Slashdot Mirror
Hackers Steal Opera-Signed Certificate Through Infrastructure Attack
wiredmikey writes "Norwegian browser maker Opera Software has confirmed that a targeted internal network infrastructure attack led to the theft of a code signing certificate that was used to sign malware. 'The current evidence suggests a limited impact. The attackers were able to obtain at least one old and expired Opera code signing certificate, which they have used to sign some malware. This has allowed them to distribute malicious software which incorrectly appears to have been published by Opera Software, or appears to be the Opera browser,' Opera warned in a brief advisory. The Opera breach signals a growing shift by organized hacking groups to target the internal infrastructure network at big companies that provide client side software to millions of end users."
Does this really signal a growing shift? Or are we just saying that whatever happens in a news story must signal a "growing shift" toward that thing to induce widespread panic?
Whenever the topic of security comes up, there are always a bunch of people who go on and on and on about how certificates are always the answer to security problems.
How do we fix security problems with email? "Certificates!", they say.
How do we fix security problems with HTTP? "Certificates!", they blurt out.
How do we fix security problems with DNS? "Certificates!", they scream.
How do we fix security problems with passwords? "Certificates!", they yell.
How do we fix security problems with application executables? "Certificates!", they exclaim.
Yet we see so many stories about certificates getting compromised in one way or another. And then the infrastructure surrounding them is always so goddamn awful. They cause just as many, if not more, problems than they actually manage to partially solve.
It's time for the certificate advocates to stop and think. They need to look at the big picture. They need to realize that while certificates may have their place in some very specialized situations, they are not the ultimate solution that we so desperately need.
The problem is that implementations that are checking the certificate are not requiring third party authenticated signing timestamps.
If the implementations checking certificates required a trusted root signed timestamp with the digital signature in any of those implementations, then expired certificates would be useless.
Certificates can be compromised, but they are far better than passwords people use.
There has yet to be an actual problem with certificates, just bad implementations.
I would love for you to point me at some software that has never had any implementation faults.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
There will always be people who want to commit crimes of theft.
However, we can thin their ranks a bit. Support the death penalty for cyberthieves (at least in Texas).
Futurist Traditionalism
Well of course, this only affects people that would run software signed by Opera and they have already taken steps to notify both of them of the situation.
and doing it in ASL was never a real improvement
if bad guys are doing it, the governments are doing it.
the whole idea of SSL is based around the trust of the certificate and signing infrastructure. it is a growing shift away from the assumption that SSL=safe+secure when shit like this keeps happening over and over.
By seeing malware signed by your certificate?
Perhaps if people took better care of private keys, this wouldn't bloody happen at all.
The world's burning. Moped Jesus spotted on I50. Details at 11.
Reading the advisory from Opera, the only information on the possible consequences of the breach is that :-
Are users of other OSes similarly exposed to malicious software, such as those using Mac, Lunix, Android or iOS?
For a company that just laid off most of its developers and resigned itself to being a rebranded Google Chrome, this cannot be coincidental.
The only vestige of any use from the former Opera Software is Fastmail.fm, and the developers struggle mightily to keep that branch as separate as possible from the Mother Ship.
Now this cert-signing issue, which on the surface seems petty, but signals a larger problem of a lack of focus on security and a neglected infrastructure. Layoffs will do that. I'm curious if Opera discovered the stolen Cert on their own or if it was reported to them, and how long it was compromised before revoked.
This is not the first sign that Opera is dead, but the bad news keeps piling on for this company. First the loss of mobile space due to actual smart phones, then the dropping of support for non-Windows PCs and non-Android smartphones, rumors rampant of a Facebook/someone else takeover, throwing away fifteen years of incremental browser improvement to become a Chrome skin (and thus breaking services like Opera Link), etc. Opera is DOOMED.
Did you recently ...
- copy any html codes from someone else's website?
- save any pictures or files from the web?
- cut and paste an article or link it to a friend?
- take any screenshots of any interesting pages you found?
- download any movies, music or porn?
Congrats, you may be a cyberthief. This way please, for your appointment with Mr. Noose.
Whenever the topic of security comes up, there are always a bunch of people who go on and on and on about how certificates are always the answer to security problems.
How do we fix security problems with email? "Certificates!", they say.
How do we fix security problems with HTTP? "Certificates!", they blurt out.
How do we fix security problems with DNS? "Certificates!", they scream.
How do we fix security problems with passwords? "Certificates!", they yell.
How do we fix security problems with application executables? "Certificates!", they exclaim.
Yet we see so many stories about certificates getting compromised in one way or another. And then the infrastructure surrounding them is always so goddamn awful. They cause just as many, if not more, problems than they actually manage to partially solve.
It's time for the certificate advocates to stop and think. They need to look at the big picture. They need to realize that while certificates may have their place in some very specialized situations, they are not the ultimate solution that we so desperately need.
Are you saying "certificate" when you mean "PKI"?
This might be taken as evidence that you know very little about security...
Opera is not the first nor the last victim of certificate theft. There is evidence that the use of digitally signed malware is increasing since the Stuxnet incident gave this attack vector worldwide exposure.
Also, unless I'm mistaken, revoking stolen certificates do not prevent malware signed with it from running. Most casual users I think tend to trust certificates (that is what it's for, after all, to certify that its from a trusted source). Not many will bother to check the authenticity of the certificate.
It might be premature to talk about its impact being limited until the full scope of the intrusion and loss of data is made known, and the number of users affected by the intrusion (not disclosed so far).
If you know system was compromised you can presume that data was stolen.
---
Captain Obvious
But its all supervised by judges!
(I guess, given the scale of it, this means all the spooks at the NSA are judges. Maybe they'll soon make all the street cops judges too, that would work out well I'm sure. Theres probably a cadet at the academy now who can't wait to have 'Judge' in front of his name. Cadet Dredd).
In the free world the media isn't government run; the government is media run.
I am the same AC that asked the original question but I meant how about other attacks that have happened in the past. Like personal user data stolen or something. So what your saying is that the only way to know if any data has been stolen is if your see it posted online somewhere?
some systems have access logs builts so that even if you manage to get the data, you might not be able to remove your log entries for doing so. varies case by case of course.
world was created 5 seconds before this post as it is.
actually no, what they do "in" Norway isn't supervised by anyone.
and what I mean by "in" is that they do it while sitting in USA and argue that then it is not a crime for them to perform something that is a crime in Norway(try it the other way and they'll argue it's a crime that happened on US soil. fuckers.).
world was created 5 seconds before this post as it is.
That's right, cyber criminals must be made to eschew all technology post-1800 and be consigned to an Amish paradise for life and have sex with real women. No more computers, microwave ovens and clothes with buttons and zippers. Oh, and they have to go to Church too.
"SO we bide our time, waiting for a purer kick to bloom and the future is still bleak, uncertain and beautiful" -GSYBE
SSH currently will do a key exchange using the first-time approach without a certification authority and we should use the same system for end to end email encryption.
When connecting for the first time, SSH shows the public key fingerprint of the host you're connecting to. If you don't bother to check it, you're leaving yourself wide open to a MITM attack (and in this case, the attacker doesn't even need access to any certificate authorities).
Your proposed email system that blindly accepts every public key upon first connection is even worse than using CAs -- with certificates, you can at least choose which authorities you want to trust.
There are three things that I don't believe you:
(1) Dancing (2) Girl (3) Club
What would also need to be added to your proposal is to supplement with SRP or other secure password system that allows two users to easily exchange relatively insecure passwords out of band to verify the exchanged verifier. This also applies to SSH, especially when remotely connected to a box under your direct control.
You'd use this to supplement the base line protection of using a PKI system to verify the verifiers.
Once the public key has been reliably transferred, it can then safely be used to securely receive any communications without a man-in-the-middle or passive listener being able to decrypt it.
Another solution is to further supplement the above with the use of multiple cert authorities to sign/exchange your certificate (and multiple revocation lists). The more channels it comes in through, the more it can be trusted. So to properly fake out the system, you'd have compromise more than just a single authority. And you'd need the shared out of band password. Compromising any one of those channels does the attacker no good; they'd need to hack all of them (or hack your system, steal your private keys and/or trojan your system and/or eavesdrop at the endpoints).
Or, you could use PGP and have encrypted e-mail today.
God: An invisible friend for grown-ups.
All they do now is recompile Chromium with their branding.
Who logs in to gdm? Not I, said the duck.
i'm wondering about "The only effect of the revoke process is that the bad guys will not be able to sign any further malware with it." in the cited article. how would revocation prevent further signing ?
using crl would (should ?) prevent signed software from working, but signing with a key already in somebody's possession wouldn't be impacted
Rich
The problem with code signing certificates though is what should the validate rule actually be? Should an executable no longer be considered trusted when the cert expires?
I bet certain segments of the software industry would love that. Talk about planed obsolesce.
Maybe the binary should be trusted as long as the create or modify dates are prior to the certificates expiry?
This wont do anything because anyone sophisticated enough to create malware can just manipulate the date stamps before signing.
I know OCSP! We will just do revocation checks every time.
Again certain segments of the software industry would love this. It would empower them to decide when your software no longer works. No you can't just check once, malware authors would just have stuff sleep for awhile, and the CA or signer may not know they have had a breach. After all something like 60% of commercial breaches we reported by 3rd parties last year.
Then there are the privacy implications of doing a revocation check everytime you run some code.
The certificate trust model just does not work for software
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
They need to realize that while certificates may have their place in some very specialized situations, they are not the ultimate solution that we so desperately need.
Certificates!
Clearly the solution is to sign these old certificates with new certificates so that they become more secure.
In this instance it is critical to differentiate, certificates have not been broken/compromised at all, underlying implementations of the infrastructure and the people handling that infrastructure have been compromised or broken. Certificates in general are an excellent solution to many security issues, however it does require good PKI infrastructure and management otherwise they are pointless. For many of their uses you don't even need to trust or rely on any external authority, you can run your own which no fukker has access to except those you specifically grant access and trust, for instance we run a PKI infrastructure where I work, not exposed to the internet and the CA itself is segregated off and heavily secured. We rely on no external party.
How do I use PGP with Zimbra server (webmail) and Zimbra Desktop (desktop client)?
Change is certain; progress is not obligatory.
Some people, such as a PlayStation fan on Slashdot who will remain nameless, would argue that a barrier to entry is a good thing. It ensures that anybody who wants to distribute software to the public is serious about creating quality software. It's a fallacy, but like other fallacies, appeal to accomplishment springs from a heuristic: companies that have successfully published quality works in the past are more likely to publish quality works in the future. The example he likes to trot out is the North American video game recession of 1983, when there was so much shovelware crap on store shelves that neither players nor retailers could find which 2600 games were worthwhile. The North American market pretty much abandoned video games until the fourth quarter of 1985 when Nintendo added a lockout chip to its new Nintendo Entertainment System to assure retailers that only games that Nintendo had evaluated for a certain baseline quality level would be allowed to run.
That's just great! Now all of those snooty Opera users will be able to brag about having another feature before all of the other browsers.
no one is going to be able to get pass that barrier without stealing private keys from Adobe, Oracle, Microsoft, etc.
So how should a legitimate software developer get its publisher certificate into your domain's "etc." list?
First time you get a public key from an email that you trust
How should one decide to trust a particular e-mail? The sender can spoof the From address.
SSH currently will do a key exchange using the first-time approach without a certification authority
Your SSH connection could be MITM'd from day one and you might not notice it.
Apart from platforms that use OpenPGP, such as .deb-based GNU/Linux platforms, each platform has a separate signing certificate. OS X has its own, Android has its own, iOS has its own, and Windows has two: Authenticode for desktop applications and the Windows Store developer license for immersive applications. For small developers, it's a hassle to keep all of them renewed, but for companies big enough to draw targeted attacks like this, it's a benefit.
There's nothing wrong with tracking prior public keys. That's a good option for knowledgeable users, but it's a no-starter for people who know nothing about cryptography.
See for example what would happen when a key is compromised or just lost. In this case you have to warn everyone that your key will change. Now think of how often will people receive the message "hey, my email key has changed, so the warning you'll get is not a MITM attack", and how soon will people start clicking "accept" without bothering to check whether it's legitimate?
The idea of certificates is that the end user only has ONE job: to decide which CAs he or she will trust. Even that has proven to be too much for the end user: almost no one even knows you can choose which CAs they want to trust, everyone trusts the browsers or the OSs to make this choice for them. Any solution that requires MORE decisions from the user is a step back.
you could communicate a key id over another channel, (in person, via phone, mail, etc)
But what providers of shared hosting or a virtual private server are willing to do this for a customer? I've asked the tech support departments of a few such hosts, and the answer was "Just say yes to whatever key fingerprint your SSH client shows."
They paid so much for the certificate would it really be that costly to them to keep the private key on a machine not connected to a network?
People ignore messages about certificates anyway. I managed to use a man in the middle attack to steal an old IT teachers password sent over HTTPS. I just used a self signed certificate and he accepted it like the warning was nothing out of the ordinary.
That's not true at all. They have made their own user interface on top of Chromium.
Clever signature text goes here.
So they are UI company now. Still not a browser company,
Who logs in to gdm? Not I, said the duck.
It's been four days, you told me I could have it today. Why do you delay?
Change is certain; progress is not obligatory.
No, they are still a browser company. They are even contributing to Webkit (now Blink). Anyway, you should at least admit that the claim you made turned out to be false.
Clever signature text goes here.
Its not false and it wont be false until I can right click in Opera >=15 and see "edit site preferences"
Who logs in to gdm? Not I, said the duck.
So if they removed that option from Opera 12, they would no longer be a browser company? That setting is what defines a browser company? Come on... you are making a fool of yourself
Admit it, you messed up. You claimed that all they do is to recompile Chromium, which is wrong since they've made their own UI. You then admitted that you were wrong but now insisted that they were just a UI company. I then pointed out that they are contributing to Webkit/Blink, and now you're just trying to change the subject.
Clever signature text goes here.
But they didnt remove anything. They STOPPED MAKING browsers. Now they take Chromium codebase, add their skin and call it a day.
As a user I dont care about them contributing to some rendering engine if the end product is no longer a browser I was using.
Who logs in to gdm? Not I, said the duck.
You are extremely confused. That it's not the same browser you were using still doesn't mean they stopped making browsers. Are you trolling?
Again: You claimed that all they do is to recompile Chromium, which is wrong since they've made their own UI. You then admitted that you were wrong but now insisted that they were just a UI company. I then pointed out that they are contributing to Webkit/Blink, and now you're just trying to change the subject.
Now you repeat a claim you know is false (that they just add a skin). That's called a lie. Consciously posting a false claim is called lying. You are a liar.
You also didn't answer the question about removing that option from Opera 12.
Clever signature text goes here.
You are boring and arguing for the sake of arguing.
Opera made innovative fully customizable browser. Now they are just google's bitch making clone of Chrome.
Who logs in to gdm? Not I, said the duck.
You keep changing your claims.
You first claimed that all they do is to recompile Chromium, which is wrong since they've made their own UI. You then admitted that you were wrong but now insisted that they were just a UI company. I then pointed out that they are contributing to Webkit/Blink, and you changed your claim to Opera only making a skin, which is obviously wrong again since they coded their own UI.
Now you've moved the goalpost again. This is getting pathetic.
Of course, your latest claim is demonstrably false as well, since they made their own UI and are adding all sorts of features that don't exist in Chrome.
Now, since your claims are mutually exclusive you have really revealed yourself as a liar and a troll.
You also didn't answer the question about removing that option from Opera 12.
Clever signature text goes here.