Controversial Surveillance Firm Blue Coat Was Granted a Powerful Encryption Certificate

Joseph Cox, reporting for Motherboard (edited for clarity): A controversial surveillance company called Blue Coat Systems -- whose products have been detected in Iran and Sudan -- was recently issued a powerful encryption certificate by Symantec. The certificate, and the authority that comes with it, could allow Blue Coat Systems to more easily snoop on encrypted traffic. But Symantec downplayed concern from the security community. Blue Coat, which sells web-monitoring software, was granted the power in September last year, but it was only widely noticed this week. The company's devices are used by both government and commercial customers for keeping tabs on networks or conducting surveillance. In Syria, the technology has been used to censor web sites and monitor the communications of dissidents, activists and journalists.Blue Coat assures that it is not going to utilize the certificates to snoop on us. The Register reports: We asked Blue Coat how it planned to use its new powers -- and we were assured that its intermediate certificate was only used for internal testing and that the certificate is no longer in use. "Symantec has reviewed the intermediate CA issued to Blue Coat and determined it was used appropriately," the two firms said in a statement. "Consistent with their protocols, Symantec maintained full control of the private key and Blue Coat never had access to it. Blue Coat has confirmed it was used for internal testing and has since been discontinued. Therefore, rumors of misuse are unfounded."

inflamatory headline is inflamatory

bluecoat is not a "surveillance firm" its an infosec company. they sell appliances and services no different than cisco and fireeye.

they have appliances that can MiTM web ssl traffic, which is important in a LAN. if your NSM can't see SSL then you don't have NSM.

to make enterprise network MiTM work, you typically have to add your appliances cert to all the machines in your network. this is normal stuff. you can even do this with Squidguard / Dansguardian.

the PROBLEM is that they have gotten an Intermediate CA signed by a trusted root CA. meaning they could MiTM traffic for machines that are NOT under the control of the network admin : meaning MiTM all ssl traffic where that ICA is trusted by the clients.

the "oh blue coat is blah blah" ... "bububububttt oppressive regimes!!!" is nonsense. the REAL problem is trusting trust in TLS. If a trusted CA can give anyone a trusted ICA then anyone can MiTM.

Re:Simple question

[whoever57]

Simple answer, because the tinfoil hat club has been proven right over and over again in the 21st century.

I don't think that the tinfoil hat club has been right. In fact, the surveillance and control has been worse than most claims of the tinfoil hat club.

Re:Understanding PKI

[jaseuk]

You will get a warning if you visit using Chrome or any other browser that supports key pinning / Strict Transport Security (HSTS). There are enough people using Chrome/Firefox for this to be an early warning system.

Jason

Re:LOL! Sure, whatever you say!

It's not a wildcard certificate, it's a certificate-signing-certificate, that effectively makes them a Certificate Agency. It's not a browser-trusted certificate so any site using a certificate signed by it would also have to have Synamtec's certificate (which is a trusted certificate) presented as part of a trust chain in order for your browser to trust it (which is actually standard procedure for a lot of certs like Comodo or SSL Everywhere). In some ways this makes it worse: if it was a root certificate you could disable it in your browser. To block it you have to disable Symantec's cert and lose trust in all the other certs Symantec signed.

People are downplaying it because if they tried to spoof a site like google, chrome's built in certificate list would catch it immediately. Spoofing any of the millions of certificates that have not been pinned is fair game.

Re:Watching the watchers

Symantec's Certification Authority personnel (as opposed to say, some lass who answers the phone on the front desk) will be operating according to a three ringer binder, and the procedures in that binder are subject to audit by their external auditors. For Symantec that auditor is the management consultancy KPMG.

Some of what's in the three ring binder will be set out in the CP / CPS documents published on their web site, the rest isn't, but typically

* Background check - yes
* Polygraph - probably not, unless the rule was written by Americans, because nobody else is still believing in fairies, father Christmas or Polygraph tests

The trust stores (Mozilla for Firefox and NSS, Microsoft for Windows, Apple for MacOS / iOS, Google to some extent for Android, Oracle to some extent for Java, and a handful of minor players of no consequence) require that they be shown the audit documents once per year for each CA root key they trust. Microsoft requires them to be posted as physical documents, Mozilla doesn't because frankly who wants to read physical documents anyway? The big audit society runs a (HTTPS of course) web site where auditors can upload documents to "prove" they're real and then they are readable by anyone. So you (and any other Firefox user) can read the audit reports shown to Mozilla and see for yourself.

A non-corporate group the CA/Browser forum exists for the CAs and the browser vendors (as major trust store owners) to negotiate new rules. It was created to give a seal of approval to EV, those certificates that make the green bar with the brand name in it work. It now also manages the Baseline Requirements for ordinary (non-EV certificates) too. The BRs say things you'd think were obvious, except nobody did them until relatively recently. Examples:

* Hey, let's not have website certs that last 10 freaking years. What lasts 10 years? Not a US President, not most DotCom businesses, not much. So no more of those. Ever. Let's try 5 years.
* Actually make that 3 years now we think about it. What kind of garbage certificates did we have 5 years ago? Yeah, no, 1024-bit RSA and "Server Gated Crypto" garbage, let's make it no more than 3 years
* If you say you know the name of the business the certificate is for, you need to really know. Not like "Oh, I misheard on the telephone". Get paperwork, check it. Or don't write the name of the business in the certificate.
* Also, there are a lot of companies called "Big Al's Burgers". Write which one it is. Check which one it is. Put the country, state and city of registration.
* Don't issue certificates for local names like "server4" and "webmail". Who owns those? Nobody. Anybody. Stop selling this crap.
* While we're on the subject, don't issue for 127.0.0.1, or 10.1.2.3, or you know, any RFC1918 or similar reserved address. You. Idiots.
* And that goes for foo.corp. Is .corp a TLD on the Internet? No it is not. So don't issue for that name using a public CA that's trusted for the Internet
* .Int is a real TLD. But it is not "for like, our internal stuff". It's for international organisations like ISO. So if you issue a cert for .Int, it better be to someone who controls the .int domain you issued for, understand?
* Raising things to the power 1 is not raising them at all. A "key" with the exponent set to 1 is not a safe key. Do not issue for that. Again, you idiots. ... and it goes on. But my point is, this was an utter quagmire, and it has been improving. Rather than saying "Oh my, this is awful, we should abandon it and just use self-signed certificates everywhere, I'm sure that will be safer" (ha, no real users will check those certificates) we should acknowledge that there is a long way to go, but we already started on the right route and we need to continue.