Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mozilla Breaks Its Own Promise, Allows Symantec To Issue Insecure Certificates (softpedia.com)

Posted by BeauHD on from the show-no-mercy dept.

An anonymous reader writes: After researchers discovered that SHA-1 can be decrypted, Mozilla, together with Microsoft and Google, said they will no longer "trust" SHA-1-based certificates issued after January 1, 2016, and later stop supporting any type of SHA-1 certificates after June 30, 2016, or January 1, 2017. The foundation went back on its word this week, when Symantec begged Mozilla to allow it to issue nine new certificates for one of its clients, Worldpay PLC, which forgot to request these certificates before January 1. Symantec got what it wanted. Fortunately, other companies like Microsoft, Apple, or Google didn't cave under the pressure.

14 of 86 comments (clear)

  1. Choice of words? by buchner.johannes · · Score: 3, Insightful

    Hashes are not encryption. Plans are not promises.

    --
    NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
    1. Re:Choice of words? by marcansoft · · Score: 5, Interesting

      And this has nothing to do with trusting SHA-1 certificates in browsers. This is purely a policy issue.

      Symantec isn't asking for a whitelist. They aren't asking for an exception in browser policy. They aren't asking Mozilla to trust those certificates. What they're asking for is an exception to CA policy. They are asking to violate agreed upon CA rules by "merely" issuing certificates using a weak algorithm (browsers ought not to trust these certs, but that's irrelevant, it's the fact that they're issuing them at all that breaks the rules). In effect, what they're saying to Mozilla is "we're breaking the rules, but please don't kick us out from the root store".

      If Symantec goes ahead and issues the certs, then any other trust store or entity in a position to enforce CA policy requirements (such as other browser vendors, MS, etc.) is well within their right to remove trust from Symantec roots due to a violation of CA policy.

      Of course, since this is Symantec, it won't happen. They're too big to fail. They'll do it anyway and get a slap on the wrist at most. This is too minor a bending of the rules for anyone to seriously propose kicking them out. That's the problem with big CAs - nobody wants to be the guy to detrust them, because then what users will see is "this browser sucks, I can't access all these sites". And so big CAs get to ignore policy or have major security breaches (I'm looking at you, Comodo) with impunity.

    2. Re:Choice of words? by khasim · · Score: 5, Interesting

      There is one aspect that is hopeful:

      Internally, Mozilla has agreed to allow Symantec to issue these certificates under two conditions: the entire process should be transparent, and that the certificates should expire after only 90 days.

      So if the certificates expire in 90 days (and are replaced with better ones) I'm okay with that.

      The part I still don't understand is why anyone would still need the old SHA-1 certificates. Are their systems THAT OLD? If so, I'm sure they have other problems that haven't been addressed.

    3. Re:Choice of words? by marcansoft · · Score: 5, Interesting

      One of the arguments in the e-mail discussion thread is actually reasonable: the rules say no new SHA-1 certs issued after January 1 2016, and no certs valid for >1 year. Which meant that a ton of people got last-minute certs issued in December. Those certs are valid for the whole year of 2016. WorldPay just fucked up and forgot - had they done so they would have the whole year to upgrade their terminals.

      So, in a way, a 90-day cert issued today is less of a security problem than all the last-minute certs issued right at the end of 2015. From that point of view, perhaps the rules weren't defined very well. It would've made more sense to have only a NotAfter restriction: no SHA-1 certs expiring after December 31st this year, effectively a steadily decreasing maximum validity period as the year progresses. Then this wouldn't have happened.

      Still, policy is policy, and the fact that Symantec is being allowed an exception (even if that exception makes some logical sense) is concerning.

      As for why they need SHA-1 certs? Old POS terminals using public CA roots, and still without SHA-256 support. Welcome to the embedded world. And yes, I'm sure they have lots of other vulnerabilities.

    4. Re:Choice of words? by arglebargle_xiv · · Score: 5, Insightful

      Oh dear Cthulhu, how can you get a simple summary wrong on so many levels?

      • Firstly, SHA-1 is a hash function, not a cipher, so you can't "decrypt it".
      • Secondly, there's no immediate attack on it, it's just known to not be as strong as it should be. With a couple of simple precautions (e.g. using a high-entropy cert serial number) you can make it more resistant to known issues. It's not a total fix, but it helps.
      • Thirdly, Mozilla doesn't control Symantec. Symantec were asked by a private customer to be allowed to use a small number of SHA-1 certs for their payment terminals, which have absolutely nothing to do with Mozilla.
      • Fourthly, "other companies" have nothing to do with it, this is a decision by the CA. It just happened to be discussed on the Mozilla forums.
      • ...
      • Twenty-fifthly, it's a pretty odd distinction to make over cert issuance, if they'd issued a few weeks earlier (before the end of 2015) they'd have got cert with a one-year validity, so valid till the end of 2016. By not having them issued until now they're supposed to get one with an effective zero validity. All this is doing is allowing a private user with no connection to Mozilla to get the same effect as if it had bought the certs a few weeks ago.
      • Twenty-sixthly, ...
    5. Re:Choice of words? by Man+On+Pink+Corner · · Score: 2

      The part I still don't understand is why anyone would still need the old SHA-1 certificates. Are their systems THAT OLD? If so, I'm sure they have other problems that haven't been addressed.

      Most existing Windows drivers were signed with SHA-1 code signing certificates. It's not 100% clear what's going to happen to those drivers, and the hardware they support, in future versions of Windows.

  2. Another sad commentary on the state of security by rudy_wayne · · Score: 5, Interesting

    Once again we are reminded of the truly sad state of business security.

    From TFA:

    A company representative has informed Mozilla that one of its clients, Worldpay PLC, has asked for nine new SHA-1 certificates. Symantec explains that Worlpay has forgot to ask for nine new SHA-1 certificates for some of its servers that process SSL/TLS communications for over 10,000 payment terminals across the world. Worldpay blames this situation on a communications mishap. They say that someone forgot to ask for these certificates before the January 1 deadline.

    The purpose of the January 1 deadline was supposed to be "Hey, your shit is not secure, you need to change to something else". It was NOT intended as "Hurry up and get all your shitty insecure SHA-1 certificates right away before we stop giving them out on Jan 1".

    1. Re:Another sad commentary on the state of security by Striek · · Score: 2

      The problem is when those decisions end up putting someone out of business. I actually fully expected Mozilla to go Full Asshole on this; they consistently ignore the needs of users anyway. But it seems they were willing to reach a compromise, and especially in this case, I feel it's quite warranted:

      Worldpay blames this situation on a communications mishap. They say that someone forgot to ask for these certificates before the January 1 deadline.

      The company says they are already in the midst of the process of updating their servers to SHA-2, but this blunder now puts some of its users in danger of not having their payments go through.
      -snip-
      Internally, Mozilla has agreed to allow Symantec to issue these certificates under two conditions: the entire process should be transparent, and that the certificates should expire after only 90 days.

      WorldPay is a rather large online payment processor - this would affect a rather large number of innocent users, which certainly wasn't the purpose behind the deadline. As much as I agree that SHA-1 based certs should be phased out, and phased out yesterday, Mozilla is right here - there are exceptions to every rule. This deadline was put in place to protect users, not put them out of business.

      As a related aside, a friend of mine, a lawyer, recently asked for advice on how to store her passwords; she works as a crown prosecutor in a very tightly locked down environment. This jurisdiction's policies are so restrictive that the only workable solution employees can find to reasonably securely store passwords and logins is on their personal mobile phones - the sheer number of passwords is impossible to manage without writing them down or using a password manager (which they can't, due to application whitelisting). Yet another example of how overly restrictive security policies manage to achieve the exact opposite of their intent.

      Security is a process, and a series of tradeoffs, not an absolute, and generally, those who fail to realize this end up harming the people they are supposed to protect.

      --
      "Government is like fire; a handy servant, but a dangerous master." -- George Washington
    2. Re:Another sad commentary on the state of security by NormalVisual · · Score: 2

      The company says they are already in the midst of the process of updating their servers to SHA-2, but this blunder now puts some of its users in danger of not having their payments go through.

      I'm still not understanding why it's Mozilla's responsibility to fix an issue caused by WorldPay's irresponsibility. WorldPlay should have been ready for the new certs months ago, not still "in the midst of the process of updating their servers to SHA-2" two full months after they should have had that in production. Let WorldPay take the flak for the issue. If they can't even manage their certificate policy properly, they really have no business being a payment processor.

      --
      Please stand clear of the doors, por favor mantenganse alejado de las puertas
  3. Re:Who Cares? by Threni · · Score: 2

    I switched to firefox recently. It's great; the browser for android (chrome's out of the running as it doesn't support plugins,so you're stick with whatever ads or javascript the sites (and the ads running on the sites) feel like serving up) is the best out there, and the desktop one is great too. I hear people whining about firefox occasionally but i don't get it. Perhaps they're running hardware older than the 5 year old desktop i'm running.

  4. What ever happened to tough shit? by thegarbz · · Score: 4, Insightful

    So this "blunder" means that user's payments aren't going through, and now the work around is to ensure the user's payments are no longer secure?

    Sorry but I'd prefer my payment to not go through. I want no business with people who refuse to secure my financial transactions, I mean it's not like there wasn't a warning. Mozilla is again showing that they don't give a shit about users.

    But the article gives rise to another interesting issue, it implies there may have been a rush on renewals for SHA-1 certs. This kicking the can down the road approach deserves naming and shaming.

  5. Re: Another sad commentary on the state of securit by rudy_wayne · · Score: 4, Interesting

    Man, you managed to read that far into the article but not the next 2 paragraphs. I can't tell if you're being purposefully disenginous or if your attention span is that short... For the record, the next two paragraphs state:

    The company says they are already in the midst of the process of updating their servers to SHA-2, but this blunder now puts some of its users in danger of not having their payments go through.

    Internally, Mozilla has agreed to allow Symantec to issue these certificates under two conditions: the entire process should be transparent, and that the certificates should expire after only 90 days.

    First, why are they only "in the midst of updating" after the deadline has already has passed? This should have been done already. This goes back to my original point -- their attitude was not "hey we need to upgrade before Jan1". It was "we just need to hurry up and get some new certs before Jan 1 and then we can fuck off and do nothing for another year".

    Second, what do you think is REALLY going to happen in 90 days?

  6. Re: Another sad commentary on the state of securit by drew_kime · · Score: 2

    First, why are they only "in the midst of updating" after the deadline has already has passed? This should have been done already.

    Payment systems upgrades can be year-long projects. Recertifying with your bank and other partners takes months. And with everyone having to do it at the same time, everyone is stretched thin getting it all done.

    --
    Nope, no sig
  7. Re:Who Cares? by arglebargle_xiv · · Score: 2

    I use uBlock and Disconnect and a handful of other extensions. I never have issues with ads or javascript.

    Don't worry, Mozilla are working hard to change that (via deprecation of the extension API).