Slashdot Mirror
Symantec Subsidiary Thawte Issues Rogue Google Certificates
New submitter jack_babylon writes: On September 14th, Symantec's subsidiary certificate authority Thawte accidentally released a "small number" of " "inappropriately issued" security certificates, apparently intended for internal testing only. However, the fact that these were logged in the wild by Google (and, apparently, DigiCert) seems to indicate that they escaped the lab, at least far enough for a false google.com cert to raise the appropriate red flags. This sounds similar to the recent acts of poor judgement that got CNNIC's certs removed entirely from Firefox and Chrome, if more limited in scope and more quickly addressed (through, among other things, termination of some Symantec employees). (And like all reports one hopes go away quietly, these were released in the dead of a Friday night — h/t BoingBoing for noting this news.)
That's some very suspicious "testing", kids.
What are you up to?
Perhaps in bed with some three-lettered thugs?
If google had done what it was supposed to do, keep the private keys private, this would not have happened. My understanding of x509 is that google is supposed to generate signing reqs from those keys and send them to the CA who then signs them and generates google's CA certs. They probably just have thawte generate keys for them, which is stupid, and probably commonplace today.
if you are interesting by the online learning websites visit our website : http://www.digischooldz.com/
Ha ha ha ha!
We're all screwed.
Sure. They violated security protocol "by accident" and compromised everyone's security "by accident".
"Security" is the worst joke of the 21st Century. When are you dumbasses gonna learn?! Note, I'm not talking to you guys selling this shit. If people are buying, scoop it up and sell it as fast as you can. More power to ya!
At one point they were the only company that allowed you to run an HTTPS server with open source. It's sad to see that VeriSign has so destroyed a good company.
Dishonesty, this is no surprise. Now he is in charge of Microsoft.
now?
From the summary: "...termination of some Symantec employees..."
Is this the first time that individuals were held responsible for online negligence? What happens to a CEO or CIO when data on millions of people slips out due to negligence? Has anyone ever been fired before (not just a flunky, but a responsible executive)?
The penalties for corporate irresponsibility are so small that there is no incentive to do the right thing. Actually, this case may be an exception because both Thawte and Symantec have a reputation to protect- they might actually fire an executive. The question remains (and you can ask the same of Wall Street criminals)- when has any executive ever paid for this kind of negligence?
...omphaloskepsis often...
Security company dicking up the one thing they are supposed to be good at.
locate -i thawte|sudo xargs rm -rvf
Jast as i did for diginotar and comodo
you're not special bitches.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion. -- Spazmania (174582)
To apply for the job, please contact DICE Holding Inc.
Really, the word salad in the second to the last sentence is making my eyes bleed. Is proper king's English now optional, on lazy Saturday nights, here?
Sure it's not a perfect fix but publishing the signatures of your ssl certs in DNS would care care of a lot of this low hanging fruit. A standard for cosigning your certs and pinning that cert would also help.
The end effect is needing to break multiple vectors not any of a multitude of root level CA's.
No sir I dont like it.
It's not that Google or Thawte have failed to correctly revoke certificates: it's that far too many people, at far too many sites and with far too many technologies, do not actually keep their signature authorities up-to-date. Because these people don't update signature authorities, they are unable to verify numerous valid certificates. These people then simply set their automated procedures, or make it their personal practice, to accept invalid certificates.
The notable case of this I saw recently is RHEL 5, where the signature authority information in the /etc/pki files managed inside the openssl packages, and updating openssl on a live server is likely to cause fascinating problems for an old, stable, production server. RHEL 6 sensibly put the root SSL keys in a separate package, but it's certainly not an unusual problem.
It's all good now. Employees have been fired and some guy on a Symantec blog said the internet was never at risk. We all can relax and enjoy life.
lucm, indeed.
The problem is that any of the many entities your browser trusts can create a valid certificate for any domain and the browser will just accept it.
What we need is to move away from CAs and adopt a new system for storing the information needed to make a web connection secure. Storing keys in DNS and using DNSSEC to secure that is one option. And there are others (although I can't actually remember any of them off the top of my head).
If you have a situation where its impossible for anyone other than the actual owner of the domain to store a key, its not possible for a rogue CA (or a hacked CA ala DigiNotar or one that has been co-oped by a government or intelligence agency) to issue a bogus certificate or a bogus public key.
What I dont get is why there is no real interest from the people who came up with these alternatives to push them particularly hard and why there is basically zero interest from the people and entities who write the software that the web runs on (browsers, servers etc) to make any moves towards using these new systems.
"BRUNSWICK >> A Brunswick man was arrested Thursday for tampering with town letterhead.
State Police said Leslie C. McDermott, 49, of Brunswick was charged with first-degree criminal tampering, a felony. He is accused of tampering with letterhead from the Town of Brunswick building inspector’s office to create a falsified document to satisfy a real estate transaction."
I guess we now know who provides NSA false certificates (they man-in-the-middled Google https before), so now I'd like to distrust all Thawte certs.
So no, they won't be prosecuted, or removed from the chain, or anything, because Stasi are loyal to Stasi.
This isn't the first time a certain agency has man-in-the-middled Google with fake certs:
https://www.techdirt.com/articles/20130910/10470024468/flying-pig-nsa-is-running-man-middle-attacks-imitating-googles-servers.shtml
If they don't remove Thawte for faking a Google certificate, how much bigger a fake does it need to be to remove their authority??
As for browsers, I should be able to remove Thawte from the trusted chain, and I should be able to configure a warning if a domain has changed its certificate authority chain since the last time we saw it.
That's like the too-big-to-fail argument, the idea that you can't let a corp fail because its too big.
ALL of the TLS certificates ARE invalid, because if we can't trust the certificate system then the basis for certificates is invalid.
Two other strategies are certificate pinning and certificate transparency. For pinning, you declare that only a certain intermediary CA (or root CA) may sign certs for your domain. So Google basically declares that all *.google.com certs must be signed by the specified Google CA. This information can either be hardcoded in the browser (for major sites) or relayed the first time the browser contacts the domain. So with hardcoded pinning, only Google can sign their certs. With http-pinning, another CA could only spoof the cert if the user had never loaded Google before.
The other initiative is certificate transparency. Basically it's a public log of all certs issued by participating CAs. (Non-participating CAs shouldn't be trusted by default). Transparency would have prevented the false Google cert that happened a year or two ago because the unrestricted signing cert granted to the customer would have been immediately flagged as suspicious. If an invalid cert is signed directly by a trusted root CA, it can be detected immediately because Google would be monitoring the public logs and see a cert being issued for their domain. Smaller companies which don't want to directly monitor logs themselves can sign up for a notification service. Suppose I offer such a service and you are my customer. Any time a cert is issued for one of your domains, I'd call you and let you know. You could then take immediate action if it was improper. A company offering such a service would probably also offer assistance in handling the situation.
https://productforums.google.c...
"I am seeing "certified by Thawte Consulting (Pty) Ltd when I point cursor to googlemail. Is it normal or fishy?"
I always thought it was some untrustworthy African name.
Ultimately that's a patch put over the problem.
If we built a system that removed the certificate authorities then more sites would be secured because the barrier to encryption would be lowered. There is less reason to trust a Thawte cert for site X than trust site X's own cert.
I would also be suspicious of Norton Anti-virus at this point, and any Symantec code signing. Rogue employee my ass!
Certificates are there for security, and if it's so easy for Symantec or whoever to fabricate certificate (Google or whoever), no matter if it's for 'internal use' or for the 3-letter bedfellows, something is not right!
The CNNIC incident was a real accident and the removal of the root certificate from Chrome was discussed but not followed by other browser-developers. Google is a highly politicized entity closely linked to the intelligence community. The supposed subverting of the certificate by CNNIC never escaped in the wild and was purely exaggerated in the media to justfy demands for cyber warfare budgets.
IMHO this is a perfecr example of why DANE, and DNSSEC needs to be implemented in both servers/and client software ASAP.
Security requires both encryption and trusted identification. The first is easy, the second is what the CAs are for.
What needs to happen until a corporation is terminated?
That is the main issue here. As human beings, we understand there are limits to what we can do before we face really serious consequences. I mean jail time, not monetary punishment. Money is simply an expense. It might hurt, even hurt a lot, but it is not on the same level as being locked up.
Where is the jail time equivalent for corporations, and why do we continue to believe that we can somehow control them without it? To take back control of our worlds from corporations running amok over it, we need this.
To fire a number of employees means something very seriously went wrong. It also means the corporation allowed it to go wrong. This could be rogue employees the way someone robbing a bank with your car had lied to you when borrowing it, saying he needs to visit his ill grandmother urgently. Or it could be that you gave a gun to an obviously unstable kid when he said he's going to school and he's angry. You really should have at least asked a few more questions before handing over the firearm.
So what will happen to Thawte in response?
Assorted stuff I do sometimes: Lemuria.org
I just checked the google SSL cert for gmail. I cannot find the pinning you mentioned in any of the certificate extensions. How is that done exactly?
And the CA's have proven to be more interested in the sales part of the business than in the security part of the business. Thawte requires more checks than most systems, but the middleman certificate authorities such as DigiNotar have proven incompetent and apparently had their _signing_ keys stolen. And for many signature authorities, it's quite simple to request, pay for, and be issued a fraudulent new corporate SSL certificate for another company due to poor verification of the client identity. That's social engineering, not a technical engineering hack, and it's embarrassingly common place. I do it as a matter of course when the original purchaser of the SSL certificate is long gone and my company's ticket, or a partner's ticket, is expiring and I'm contacted at the last minute. It's with the cooperation of the actual owner of the website, but it's unsurprisingly easy to get passwords changed to the company's SSL account.
What's a Rogue Google, and why does it have a Certificate?
In Firefox, Thawte certs always come back even when you distrust them.
I've tried several of these US cert authorities I would like to flag as distrusted but Firefox restores them automatically.
There's nothing to find in the cert. The first method on pinning is in the browser itself. Microsoft can tell their browser which keys are allowed to sign for update.windows.com before they ship the browser.
The second method is via http headers:
https://developer.mozilla.org/...
I'm using firefox and have changed the trust settings to "No Trust" for all certificates and the funny thing is, I no longer get the god damn warning about adding certs that I need to, especially self-signed certs for those websites that are hosting content but not selling. Very nice as some of the blogs I visit have those self-signed certs. Good enough for the originally intended use (secure communication) not purchasing. Do I have lots of certs added that I trust? Fuck no - I have a dozen such as those by Google (I do use gmail and apps). The others I have are for sites that use self-signed certs to offer HTTPS access. Cheap and works well for the intended purpose.
This is the worst type of offense in that business. It doesn't matter how it happened or whichever scapegoat they come up with to throw under the bus. We MUST call for Thawte to be removed from the root of trust in browsers and OS/security vendors. They CANNOT be granted a pass just because they are "too big to fail". Cue the "you had ONE job to do" memes.
If we do not hold these companies accountable, who the heck will? They NEED to be made an example of. This is the kind of misappropriation and mishandling of trust that should effectively drive a company such as Thawte into BANKRUPTCY or outright EXTINCTION. This should be the very type of egg-in-the-face that leads to the CLOSING of their doors altogether. Do not accept their public apology and allow them to continue with business as usual like nothing happened.
NEVER MIND that the whole CA idea is a flawed security model. I do NOT want to see this conversation devolve into theoretical hypothetical total replacement solutions. THIS hierarchy of CAs is the best/only thing we have right NOW. (DANE is the exact same design just a different underlying protocol stack and displacement of trust to another hierarchy.) They ALL need to be shown and see we EXPECT them to UPHOLD their end of the bargain, NO mulligans, NO do-overs, NO take-backsies.
Not that any domain should deserve special treatment over the rest but in practice it certainly does. This is Google.com we are talking about here. One does not whoops accidentally issue what amounts to a downright fraudulent cert to Google.com. This incident represents a complete and total breakdown and failure of Thawte and as far as I'm concerned, from here on out, the Thawte name should only exist as a black mark in history to remind the rest of the trust industry what happens when they mishandle that trust. They are not "too big to fail" as they HAVE FAILED US and shall be REPLACED. There are plenty of (too many) other CAs. Good ones will take up the slack and bad ones need to continue to be churned out as root anchor lists are maintained. It is NOT hard and NOT too inconvenient to have your site's cert reissued by a surviving CA.
WE NEED TO hold the companies in these hierarchies ACCOUNTABLE for their mistakes AND the mistakes of ALL AGENTS working on their behalf to show that TRUST is taken SERIOUSLY. (Even if between you and me, we really don't trust anyone in these "blessed" hierarchies anyway.)
If this sort of breach passes forgotten with a slap on the wrist or less then we seriously hinder the ability of similar trust anchors to protect themselves legally from coercion from TLAs with the claim of the potential of harm that comes from playing fast and loose with our trust and letting TLAs manipulate the "grey areas".
Tweet to @googlechrome @mozilla @microsoft or contact them by other means that you think Thawte needs to be removed in whole. If they have not revoked their trust in the next released then this issue SHOULD be filed as a BUG REPORT and considered a serious security problem and I hope anyone who values their security in the least to follow up and pursue this. This IS an example where EACH of us CAN make a difference. Make a STINK about it, that is one of our ONLY protections against this sort of thing.
I did not watch my buddies DIE face down in the MUCK so that trust could be so misappropriated and abused. Please join me in taking a stand. Please upvote my comment AND actually communicate and issue correspondence, ideally publicly, to the various maintainers of lists of trust anchors.
There's two key pinning methods in modern browsers that the GP mentioned. "Hard-coded pinning" means that the browser comes with a preset list of pinned certificates. The other is HPKP (HTTP public key pinning) which uses HTTP headers to add a site to the pin list when you visit it, ensuring that you check that the cert is the same on the next visit. Note that you can pin any cert in the chain: the CA, the intermediate CA, or the actual cert used by the domain. Usually people pin the intermediate CA cert, but if it's not under your control, then that CA can still break your security.
Hear here.
Dear Slashdot: Thank you for knowing the difference between out-of-bounds behaviour (rogue) and make-up (rouge). Because the rest of the Internet seems to be having a problem with that.