Slashdot Mirror
Another CA Issues False Certificates To Iran
arglebargle_xiv writes "Following on from Comodogate, we have another public CA issuing genuine false certificates to Iran, this time for Google. There's speculation that it's a MITM by the Iranian government, but given the existing record of CAs ready to sell certs to anyone whose check clears, it could just be another Comodogate." Another (anonymous) reader says, "What might be worrying is that the CA behind the forgery is the official supplier of most Dutch Government certificates, diginotar.nl. They are supposed to be very stringent in their application process. As a Dutchman, I'm very interested to see how this one plays out."
Adds Trailrunner7: "The attack appears to have been targeting Gmail users specifically. Some users trying to reach the Gmail servers over HTTPS found that their traffic was being rerouted through servers that shouldn't have been part of the equation. On Monday afternoon, security researcher Moxie Marlinspike checked the signatures on the certificate for the suspicious server, which had been posted to Pastebin and elsewhere on the Web, and found that the certificate was in fact valid. The attack is especially problematic because the certificate is a wildcard cert, meaning it is valid for any of Google's domains that use SSL."
Any CA that can't implement sufficient controls to prevent such shenanigans, should not be a CA in the first place. Needless to say i've changed my browser and OS settings to distrust the CA. I expect a serious explanation shortly, and short of some unusually extreme extenuating circumstances, I think all browser vendors and OS vendors should evict the CA immediately, to make an example of them.
I am curious though.... did the CA fail to implement its CA CPSs, or did its Certification practice statement actually have a hole where such a thing could happen?
I'm beginning to think some variation of Marlinspike's distributed notary system may actually be the way to go. This just can't be allowed to happen, given the importance of internet communication nowadays. If the CAs can't prevent this, it's time to find an alternative.
#DeleteChrome
There are so many CAs built into Firefox and other browsers, it'd be easier to create a list of the companies/individuals that aren't authorized to issue certs. Why haven't we moved the certificates into DNS and encrypted the whole mess yet?
Security people have since forever warned the rest of the world against the risks of blindly trusting centralized/hierarchical trust schemes. It's not the first time this happens. It won't be the last. And while standard practices remain as they currently are, we're all in the hands of whoever's got money and power, and governments tend to have a lot of both. Most of you might not care much about this since you probably live in places with decent governments*, but it's a real concern for an enormous portion of the world's population.
*IN RELATIVE TERMS. I know many of the governments of the "free world" are guilty of all manners of despicable privacy violations with all manners of awful consequences, but please don't even attempt to compare these issues to the sorts of oppression that happen in full-blown totalitarian regimes.
The idea behind the "Stringent SSL verification process" is that customers will pay a brand-name-trusted CA company to verify the SSL request is from who they claim to be.
Even at *TEN THOUSAND* USD/EUR/GBP/etc per fake certificate, the price is too good for countries like Iran, China, etc for engaging in MITM attacks.
The whole process is a scam outright....
Money.
It actually works slightly better than a wrench, and is more reliable than stupidity.
Maybe if you have gold-plated wrenches...if you have gold-plated wenches, you end up with a James Bond movie.
Surely, if any a fraudulent certificate evert shows up, then the public keys for the issuing CA should be instantly removed? Even if they are Verisign themselves, if a fraudulent certificate exists, then trust is lost, and they cannot remain.
Prediction for end of Universe #42: Fencepost error in Quantum_bogosort.cpp
to "going Dutch"?
The only thing I find surprising is that stories like this are not more common. Various government agencies all over the world have been using fake certificates literally for years. Those are usually targeted at specific individuals being under surveillance so those are one-time stunts, limited in time and in network visibility, but all of those certificates in order to be useful have to be issued by certification authorities that are in the trust chain of the popular web browsers (Firefox, Chrome, Explorer, Safari, Opera). The problem with SSL/TLS certificates is that any certification authority from any country can issue a certificate for any domain, and they do occasionally. Most of those certificates are used only few times so they don't get any attention but sometimes they do. The trust model in SSL/TLS is fundamentally flawed and I agree with Dan Kaminsky and Bruce Schneier that we have to completely abandon it in favour of a trust model based on a secure DNS system, where there is only one authoritative source of cryptographic certificate for any given domain, instead of thousands like we have today. I have been telling this for years and I can only hope that people will eventually wake up and listen after stories like this one.
Karma: Positive (probably because of superiour intellect)
Another reason to take a good, long look at Moxie Marlinspike's Convergence system. Basically, it does away with CAs in favor of a trusted and anonymous notary-based system.
.(a really great talk, as always).
See him speak about it at BlackHat USA 2011 here
Read about it here
The official Convergence website (http://convergence.io/). The plugin (AFAIK) is not compatible with FF 6 yet.
Chance favors the prepared mind.
Perfect is the enemy of good.
" If you can dodge a wrench, you can dodge a ball."
Patches O'Houlihan
"No fear. No envy. No meanness." Liam Clancy
It's the only way to be sure.
So, besides more Californias (CAs) offering more martinis-in-the-morning (MITMs) to confuse more octogenarians/septuagenarians (OSs), what does the Chicago Public School System (CPS) have to do with anything? Or is this one of those "hacker" things I've heard so much about?
"Timothy", dutchman, learn to write in English.
Fuck systemd. Fuck Redhat. Fuck Soylent, too. Wait, scratch the last one.
Did anyone really assume that SSL certs were legit? YOU'RE BUYING THEM - someone will always sell them to you. Suddenly self-signed, homebrew certs aren't so bad anymore are they?
I want to delete my account but Slashdot doesn't allow it.
What's the problem? Isn't the market supposed to take care of businesses who behave like this? There's no problem here. I can't see how this is any illustration of why regulating private business behavior is necessary in many cases.
I just looked through the bug report listed; at the end two very interesting comments:
So it seems Mozilla is basically going to blacklist that CA. I think that's an appropriate response: the CA has proven that their methods are flawed, and that there certificates can not be trusted. This one has been found out; who knows whether there are more out there? I surely hope this is a one-off incident but better safe than sorry. And it sends the message nice and clear to other CAs that they have to be really careful.
As of 9:26pm PDT this bug report has made the frontpage of slashdot.org [...] Please address this issue immediately.
A Slashdot side-effect :)
To two links to forum-type sources?
"What kind of music do pirates listen to?" -Paul Maud'dib
"Yeeeaaarrrrr n' Bee!!" -Stilgar, Leader of Sietch Tabr
Maybe I should tell my browser to just accept certs signed by Bob's SSL Certs and Taco Stand, probably no worse than anyone else.(Bonus points if you get the reference)
Monstar L
I'm not that informed on how certs work but if someone goes to a dutch CA and says they want a cert related to Google, wouldn't that be the one they'd double or triple check just in case it's not really Google? I mean, it's Google. Nobody doesn't know them and they wouldn't just randomly pick up a cert from a random foreign country, right? Or do they need muliple certs around the world or something so it wasn't that unusual? Either way, it's not that hard to make sure a google certificate isn't being requested from Iran...I mean, they're kinda different and easy to follow up on over the phone.
Flawlessly. Or didn't you ever learn to write in a foreign language that good?
I was promised a flying car. Where is my flying car?
if you have gold-plated wenches, you end up with a James Bond movie.
The sad fact is that you don't even have to buy them gold-plated. They happily do that on their own, at your expense.
Remove that CA's certificates from the root store permanently and refuse all future root certificates from that authority.
It would only be necessary ONCE. After all, until it costs them money they will continue to ignore their security issues.
Can anyone add to a list of CAs that have been involved in anything like this?
I had already disabled all Comodo CA certs and and all COMODO certs in my browser after the comodogate incident. After I did that, I submitted complaints to any site that I noticed that use those certs (mainly Amazon's payment system). Other than all diginotar certs, which others should be deep sixed?
I am a firm believer that once there is a loss of trust, anything that company touches should be black holed.
Everyone accepting self-signed certificates without checking who created them is going to make us all more secure against governments?
The problem is with the current trust model itself, as others have noted here. Changing it to blindly trusting everything isn't going to improve the situation (and that is what you are proposing, for Joe Sixpack, anyway).
Oh Good. We can visit something such as Gmail.com with a fraudulent certificate and no one would notice. But god forbid I self sign my home webserver certificate, that must be met with a wrath of a bright red page warning me about the dangers of a possible man in the middle attack and that no one should visit my site under any circumstances!!! /rage
But on a more serious note shouldn't this right now be a clear indication to those in defense of using SSL / TLS to establish identity that their system is horrendously flawed and that maybe self signed certificates are in fact not any worse then any certificate verified by a picture of Ben Franklin?
There's no need to wait for a patch. In Firefox, under preferences->advanced->encryption, select view certificates. Just select digi notar and either click delete or edit and then uncheck everything.
CAs must understand that they will be erased from existence by browser providers, security admins and end users if they violate the public trust in this way. They don't have enough bribes, threats, or lies to get out of the hole they dig for themselves when they sell out.
Hey - just like software is an abstraction of real-world objects, and the web an abstraction of society - CA's could be the abstraction of a real-world bank or government. There is room for corruption.
shock. horror.
Just sayin'
http://www.scaruffi.com/politics/gnp.html
USA is shown there as #1. Nederland is #15. USA per capita is $38k. Nederland is $27k. I can't recall the last thing I bought from "Holland". I've seen those klog shoes == when I was a kid and it was a gag product. What am I missing? You can get good hash in downtown L.A. now.
http://blog.mozilla.com/security/2011/08/29/fraudulent-google-com-certificate/
http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html
http://www.microsoft.com/technet/security/advisory/2607712.mspx
There is just one solution.
Remove them from the list of trusted roots, they are no more trusted.
This will of course kill their business, but that is the only way they will learn, and others will learn from that too.
Do not accept a donation from them to stay in the cert list in Firefox, not even millions of $$$.
They failed our trust
Netherlands GDP is roughly the size of Florida's, not the entire US.
The general fashion sense and level of class is also similar to that of Florida
Question for lawyers. If I bought a certificate from DigiNotar, can I sue them for damages? My certificate is unchanged so I have not been directly damaged. However, their business model is based on trust and once they are blacklisted, my cert while not be useful.
Now all we need is for that to be an automatic response.
Then, the only way back in would be to fix the procedural issues, get properly audited, then generate a new root cert and reissue everyone fresh certs.
The huge cost of this might get them taking security seriously. And even saying "no"to governments.
Prediction for end of Universe #42: Fencepost error in Quantum_bogosort.cpp
From the front page: http://www.diginotar.com/Portals/0/Skins/DigiNotar_V7_COM/image/home/headerimage/image01.png
Part of the SSL spec is the use of CRLs: the ability of certificate provider to "blacklist" certificates that have been compromised by one means or another through a Certificate Revokation List. . Sadly, this is perhaps the least-implemented feature of the whole SSL system, even though it's clearly a very important part thereof.
Compromises happen, people!
Certificates get transferred on USB thumb drives that get left at coffee shops, et al.
A CRL isn't that hard to implement. Yet, it's rarely set up correctly, and many (most?) softwares that use SSL don't support CRL. WTF? !?!?
I love how every time when the discussion is brought up that browsers need to stop treating https with self signed certificates worse than they treat plain http (just don't show the lock icon, show an icon for the fingerprint, which would make it easy to display the fingerprint for comparing it to a known one), some fool immediately starts talking how browsers must treat https with self signed certs worse than http because https without CA means that your session is vulnerable to the MITM.
Of-course when it is pointed out that CA does not guarantee that there is no MITM either, the discussion dies out but the opinions never change.
Well how much longer will the opinions can stay the same with all the evidence that CAs do not in fact guarantee that there is no MITM?
More importantly: who is talking about browser being responsible to figure out whether there is MITM or not with a https and a self signed cert?
This cognitive dissonance needs to be eradicated.
You can't handle the truth.
Make an appointment and come to our office.
Oh yeah, bring money. Preferably, a lot of money.
signed, your lawyers:
Dewy, Cheatem, and Howe
Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti
Someone capable of doing a MITM attack with a dodgy cert is almost certainly going to be in a position to stop you hitting a CRL.
Boffoonery - downloadable Comedy Benefit for Bletchley Park
Anyone else removing all of the "approved" certificates from Firefox upon installation and relying instead upon hashes at first use (I wish these were easier to view like in SSH) and the Perspectives plugin?
Here and here.
This does nothing for all the 3.6.x series firefox users.
Why hasn't mozilla or someone else made a simple addon for maintaining/importing CA CRL lists?
Why is my CRL list in firefox blank by default? (All mozilla default CA's should have CRL lists registered directly. There is ZERO reason for mozilla to not know the CRL list locations, considering they took on the responsibility of reviewing and allowing in all the default CA's)
For the record, even the big names cut corners. I've a Managed PKI account with one of the 'big name' CAs and jumped through ridiculous hoops to get the whole thing setup. Lots of legal records, documents from company house, attestations from the company directors etc. With a number of domains to manage and a complex (Fortune 500) company structure it took about 6 weeks start to finish. While also paying top dollar, I felt the end result would be worth it. ...until two months ago when I happened to learn of a new web page out there that looked like my company and using a domain that was obviously a variation. And in the certificate by *that same* big name CA was my company name...letter for letter, exact detail match, country etc...no variation. Probably copied from my real certs.
On investigation, the domain was registered to a digital agency and had been engaged by an individual in marketing for some promo or other. While I was relieved that this wasn't malicious we also determined that the CA had been happy to issue this cert to this digital agency without any checks whatsoever. When I contacted my AE at the CA, they were basically dismissive with their response amounting to "we figured the other company was well known so it was probably safe enough". The guy who had bought the cert said they didn't really check who he was and he'd paid on his personal CC....
The whole CA industry is a farce.
So what, that was over a decade ago. Maybe the OP was talking about in the 18th century, or maybe he's referring to now, it's probably advisable to use the IMF's number for the US, rather than CIA's.
"Hacked By KiAnPhP Extrance Digital Security Team Iranian Hackers"
Weird.
Source:
https://www.diginotar.nl/Portals/0/Extrance.txt
This is one of their headers:
http://www.diginotar.com/Portals/0/Skins/DigiNotar_V7_COM/image/default/headerimage/image00.png
It's a photo of a man sitting behind a computer, pretending to be a woman.
What's with you fools always screaming about "references"? Why the hell can't you open your own eyes and critically analyze a situation or a claim yourself? Why do you need some "reference" to some bullshit paper spewed out by a no-name academic, or some article published by some for-profit mainstream news outlet, or even a shitty web page put together by some crazy-ass redneck?
It's no wonder that you have trouble seeing the flaws with CAs and the chain-of-trust. You hold this vague idea of "references" above all else, even when it's clear to everyone else how obvious the flaws are. Replace "reference" with "CA" and you've still got the same broken system. The low-quality, quasi-bullshit "references" you request constantly, and blindly depend on, are no different from the many scumbag CAs out there.
Astrology is the study of how events on earth correspond to the positions and movements of astronomical bodies. Astrology is based on twelve Signs, twelve Houses, & twelve Planets. All other elements used in Astrology are either limbs or sub divisions of these Signs, Houses & Planets. These astronomical bodies included are the sun, moon, planets and stars. Astrology has been the domain of sages and Brahmins. Sages from pre Vedic era had very good knowledge of Astrology. To signify all these astrologically we use these Signs, Houses & Planets. Astrology is a science. All sciences have principles & rules. In Astrology there is principle to delineate these significator. Everybody, in Astrology field know the significator of general terms used such as vehicle, property, money, travel etc. but it is impossible to remember significator for all in this Universe. Astrologers believe these bodies and their movements reflect that person's character. Astrology has two main branches 1. Jaimini Astrology 2. Parashari Astrology both bears the name of Sages, Jaimini and Prashar respectively. A prediction could be for an individual, group or nation. This principle of Astrology is to be understood in detail to know how the significations of everything have been arrived at in the book. Both Jaimini and Parashar had different school of thought for the Falit. Jaimini gave emphasis on Degree of Planet in a House, different Ascendants and Aspects and Dasa of Signs whereas Parashar emphasized on position of Planet in House and lordship of Planets, conjunction and Aspects of Planets and Dasas of Planets.
History
The origin of astrology is traced to the ancient Babylonians directly or indirectly and then it spreads to other countries. In as early as 3000 BC, Astrology was created. The Chileans created the original form of Astrology. The Chinese were practicing astrology by 2000 BC. Other varieties formed in ancient India. Today, Astrology is followed more widely than ever before. Astrology has become much more assessable with the increase of internet and person can talk to the astrologers anywhere in the world.
http://www.askganesha.com
Hi all.
The headline has some spurious characters, namely the last four.
Iran is red herring here...
just my 0.0001 ounces of Aurum
__
L.
There are no alligators in polders in Holland.
no, I don't have a sig
Did you notice that you're getting a lot of HTTPS certificate changes from Facebook when browsing sites with Like buttons over the last week or so? I'm running a fully locked down Firefox (NoScript, Flashblock, CookieMonster 1.5, BetterPrivacy, CertPatrol, Perspectives, HTTPS-Everywhere) and I'm getting these warnings even though I haven't whitelisted Facebook anywhere.
I was curious so just as I was writing this I inspected the source of a Wired page I had open. Look at this gem:
<iframe src="http://www.facebook.com/widgets/like.php?href=http://www.wired.com/autopia/2011/08/no-public-transit-no-job/&layout=button_count&show_faces=false" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:450px; height:25px;" allowTransparency="true"></iframe>
So even if you were browsing with Lynx they would still track you using this iframe. But this isn't an HTTPS link. So I checked my HTTPS-Everywhere list and sure enough, it will force any connections to Facebook over to HTTPS connections, triggering a bajillion cert change warnings from CertPatrol.
Fun fact: I got these warnings on my home laptop which I'm pretty sure has Do Not Track enabled, will have to double check that though. What's the status of the "Do Not Track" legislation?
So now if you want to block Facebook tracking you may have to resort to a HOSTS file (please don't chime in APK). Anyone know of a Firefox plugin that works like a browser-specific HOSTS file? Because HOSTS files are a last-resort hack IMO.
This is pretty new, I knew it was technically possible but I thought all Facebook's tracking systems relied on JS, maybe I'll write a journal entry about this and submit it.
"When information is power, privacy is freedom" - Jah-Wren Ryel
How else can a gov't jail 1% of its adult population at any given moment? Any government with a "war-on-something" at home is in the business of nullifying civil rights and should be considered at least an honorary member of the totalitarian club.
The main difference here in the USA which helps keep the 'freedom' charade going is that we have a great deal of material and cultural excess to indulge (and to drown out discussion of serious issues). Once that abundance dries up, even conversations such as this one will meet with repressive tactics.
Hashes at first use? AKA what the guys at the Perspectives project call the "prayer method?" (Pray you're not getting MITM'ed the first time).
"When information is power, privacy is freedom" - Jah-Wren Ryel
I am pretty happy to see this. Why? Because, come on, who didn't know this would be a problem eventually?
This is the biggest Achilles' heel in all of PKI... the need to trust the CA! Yet, there are WAY too many of them, all trusted by default. We have known the Department of Homeland Stupidity has had their own trusted CA, should we be surprised that any national government is capable of shopping around for one that will give them the certs they claim to need and should have for some reason?
The ONLY answer is.... burn the default trusted CA list. Give users more and better tools for accepting certificates. It has to be more explicit and open, less closed and controlled. Personally, I would like to never trust this CA again....there is no tool to help me with that. I can pull it from my system CA lists, but then I have to do that everywhere... and i have to remember to keep it up, and remember any others that I don't trust.
I would much rather a personal trust list that I can work with....shit... maybe even sync though a service like firefox sync or UbuntuOne or some such... it needs to be easy to use, transparent etc. Even better would be to see this handled at a system level, and let all apps get their trust list from there.
This would even allow smaller CAs like CACert to be on more equal footing....if nobody is just "allowed by default" then nobody is inherently harder to use.
-Steve
"I opened my eyes, and everything went dark again"
http://letmebingthatforyou.com/?q=ca%20ssl
http://letmebingthatforyou.com/?q=mitm%20ssl
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
Each ccTLD operator is not necessarily limited to just the domains under that ccTLD. If China maintains a root server, and they have the private keys for the root, they can then sign their own .com keys, and then sign domains under .com. (And even if they only have the .cn private keys, and SSL trust was solely implemented in DNSSEC, now you can't trust your SSL connection to any .cn domain!)
Using DNSSEC for publishing certs and extra identity information is a cool idea, but it's not a good idea to replace all other trust mechanisms. Granted, the current CA model is broken, but there are good ideas out there for distributed models where we don't have to trust governments.
Marlinspike makes some good points here.
http://www.vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx
Am I the only one here who always puts "Flying" in front of "Dutchman" whenever I see that word?
Why hasn't mozilla or someone else made a simple addon for maintaining/importing CA CRL lists
CRL's are being supplanted by OCSP <WP:Online_Certificate_Status_Protocol>.
The patchset has details, but, I don't get why Mozilla's OCSP service isn't sufficient here. Mundanes aren't allowed to view this bug:
Here they're hard-coding a CN check:
And, this is quite interesting:
I wonder what the Dutch government knows - it would imply more than a 1-off problem since the chain should provide a level of isolation.
Nonetheless, there should be code changes required for this sort of problem. Maybe Mozilla doesn't have an OCSP responder running for its roots certs yet?
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Perhaps I wasn't clear enough. (1) I trust Perspectives IFF Perspectives approves of the key/certificate/whatever in use by the server. (2) When Perspectives has failed, I must already know the hash (from the administrator, from myself, whatever). No prayer on first use.
The biggest fault: if someone is MITM, I'm not the first. ;-)
Faults aisde: is this a positive step away from CAs?