Slashdot Mirror

← Back to Stories (view on slashdot.org)

Phony Web Certs Issued For Google, Yahoo, Skype

Posted by samzenpus on from the bad-apples dept.

Gunkerty Jeb writes "A major issuer of secure socket layer (SSL) certificates acknowledged on Wednesday that it had issued 9 fraudulent SSL certificates to seven Web domains, including those for Google.com, Yahoo.com and Skype.com following a security compromise at an affiliate firm. The attack originated from an IP address in Iran, according to a statement from Comodo Inc."

26 of 151 comments (clear)

  1. Firefox/IE patches released,Comodo incident report by Anonymous Coward · · Score: 5, Informative

    Comodo’s advisory:

    http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html

    Firefox released 3.6.16 yesterday:

    http://www.mozilla.com/en-US/firefox/3.6.16/releasenotes/

    Microsoft released an advisory and patch yesterday:

    Advisory: http://www.microsoft.com/technet/security/advisory/2524375.mspx

    Patch: http://support.microsoft.com/kb/2524375

  2. Patches? by oneiros27 · · Score: 2

    The Mozilla Foundation, Microsoft, Google and other firms rushed out patches to their Web browsers on Tuesday to block the fraudulent SSL certificates. In an incident report filed on March 15, Comodo said the nine certificates were issued to seven domains, but that no attacks using the certificates had been seen in the wild.

    What, they don't support revocation lists already? This should be a non-issue, once someone realized it happened.

    --
    Build it, and they will come^Hplain.
    1. Re:Patches? by julesh · · Score: 4, Informative

      What, they don't support revocation lists already?

      Firefox, to take an example, supports offline revocation lists (i.e. imported from files) or Online Certificate Status Protocol for automatically verifying certificates. Both of these are optional, although OCSP is enabled by default for certificates that specify an OCSP server in their details. Comodo do use OCSP, so this should be dealt with automatically for most firefox users. However, some may have disabled OCSP, and for these a CRL must be installed to revoke the certificates. The easiest way to persuade people to do this is by pushing a patch that contains it.

    2. Re:Patches? by blacklint · · Score: 2

      You do know that SSL certificates are used by things other than browsers and for things other than HTTPS, right? The operating system keeps a list of valid root certificates so all applications can use them, not just IE. Or would you rather every application needs to know how to validate certificates on its own?

      It's the equivalent of updating ca-certificates on Debian based systems. Which I'm really surprised hasn't happened as far as I can tell, even with the warning "Please note that certificate authorities whose certificates are included in this package are not in any way audited for trustworthiness and RFC 3647 compliance, and that full responsibility to assess them belongs to the local system administrator."

  3. Re:Better Internet for Everybody by zach_the_lizard · · Score: 3, Informative

    Yeah! We should ban such third world hellholes as the United States, Japan, Canada, Italy, Germany and the United Kingdom! They are all in the top 10 for spamming, according to Spamhaus. The others are China, Russia, Brazil, and Argentina.

    --
    SSC
  4. CRLs? by hawguy · · Score: 4, Insightful

    The article says that browser makers rushed to put out patches to blacklist the fraudulent certs. Isn't this what certificate revocation lists are for? Are CRLs completely broken and unused?

    1. Re:CRLs? by Anonymous Coward · · Score: 5, Informative

      Are CRLs completely broken and unused?

      Yes, they are.

    2. Re:CRLs? by hey! · · Score: 2

      Well, that's interesting, but not quite the same as saying that CRLs are broken. It just means you have to have reasonable expectations, which is where people often screw up. You can't expect a browser to check a certificate against a CRL if it can't access the CRL, but the when the browser *can* access the CRL it provides a useful service.

      If the browser can't reach the certificate server to check against the list, there's no ideal policy to choose. You don't want the certificate servers to be a single point of failure from which a massive denial of service could be launched. But you don't want to have the problem to be totally ignored, as with IE. You'd want to give a user who was sufficiently paranoid a chance to not trust the suspect certificate.

      Again, speaking of reasonable expectations, you can't expect most users to know what to do with a warning that the certificate can't be checked against the CRL, therefore the browsers must be patched. But an unpatched browser *should* tell the user the certificate is no good if it *can* check the CRL, and that's a good thing.

      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  5. no big deal by Anonymous Coward · · Score: 4, Interesting

    Your browser already trusts a certificate authority run by the Chinese government, along with one that delegated authority to them.

    Your browser also trusts certificate authorities in Africa, *stan countries, and the non-EU portion of Eastern Europe. How many of these could be bribed or coerced if you knew the right people or worked for a random 3rd-world government?

    Really, the lock/key icon and colored URL box are totally misleading. You have almost no security. Given the rotten certificate authority situation, failing to accept self-signed and expired certificates is actually a loss for security. You might as well get encryption against a passive attacker. Pretending to be secure against active attackers is just providing a false sense of security.

  6. Re:Well by poetmatt · · Score: 2

    Uh, you're kinda behind. IE and Firefox have already been patched, no doubt chrome too.

  7. Things You Can Do On Your Own by Jah-Wren+Ryel · · Score: 4, Informative

    Neither of these are perfect, but here are two different firefox add-ons that can significantly reduce the chance of you falling victim to a compromised certificate authority:

    Network Notary - sort of crowd-sourcing approach
    Certificate Patrol - remembers the certs of sites you've visited in the past and tells you when they change

    --
    When information is power, privacy is freedom.
  8. Re:Firefox/IE patches released,Comodo incident rep by kbrosnan · · Score: 3, Informative

    Current releases of 3.6, 4.0 and 3.5 have the fix for this problem
    http://www.mozilla.org/security/announce/2011/mfsa2011-11.html
    http://blog.mozilla.com/security/2011/03/22/firefox-blocking-fraudulent-certificates/

    --
    These people look deep within my soul and assign me a number based upon the order I joined. -Homer Simpson
  9. Re:Better Internet for Everybody by Anonymous Coward · · Score: 2, Insightful

    Wow, broken clocks are right twice a day it seems.

  10. And the CAs do ... what again? by DriedClexler · · Score: 4, Insightful

    If I'm paying the CA to certify that public key X really is mine, and yet someone who's not me can get the same certification from the CA for being me ... what was I paying for again?

    RSA =/= rubber stamp authority

    --
    Information theory is life. The rest is just the KL divergence.
    1. Re:And the CAs do ... what again? by Sancho · · Score: 2

      The fact is that 99.999% of sites do NOT need rigorous identity checks, but 100% of all websites SHOULD use encryption.

      Fun with shell scripts: ShellScriptGames.com [shellscriptgames.com]

      FYI, your URL doesn't do https, and if I put https in front of it, I go to a different page.

    2. Re:And the CAs do ... what again? by Pinky's+Brain · · Score: 3, Informative

      Shouldn't be much longer ...

      http://datatracker.ietf.org/doc/draft-ietf-dane-protocol/?include_text=1

      Well unless the CA's pay off Mozilla/Microsoft/Apple not to implement it.

    3. Re:And the CAs do ... what again? by dgatwood · · Score: 3, Insightful

      Are you saying that SSH is not useful? Read my post again.

      should be treated as a production cert, but with permanent memorization.

      Emphasis mine. Yes, it is vulnerable to a man-in-the-middle attack. Exactly once. After you've made one connection, you're safe to connect to that particular host forever and ever... unless and until somebody legitimately has to change keys and certs without signing the new one with the same CA cert. At that point, you're unsafe one more time (and, hopefully, suspicious about the competence of the site's admins by this point).

      And if you connect to the site, then take your computer to a different network and make the connection again and don't get screamed at (because the host key has changed), you can pretty much feel confident that you aren't getting hit by a man-in-the middle attack unless your computer is thoroughly 0wn3d, in which case it really doesn't matter if the traffic is encrypted because your keystrokes are probably being sniffed anyway. :-)

      --

      Check out my sci-fi/humor trilogy at PatriotsBooks.

    4. Re:And the CAs do ... what again? by Pinky's+Brain · · Score: 2

      You can always make it the default ... so the first time a CA only certified website is shown ask "Do you want to add an exception for this website (if the certificate changes you will have to renew this exception) or a general exception to accept CA certifications to authenticate websites?" with some explanation that the last option is relatively safe, and will require no future user input, but websites which hash their certificates using DNSSEC are safer.

      A gentle push in the right direction.

  11. Re:Better Internet for Everybody by overlordofmu · · Score: 2

    Citation, please?

  12. Re:Why doesn't every website use HTTPS? by heypete · · Score: 2

    Because an uncommon, widely-publicized, already-fixed incident that affects a very small number of sites is somehow worse than the status quo, where there's no validation of sites, no assurance of a lack of tampering of data in transit, or of illicit interception of data, right?

  13. Iran? by Wolfling1 · · Score: 2

    Don't they mean "The last proxy they were able to tracert to was in Iran"?

  14. I think by fireylord · · Score: 2

    That I hear a whoosh there. Maybe its that big group of birds up above? I think that they're seagulls ;)

  15. Re:Better Internet for Everybody by IDIIAMOTS · · Score: 2

    http://www.spamhaus.org/statistics/countries.lasso

  16. Re:Why doesn't every website use HTTPS? by heypete · · Score: 4, Interesting

    That's exactly what SSL is for. What you're thinking of is the key distribution. If you don't know who's signing the keys, then SSL cannot help you.

    Fair enough.

    My point was that CAs rarely mistakenly sign keys for fraudulent entities. Has it happened? Absolutely. Is it common? No. With EV certs becoming more popular for big-name sites (e.g. banks and the like), users can have a reasonable confidence in that the site they're visiting is legitimate. Non-EV certs provide a more modest assurance. Non-SSL sites offer essentially no assurance, which is the current situation for most sites.

    In short, using even an occasionally-flawed system like the current SSL infrastructure is far better than not using anything at all, which is what's currently going on.

    (Ever looked at how many "trusted" CA's your browser includes by default? Are you familiar enough with even 10% of them to trust them for this role?)

    Yes, I've looked at the list. Rather than prune it of CAs that I may consider to be bad (they do, after all, have to undergo audits and the like to be added to the major browser lists), I make it a habit to always hover over the Firefox SSL indicator (which then displays the name of the CA) when I visit an SSL-secured site, and make sure it's a reasonable CA (e.g. one in North America or Western Europe for essentially all the sites I visit) for the site. I also have the Certificate Patrol plugin to detect spoofing.

    Of course, the average user doesn't do anywhere near this much checking (which admittedly isn't much). However, I stand by my above point that even with its flaws, using SSL on everything (or at least more things) is far better than keeping things they way they are now.

  17. Why not move CRL into DNS? by mcrbids · · Score: 2

    Why should we be trusting some dis-interested third party to give us that assurance? It's a loser's game! Certificate vendors are in a price war. They don't get paid extra for "going the mile" to confirm your identity, they get paid extra for processing more applications faster and charging 10% less than the other guy. The actual cost of the certificate is too cheap to measure - a couple of used PCs bought on Ebay and a free copy of Linux could probably satisfy most of the global need for certificates. They don't need to be "super certain" they only need to be "reasonably certain", enough to not get sued, and still pass a SAS-70 audit by yet another, disinterested accountancy firm.

    Are you feeling confident yet?

    In a very real sense, the thing that asserts the IP address of your domain is your DNS server. It's what declares, to the world, where your server is. Since it's the declarative source, why shouldn't it be the confirmational one, as well?

    DNSSEC comes close. With DNSSEC you can confirm with certificates and the "chain of trust" that the answer you have came from the DNS server you thought you were asking for the answer from. Now, just one more step: the certificate for the web server should be generated by the trusted DNS server.

    It's no assurance that www.screwmebadly.com is a friendly site, but it is a very effective assurance that you are properly connected to www.screwmebadly.com!

    --
    I have no problem with your religion until you decide it's reason to deprive others of the truth.
  18. Re:Well by petermgreen · · Score: 2

    Also given that we know how easy it is for goverments to coerce large buisnesses even in countries that supposedly have checks and balances you can basically assume that the goverment of any country with a recognised CA in it can get a cert to use to MITM your traffic.

    --
    note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register