Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mozilla Checks If Firefox Is Affected By Same Malware Vulnerability As Tor (arstechnica.com)

Posted by msmash on from the security-woes dept.

Mozilla is investigating whether the fully patched version of Firefox is affected by the same cross-platform, malicious code-execution vulnerability patched on Friday in the Tor browser. Dan Goodin, reporting for ArsTechnica: The vulnerability allows an attacker who has a man-in-the-middle position and is able to obtain a forged certificate to impersonate Mozilla servers, Tor officials warned in an advisory. From there, the attacker could deliver a malicious update for NoScript or any other Firefox extension installed on a targeted computer. The fraudulent certificate would have to be issued by any one of several hundred Firefox-trusted certificate authorities (CA). While it probably would be challenging to hack a CA or trick one into issuing the necessary certificate for addons.mozilla.org, such a capability is well within reach of nation-sponsored attackers, who are precisely the sort of adversaries included in the Tor threat model. In 2011, for instance, hackers tied to Iran compromised Dutch CA DigiNotar and minted counterfeit certificates for more than 200 addresses, including Gmail and the Mozilla addons subdomain.

45 comments

  1. Obtaining fraudulent certificates by ShaunC · · Score: 1

    While it probably would be challenging to hack a CA or trick one into issuing the necessary certificate for addons.mozilla.org

    That depends on the CA, some are more easy to trick than others...

    --
    Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
  2. Open source as failure. by Anonymous Coward · · Score: 0

    Linux desktop? Check.
    GIMP image editing? Check.
    Firefox web browser? Check.

    Open source == fail.

    1. Re:Open source as failure. by gweihir · · Score: 1

      Poster is stupid? Check.

      Seriously, if you must troll, at least but some minimal thought into it. That is if you are capable.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  3. If by failure, you mean has it be exploited... by Anonymous Coward · · Score: 0

    ...then EVERY OS and APP has been a failure.

    1. Re:If by failure, you mean has it be exploited... by Anonymous Coward · · Score: 0

      Nope I mean failure as in how Eric Raymond and Tim O'Reilly claim open source software development makes "better software" but it clearly isn't better in any way. It typically has less features, is less stable, and ends up having just as many bugs and security problems. So what the fuck was the point again?

    2. Re:If by failure, you mean has it be exploited... by Anonymous Coward · · Score: 0

      Fuck off back to whatever chan/somethingawful forum thread you came from.

    3. Re:If by failure, you mean has it be exploited... by Anonymous Coward · · Score: 0

      It typically has less features

      Some of us like that. I don't particularly care about 100-MB installers myself. Or most kitchen sinks.

    4. Re: If by failure, you mean has it be exploited... by Anonymous Coward · · Score: 0

      The fact that anyone can participate in the development, or fork their own version, makes it instantly superior. Bugs and vulnerabilities cannot be escaped, but the fact that someone can easily support the software after the original devs lose interest or businesses don't care about it anymore makes OSS superior.

  4. It's not hard to hack a CA by Anonymous Coward · · Score: -1

    And in case of Mozilla it isn't even needed. The idiots have full trust to "let's encrypt" by default, and if you haven't paid attention the no script site is with a completely broken certificate by let's encrypt as well.

    The idiots behind let's encrypt don't understand that the first and role of the public CA system is identity non-repudiation, but they issue certificates with any name to anyone who asks.

    The the idiots at Mozilla decide to add let's encrypt to the trusted list by default completely braking their browser identity validation.

    Screw encryption, why would I need something encrypted if I have zero guarantee that the other endpoint is who it is claiming to be!? If I have no trust who the other party is, encryption makes zero difference, sine there will be 0 data exchanged.

    1. Re:It's not hard to hack a CA by Hizonner · · Score: 3, Insightful

      The idiots behind let's encrypt don't understand that the first and role of the public CA system is identity non-repudiation, but they issue certificates with any name to anyone who asks.

      You don't have a damned clue how this stuff works, do you?

      All the public CAs issue non-EV certificates based on the ability to control email and/or DNS information for domains, and most of them automate it. Their verification standards for non-EV certificates are on page 13 of https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.3.7.pdf.

      Let's Encrypt does exactly the same verification and meets those standards. Let's Encrypt is actually ahead of some of them in that it uses a published and publicly reviewed verification protocol (ACME) to check control over the DNS.

      Yes, the CA infrastructure is shit, mostly because all you have to do to impersonate any domain is to find any CA you can trick. No, Let's Encrypt is not any worse than the hundreds of other CAs that the browsers trust.

    2. Re:It's not hard to hack a CA by Hizonner · · Score: 1

      Oh, I forgot the other major reason that the CA infrastructure is shit, which is that those verification standards are indeed too lax. If you can impersonate the server in the first place, you can probably fake control of the domain well enough to get a certificate. But again Let's Encrypt is no worse than any of the others.

    3. Re:It's not hard to hack a CA by FatdogHaiku · · Score: 1

      I don't know about the ACME verification protocol, but stay far away from their rocket powered roller skates...
      Wile E. Coyote, SG, sss. (Super Genius, still smoldering somewhat)

      --
      You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
  5. Chrome by Archangel+Michael · · Score: 0

    End of story.

    --
    Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    1. Re:Chrome by alexandre · · Score: 1

      Yeah uh ... no.
      That won't solve fake but valid certificates magically.

    2. Re:Chrome by Anonymous Coward · · Score: 0

      Chrome is hardly free from serious (and even bone-headed) security issues.

    3. Re:Chrome by Anonymous Coward · · Score: 0

      Google finds fake but trusted SSL certificates for its domains
      ???

    4. Re:Chrome by Anonymous Coward · · Score: 0

      that is like diving into the sewage tank because someone farted in the room and it stinks.

    5. Re:Chrome by Anonymous Coward · · Score: 0

      It's funnier when people try to compare Chrome's ad blockers to Firefox's ad blockers.

      (Hint: Chrome sends everything you do to an advertising company.)

  6. Thanks for looking in to that... by The-Ixian · · Score: 1

    Let us know when you find something out...

    --
    My eyes reflect the stars and a smile lights up my face.
  7. Certificate Pinning bypass by Anonymous Coward · · Score: 0

    That's all you had to mention.

  8. Down with the CA by alexandre · · Score: 2

    The whole F-ing CA model is broken beyond repair...

    Can we get rid of this joke of a model that we're all relying upon for the rest?

    1. Re:Down with the CA by Joce640k · · Score: 1

      And replace it with....what?

      --
      No sig today...
    2. Re:Down with the CA by Anonymous Coward · · Score: 0

      Something decentralized. Blockchain technology comes to mind. A censorship-proof distributed DNS can be integrated as well.
      Admittedly I did not think this through completely, but at first glance it does look feasible. Maybe some experts would like to look into this.

    3. Re:Down with the CA by jonwil · · Score: 1

      The EFF Sovereign Keys proposal. (although it was developed in the days before block-chain technology became widely known so replacing the centralized servers with a block-chain style system may make the proposal better)
      DNSSEC and DANE (it would be harder to compromise the DNS system and get a fake DANE blob that matches the bogus info for the hackers servers but also passes full DNSSEC validation)
      PGP style web-of-trust where certificates get signed by multiple different entities and you choose whether to trust a site based on whether enough entities you already trust have signed it or not.

      And there are probably others out there.
      The big problem is convincing Microsoft, Apache, Mozilla, Google, Apple and the other major makers of web browsers and web servers to support one or more of these alternatives out-of-the-box.

    4. Re:Down with the CA by Anonymous Coward · · Score: 0

      > Something decentralized.

      Decentralization is no proof against pwnership. It's just a different set of attacks that must be employed.

    5. Re:Down with the CA by Anonymous Coward · · Score: 0

      Great, so every time you connect to a website you have to wait a few minutes for the certificate to be confirmed by different authorities. Sounds... great.

    6. Re:Down with the CA by Anonymous Coward · · Score: 0

      Treat it as HTTP is treated now, allow self-signed certs, create a new tier of CA that only banks can afford.

    7. Re:Down with the CA by Hizonner · · Score: 1

      I honestly think that people are actively sabotaging all of the above approaches.

      It's to the advantage of the existing CAs to go make trouble every time something like that comes up at the IETF or wherever. And it's to the advantage of the world's spooks to slow down any standardization that improves security, preferentially slow down the standardization of the most effective alternatives, and make sure that everything is so complicated and option-laden that you can always find a mode you can break.

      I don't think there's some vast shadowy conspiracy with central control. Just a lot of players with reasons to fuck things up. Sometimes they may cooperate, but probably they mostly just engage in "leaderless sabotage".

      The standards bodies/processes at least try to defend against commercial interests who want to get things they control standardized over technically better alternatives. But once they do get captured, they're hard to un-capture. And they have almost no defenses against players whose only interest is simply to make things not work. And because mentioning the possibility sounds like a conspiracy theory, it's even harder to get them to adopt such defenses.

    8. Re:Down with the CA by Anonymous Coward · · Score: 0

      > I honestly think that people are actively sabotaging all of the above approaches.

      Of COURSE you do. It's 2016 and *everything* is a fucking conspiracy now.

    9. Re:Down with the CA by gweihir · · Score: 1

      It is. And it is no surprise that it is. No security-model that requires trust in a lot of different instances that are subject to a lot of different attacks and pressure has ever worked well.

      Incidentally, when the Internet was still young and the CA system as new, smart people already anticipated this. The bureaucrats wanted it anyways, and post-Snowden, I am very much inclined to believe they wanted a broken system. I trust an official certificate about as far as I can throw it when chiseled into a large rock.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    10. Re:Down with the CA by gweihir · · Score: 1

      No security is better than no security combined with a false sense of security. I say we throw it away completely as a historical aberration. A PGP-like web-of-trust (often ridiculed) does a far, far better job in actual reality.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    11. Re:Down with the CA by Joce640k · · Score: 1

      A web of trust can be compromised, too.

      Webs of trust rely on humans to make them work. Humans are fallible, evil, can be bribed to change sides, etc.

      Look at Tor. Tor works when there's not many evil nodes but the evidence is that the NSA is setting up tens of thousands of their own nodes all over the place. The chances of not going through several NSA-owned nodes is very slim.

      --
      No sig today...
    12. Re:Down with the CA by gweihir · · Score: 1

      If you want a solution that cannot be compromised, then you are a) clueless and b) need to disconnect from the Internet. The question is not at all whether something "can" be compromised, it is how difficult it is in relation to how easy it is to notice. And there a web-of-trust shines.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    13. Re: Down with the CA by Anonymous Coward · · Score: 0

      FPKI actually got it right. There can only be one source of truth. Only one trust anchor, only one trusted root CA. Everything else has to stem down from it.

  9. Sucks by ArtemaOne · · Score: 1

    Still don't like it.

  10. Not a vulnerability by manu0601 · · Score: 2

    Someone with a forged certificate can impersonate a web site. This is not a vulnerability, this is a feature of the threat model: we blindly trust CA for issuing only legitimate certificates.

    This weakness in the security model can still be addressed, because fortunately we already have a workaround for it: HTTP Public Key Pinning (HPKP).

    1. Re:Not a vulnerability by Anonymous Coward · · Score: 0

      It is vulnerability as the browser will trust ANY issuing authority in it trust store with an update. other browsers are far more specific on certificates when it comes to updates.

  11. Mozilla's biggest vulnerability is its developers by Anonymous Coward · · Score: 0

    Who brought in the australis and pocket vulnerabilities.

  12. Time by Anonymous Coward · · Score: 0

    Replace it with time.

    You keep the same cert and same key for a site and it never expires, ever. You know its the correct cert, because it was for a last gazillion times you accessed the site. To attack such a system, a MITM attacker would have to catch each and every access you ever made to that site. And even go back in time and catch all the accesses back to the very first. If they fail to catch one access, then the key signature changes and you are alerted to the man in the middle attack.

    How do you verify the very first connection? You don't, because you have no way of knowing this is the very first connection to that site, you have no way of knowing if you man in the middle that site without setting off alarms.

    As it is with certificates, you access a site and a third party says "yeh sure its legit". In the process you're filing the NSA's meta database with details of your access to that site, and giving them an opportunity to substitute a fake 'yeh sure its legit' message.

    Look in your browser, you're adding LOTS OF COUNTRIES spooks controlled registrar to the list. Now that Russia has the keys for all its registrars, it has the ability to fake certs for every browser that has one of those registrars as trusted. So all of their registrars are compromised and so is the certificates system as a whole.

    US certificate system is known to be malicious (Symantec's Thawte subsid was caught issuing fake certs, Symantec handed fake cert powers to BlueCoat, Symantec control 70% of the cert market). We know from Snowden, NSA was issuing fake certs to man in the middle Google.

    Consider a simpler example: I have a local server NAT side, it has a self cert. My browser warns of the 'bad' cert (Firefox is a piece of shit in its handling of self signed certs). To fix that warning I would have to register the cert with an outside registrar so it could 'verify' the cert. And in the process it could verify any fake cert it wants as also true and I am also handing it information each time I access MY server from MY computer.

    Certificate authorities are more bad than good at this point.

    1. Re: Time by Anonymous Coward · · Score: 0

      self-signed certs offer nothing worth fighting over in this case. Firefox is right to make it a pain in the ass to use them. use a free cert from Let's Encrypt and stop acting like self-signed certs are worth anything for publishing web services.

    2. Re:Time by Joce640k · · Score: 1

      The way I see it this problem comes down to detecting MITM attacks, not trying to prevent them.

      People need easy, automated ways to communicate with each other to check if they're seeing the same public keys as everybody else.

      If we use other site's certificates to sign the certificates being compared it will become exponentially difficult for the NSA to intercept and alter the information arriving at your PC. Only need ONE good certificate needs to get through and the whole attack against you will fail.
      .
      That one good ones should come from your browsing history. The most trustworthy certificates are the oldest ones because it's very difficult to alter history no matter how big your spying budget is..

      --
      No sig today...
  13. HPKP was ill-thought, and thus has seen little use by Anonymous Coward · · Score: 0

    HPKP carries a massive DoS risk that cannot be mitigated if you suffer a breach of key, sabotage, or a simple operational error.

    It would be much better if we could use HPKP to pin the last-level CA (as an alternative to what HPKP already allows). Microsoft, Mozilla, Google, Opera, etc. are quite capable of deploying restricted-use CAs if they had a reason to. In fact, at least three on that list already do.

  14. Re:HPKP was ill-thought, and thus has seen little by Anonymous Coward · · Score: 0

    Meh, never mind. You can do exactly that already (pin the root or an intermediate CA).

    So, yeah, it is mozilla's own fault that they are not doing things properly and operating a CA in a free country (certainly not the USA or anywhere with secret courts) and HPKP-pinning that.

  15. Why do Mozilla use the HTTPS CA system for this ? by OdinOdin_ · · Score: 1

    Surely signing extensions and signing software updates use two different certs and either cert is uses the existing HTTPS SSL/TLS CA system for that ?

    Mozilla are a company that clearly deals with and understand X.509 certificates, so surely anything they do themselves where they control both the distribution and verification they use their own CA.

    The only purpose of the "trusted CA" system is to issue certificates where there are three parties involved, a mutually trusted CA, a server (that needs to verify its legitimacy) and a client (that needs a mechanism to verify the servers legitimacy). But there is only 1 party involved with Mozilla extension and Mozilla browser software updates (although thats not completely true to OS vendor might also be involved for OS level code signing).

    So while the might use HTTPS under that system, the payload it carried is also signed right ? And that verification process is using a CA system that only Mozilla control ?

  16. Re:HPKP was ill-thought, and thus has seen little by manu0601 · · Score: 1

    HPKP carries a massive DoS risk that cannot be mitigated if you suffer a breach of key, sabotage, or a simple operational error.

    True. If someone manages to spoof your server's response, an evil HPKP header can be sent so that your server will not be reachable anymore. The best protection against this is to implement HPKP on your server, so that the evil HPKP header cannot be accepted.