"Well, I certainly managed to kick over a hornet's nest with my
article "The End of SSL and SSH?". There were quite a few points I
did not cover in the article, many I did not think of, and some I
trimmed. This article will cover the reaction to SSL and SSH being
"dead", as well as numerous implementation issues I did not cover.
The real issue is that technology cannot solve problems completely.
Anytime you put a new solution in you breed new problems. This of
course assumes you installed and are maintaining the new solution
correctly in the first place. Vendors ships SSL and SSH, you turn
it on, it works. Unfortunately most people feel that they are then
done and move on to other problems, this is far from the truth.
Both SSL and SSH have numerous avenues an attacker can take, many
of these rely on the end user to make the right decision or have a
secure system, meaning a user can shoot themselves in the foot with
incredible ease. Pretty much any cryptographic "solution" requires
a degree of maintenance and continued attention."
"Vendors ship server software such as SSL enabled web servers
but do little to make sure that users create certificates properly
or store them properly. While almost all webservers support PEM
(Privacy Enhanced Mail) encoded certificates relatively few people
use them since you must enter a passphrase every time you start the
server, making it impractical for many such as virtual web hosting
companies with dozens, hundreds or even thousands of sites. These
certificates can also be retrieved from the memory of the server,
this was found to be quite a bit easier then originally thought. On
the client side we have web browsers with over a hundred
certificates (I counted the root certificates in Internet Explorer
5.5 and it came to 120 root certificates). If any one of these
certificates is compromised an attacker would be able to create and
sign certificates for any name they wished to, making setup of fake
sites trivial. Attackers can easily present users with a new root
certificate and many users would inadvertently install, again
allowing an attacker to create arbitrary certificates. You can also
modify the certificate store with relative ease, since Windows 9x
has no file or registry permissions and the default settings in NT
are quite promiscuous this is relatively easy. The number of
potential paths an attacker can take to get a root certificate into
a users webbrowser are numerous and generally speaking quite weak,
most depend on the user to make the right decision, or have secured
their system properly, something that is relatively rare."