Slashdot Mirror
When Is a Self-Signed SSL Certificate Acceptable?
UltraLoser writes "When is it acceptable to encourage users to accept a self-signed SSL cert? Recently the staff of a certain Web site turned on optional SSL with a self-signed and domain-mismatched certificate for its users and encourages them to add an exception for this certificate. Their defense is that it is just as secure as one signed by a commercial CA; and because their site exists for the distribution of copyrighted material the staff do not want to have their personal information in the hands of a CA. In their situation is it acceptable to encourage users to trust this certificate or is this giving users a false sense of security?"
Am I saying something stupid or aren't company like Verisign providing a good way of preventing people doing man in the middle attacks on SSL ? Agreed, it is far from perfect, but with a self-signed certificate, what is to prevent a clever sysadmin to do mitm attacks ?
The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
I don't know of any instances of SSL certificates being subverted in the way described by the GP, but there are instances of phishing sites using correct-looking certificates, such as http://blog.washingtonpost.com/securityfix/2006/02/the_new_face_of_phishing_1.html
"By what other method do you suggest that I prove to my satisfaction that when I go to www.mybank.com.au that I am actually at mybank's website"
Not very easily, but you can use two factor authentication to make sure that even if scammers find out the static username, password, and whatever, it's useless without a second bit of information generated by an electronic device. So the device generates a pin number which is based on time, or generated in a sequence. I have used Cryptocards in the past - they can generate a 7 digit pin number which is valid for one time only - the server knows the order that the card should generate the pin and it can be easily tied into existing infrastructure using by authing using RADIUS. Some UK banks have sent out devices which you need to insert the debit card into in order to generate the code. It's far less likely that the scammer is going to have the debit card, *and* the electronic device, *and* the static username/password.
My bank txts a one time authentication code to my phone for any transaction that involves money leaving my accounts (transfers, setting up direct debits, etc). I've always considered it an elegant solution, not foolproof, but few systems are.
While at DEFCON working the Wall of Sheep one year we discovered that someone had setup a WEB site on the network to bet on the outcomes of the hacking contest - they used a self signed SSL cert. Now some people, being paranoid on a VERY hostile network, turned down this certificate and promptly created\used the WEB site sans SSL - exposing their creds clear text. We promptly snarfed these and posted them on The Wall. 0wned!
All they had to do was accept the cert and they would have been protected. But I guess since seeing that pop-up was out of the ordinary and being on a network that was so nasty they thought they would play it safe and say NO, how stupid....
Build it, Drive it, Improve it! Hybridz.org
I figured that would probably happen, but i'd never actually seen it. I don't make a habit of deliberately visiting phishing sites though.
I've not seen a bank do it, but these guys do, which I think is just insane, especially seeing as in all other respects (apart from price) they are an excellent domain registrar. Click the login link in the top left and you'll be presented with a non-https page with a username and password on it. I've emailed them about it but they just don't get it. Idiots.
I've stopped using MelbourneIT for new registrations on that basis. I suggest you do the same.
There's one problem:
Wachovia tells their users to enter their credentials on the unsecured front page, which then submits to a secure script processing said credentials.
What you might be forgetting: What if I set up interception on my shared WiFi (or somewhere at the backbone of the hypothetical ISP I might be working for) to grab all HTTP requests for / going to r3wec01.wachovia.com and add a tiny bit of JavaScript that, in addition to the page working as it usually does, posts all keypresses to a script of my choosing?
Without access to WB's certificate, I couldn't do that on a properly secured HTTPS site. Thanks to unencrypted HTTP, it's pretty trivial.
But that's nonsense. I have been robbed by the SSL certificate companies so that my shopping cart page would not flag any browser warnings. I paid my money and had the certificate the next day. They didn't contact me by phone or snail mail. The most they could've done is verified that the business name I gave them was an actual business--but there's no way they could have verified that I was authorized to request a certificate on behalf of the company.
In short, the whole idea that SSL certificates come anywhere close to proving that a website is who it says it is is nonsense. Only a fool would trust that to be true.
SSL certificates are organized theft and are a racket.