Slashdot Mirror

← Back to Stories (view on slashdot.org)

Four CAs Have Been Compromised Since June

Posted by Soulskill on from the four-whole-californias-wow dept.

Trailrunner7 writes "The EFF, through the use of its SSL Observatory, has taken a look at the data from certificate revocation lists for SSL certificates in recent months, and found that there were four separate CAs compromised in the last four months. The only widely known CA compromise since June is the attack on DigiNotar this summer that completely compromised that company's CA infrastructure and eventually led to it being shut down. All of the major browser vendors were forced to revoke their trust in the DigiNotar root certificates and the attacker who claimed credit for the attack said that he also had compromised several other CAs. There are apparently three other CAs that have discovered compromises since June, but have not made them public."

13 of 87 comments (clear)

  1. Make Public = Out of Business? by SydShamino · · Score: 3, Interesting

    Short of the companies wanting to the good/legal thing, how do you get them to make it public if it quickly puts them out of business? This is the same problem as with any security breach, except aggravated because the CAs basically have just five "customers" (the five major browsers), all of which compete in the realm of being the "safest" and so all five have to pull the root certificate for anyone who announces a problem.

    --
    It doesn't hurt to be nice.
    1. Re:Make Public = Out of Business? by Eponymous+Coward · · Score: 4, Insightful

      Almost every decision Diginotar made around the breach, was a bad one. Other CA's have had breaches and made responsible disclosures and they are still around. That doesn't mean there are zero consequences (nor should there be), but responsible behavior goes a long way in convincing their 5 customers that they are still worth trusting.

    2. Re:Make Public = Out of Business? by shentino · · Score: 2

      And that's what killed them.

      The big bad government had to step in.

      Business will ALWAYS misbehave unless it is watched.

    3. Re:Make Public = Out of Business? by sjames · · Score: 3, Insightful

      Is Comodo out of business? They are not, because they disclosed their compromise responsibly and took the necessary steps to correct their failure.

      Diginotar swept it under the rug for as long as they could, and in the end said themselves that their audit trails were so poor there was no choice but to remove their root cert.

    4. Re:Make Public = Out of Business? by Opportunist · · Score: 2

      Making it public doesn't put you out of business. Watch the recent events in the certificate blunders and you'll notice that CAs who went public had worries, but could rather easily recover. Issuing new certs is fairly easy.

      DigiNotar went under exactly for NOT going public and having any trace of trust eroded due to it.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  2. Workaround (partial) by Mathinker · · Score: 2

    For the paranoid/cautious: there exist extensions to FF which monitor suspicious changes to certificates (i.e., possible MITM attacks). I use Certificate Patrol.

  3. Useless by OverlordQ · · Score: 3, Insightful

    This post is useless without naming them

    --
    Your hair look like poop, Bob! - Wanker.
    1. Re:Useless by elsurexiste · · Score: 2

      At least it's useful for us to know that SSL has serious issues....

      --
      I rarely respond to comments. Also, don't ask for clarifications: a brain and Google are faster, believe me!
    2. Re:Useless by Fished · · Score: 4, Insightful

      The data for the study came from x.509 certificate revocations. Do you really want to punish the CAs that did the right thing and filled out the certificate revocation correctly? That will just encourage fraud.

      --
      "He who would learn astronomy, and other recondite arts, let him go elsewhere. " -- John Calvin, commenting on Genesis 1
  4. obligatory references by Onymous+Coward · · Score: 2

    Another CA system is broken article?

    Consider an alternative model based on notaries:

    Other resources of note: Moxie Marlinspike's article on "trust agility", his Black Hat Conference talk on this topic.

  5. Re:1. reduce the number of CAs to a handful by MobyDisk · · Score: 2

    I think we need to do the opposite - have thousands of CAs. What we have seen from this is that putting power in the hands of a small specially designated group is very risky. A public-key system can't rely on a hierarchy where a few organizations can bring down the entire web of trust.

  6. Yes, but the reputation problem hasn't been solved by Colin+Smith · · Score: 2

    I actually agree. Same with DNS.

    However, there is a problem with reputation. How do you know that the name, or cert you have from someone is actually from the real person and not counterfeit?

    We've tried central authorities. You have all seen the results. It mostly works, as long as you trust the central authority. How do you make a completely distributed system work? It requires some sort of reputation about people and companies you have never been in contact with.

    Note, we haven't solved this problem in real life either.
    We have brands, certifications, social networks, tests but we don't have a way to say that Xs reputation in terms of Y is Z when you don't know X.

    --
    Deleted
  7. Re:Yes, but the reputation problem hasn't been sol by jd · · Score: 4, Insightful

    This is something that has deteriorated over time. I won't say the original cert system was perfect (there were flaws you could drive a 40 tonne truck through) but Grade I certification required significant documentation proving identity plus some form of actual (ie: non-written) contact. That was not a bad idea, the problem was they also offered Grade III certification (a note saying "it woz me" on a napkin) or even grade IV (the request sufficed as proof it woz you) and corporations naturally gravitated towards the cheaper options which you can fly an Airbus 400 through with enough space for 40 tonne trucks on either side.

    The problem was that you still had to trust the CA and this is a major frailty in the CA system. Being assured that the applicant is who they say they are is a major thing - Verisign issued hackers with a signed Microsoft key at one point, because they were asked to in a fax, and DNS registrars are notorious for complying with bogus transfer requests - but it isn't everything. If the CA is compromised, then you have major problems even if all the officially distributed keys are legit.

    Obviously, a Grade I cert system helps to some extent as requiring a thorough screening of applications means you aren't doing live cert distribution which in turn means the master key need not be on any online computer whatsoever. If the master key is behind a sneakernetwall, then hackers will have a harder time signing anything with it. (A sneakernetwall differs from an airwall in the level of competence of those moving stuff from one machine to another.) Obviously, given that eCommerce security holes repeatedly demonstrate corporations can't even put sensitive data behind a meager firewall and the VA is forever losing unencrypted laptops, there's a big difference between "need not" and "is not".

    A way to side-step the issue - to a degree only - would be to require that keys be counter-signed by at least one other CA. It is less likely that two CAs have been cracked by the same person, after all. Or, well, it would be if it weren't for the fact that it probably WAS the same person who broke into all four CAs and there's been an alleged confession that the person did break into two. That person would have been able to counter-sign a key with another CA's master key and since these were the cheapo kind of CAs that probably would indeed keep the master key on an online computer even if they needn't or legally shouldn't, a "Web of CA Trust" is not enough to be 0.45 bullet-proof but is probably 0.22 bullet-proof. The current system apparently falls over if you show it a picture of a bullet.

    IPv6 may help, since violations of strict hierarchical addressing are not only commonplace in IPv4 but actually a necessity due to the limitations of the addressing scheme. In IPv6, routing relies heavily on sub-domains having IP addresses with a prefix equal to the prefix of the domain plus two byte identifier unique within that domain. This means you can identify where things are. Yes, there are privacy issues for personal machines and that's been a major complaint against IPv6, but it means that you've a lot more confidence that a server is in roughly the right place. If you then add DNSSEC or any of the other DNS locking schemes out there, OR mandate an IPSec mode using certificates in a way that would offer equal guarantees that the server is who it says it is, it would help but you're starting to get into the diminishing returns then.

    Of course, this might be the wrong approach entirely. This is trying to find a technical solution to what is ultimately a social problem. Social solutions are usually far better for such things. One social solution would be to regulate cross-border traffic such that eCommerce vendors (CAs included) that wish to conduct cross-border traffic (whether into the country or between boundaries within it) have to publicly declare all actual security breaches and may be held 100% liable for any loss due to unreported breaches. That's definitely not going to sit well with those

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)