COMMAND

	Internet Explorer abusive SSL certificate trusting

SYSTEMS AFFECTED

	All current versions

PROBLEM

	0x90 [http://www.invisiblenet.net] found following, regarding SSL  issue
	in Internet explorer :
	

	The reason for the ssl issue in Microsoft\'s IE browser is because  when
	requestsing an
	

	<img src=\"https://website.com/doesnotexist.gif\" width=1 height=1>

	

	before going to the page, it has chosen to  not  question  the  cert  at
	that point either, because of the embedded object in  the  source  code.
	Even if the embedded object does not exist, it  will  still  trust  from
	that point on. This is a small and stupid bug on IE\'s part, and  is  an
	easy fix, the question of why it isn\'t is really a microsoft issue.
	

	This can easily be exploitable by the Man in  the  Middle/replay  attack
	as Eve can request the img src in midstream upon  Alice\'s  request  for
	cert, then send a signed but not valid to  the  host\'s  cert,  allowing
	Eve to handle the trusting before Alice is even notified.
	

	A proof of concept for your browser checking is here
	

	http://ssltest.invisiblenet.net

	

SOLUTION

	until fixed, I advise everyone to check all certs if using IE, and  even
	if not, don\'t click yes on impulse. This is not a  likely  attack  from
	kiddiez or hackers, but the powers above us can easily exploit this,  or
	the nearest network administrator on your corporate network :)