a way to perform such an attack was first theorized in 2004, although it was deemed impractical by the cybersecurity community. In 2008, Stevens and his group managed to improve on the method and construct a rogue Certification Authority, a body with the authority to issue digital certificates.
The demonstrated vulnerability of MD5 prompted national governments and IT leaders to speed up the shift to better and more secure hash functions. In June 2009, Stevens made public how exactly he and his team performed the attack, assuring that this would not compromise the Internet.
But apparently Microsoft failed to disallow D5-based signatures in their Terminal Server Licensing Service (TSLS), and the authors of the Flame virus made use of this, executing a collision attack in February 2010, Stevens speculates in a statement. The result of this attack was a code-signing certificate appearing to be from Microsoft that may be used to sign Windows Updates. Stevens discovered that the attack took place using custom-made software his team created for their cryptography research.
More interestingly, the Flame collision attack is an entirely new and unknown variant, not the one Stevens used. He adds that the method used by Flame’s coders was already in development before June 2009, when he and his colleagues revealed their take on the problem. “This has led to our conclusion that the design of Flame is partly based on world-class cryptanalysis,” Stevens says.
The Flame virus was used by unidentified perpetrators for a massive espionage operation in the Middle East, which lasted for at least two years. It was first reported in late May. Some cybersecurity experts judged that the level of sophistication evident in the malware shows nation-state-level backing was needed to create it.

Have your opinion on this ....
My System SpecsSystem Spec

Thread Tools

Similar help and support threads
Thread Forum
Find Out What Famous Brains Are Most Like Yours
Map Your Mind - Whose #BRAINCHILD are you? | Mic My results....
Chillout Room
Flame virus no longer here
I think we are now safe :D, i updated my computer and no flame virus here, so look this too: Flame virus wiped from computers by suicide command - Technology & Science - CBC News
System Security
Flame virus
Is there a way to remove the "Flame virus"? I not have it on my computer but i think theres a patch for it but the flame can block the patch downloading.
System Security
For big brains only
I couldn't think of a title so here goes: I have 5 computers on the network. I have 2 computers with Windows 7 and 1 Vista on Ethernet. 2 computers wireless. One of the wirelesses (Vista laptop) can get on the Internet with Ethernet and can also get on wireless on someone else’s wireless...
Network & Sharing
Can I pick your brains on a new ssd with slow performance
Hi guys/gals I received a brand new corsair F120 today together with a xfx 850pro psu and thermaltake frio for my father in laws PC. The rest of the spec is - i7 860 Asus P7P55D-E 4gb G.skill ripjaws 1600 HD 6870
Hardware & Devices
Microsoft Big Brains: Butler Lampson.
Source - Microsoft Big Brains: Butler Lampson | All about Microsoft |

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 09:20.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App