Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Perfect MITM Attacks With No-Check SSL Certs

kdawson posted more than 4 years ago | from the stuck-in-the-middle-with-you dept.

Security 300

StartCom writes "In a previous article I reported about Man-In-The-Middle attacks and spotlighted an example showing that they really happen. MITM attacks just got easier. In the attack described previously, untrusted certificates from an unknown issuer were used. Want to make the attack perfect with no error and a fully trusted certificate? No problem, just head over to one of Comodo's resellers. Screenshots and disclosure provided at the link."

Sorry! There are no comments related to the filter you selected.

Don't do this at home (4, Insightful)

moro_666 (414422) | more than 4 years ago | (#26210627)

While the link is already being slashdotted ...

I hope the article author understands that unless he's really lucky, he is in deep legal trouble already. It's not the first time that the messenger was slaughtered, although the message was honorable.

Gotta think over the SSL certs one more. I never really liked the mechanism behind it, i like it even less now.

Re:Don't do this at home (5, Informative)

Anonymous Coward | more than 4 years ago | (#26210697)

source of the slashdotted page :

----
In a previous article I reported about Man-In-The-Middle (MITM) attacks and if they really happen. Unfortunately it does happen as some testimonials confirm. Now itâ(TM)s even easier because in the attack described previously, untrusted certificates from an unknown issuer were used. Want to make the attack perfect with no error and fully trusted certificate? No problem, just head over to one of Comodoâ(TM)s resellers.

In an unrelated event which was briefly mentioned at the dev.tech.crypto mailing list of Mozilla, something strange happened. During my attempt to verify and understand who stands behind the sending of fraudulent âoereminderâ email messages tricking our customers, I created a certificate from the source I was following. And my certificate was issued without any further questions.

This prompted me to create another certificate through them, but this time by using a domain name which should never be issued to me. For the purpose of testing, I selected the domain mozilla.com (Iâ(TM)m certain they will forgive me). Five minutes later I was in the possession of a legitimate certificate issued to mozilla.com - no questions asked - no verification checks done - no control validation - no subscriber agreement presented, nothing.

With the understanding about MITM attacks, the severity of this practice is obvious. No encryption is worth anything if an attacker can implant himself between the client and the server. With a completely legitimate and trusted certificate, the attack is perfect. No warning and no error.

--
there you go, have a nice xmas and slashdot less

Re:Don't do this at home (5, Insightful)

cp.tar (871488) | more than 4 years ago | (#26210795)

Oh, dear. So who certifies the certifiers?

Re:Don't do this at home (2, Insightful)

jonbryce (703250) | more than 4 years ago | (#26210913)

The suppliers of web browsers - Microsoft, Mozilla, Opera, Apple (Safari), KDE (Konqueror), Google (Chrome).

Re:Don't do this at home (4, Interesting)

TheLink (130905) | more than 4 years ago | (#26211327)

And they don't care about security (nor do the users).

That's why self-signed certs aren't really more risky than CA signed certs in practice.

http://it.slashdot.org/comments.pl?sid=1041927&cid=25890305 [slashdot.org]

http://ask.slashdot.org/comments.pl?sid=534356&cid=23199022 [slashdot.org]

I've probably posted others, but I bet "everyone" is still going to leave the dozens of CA certs in their browsers, and Mozilla and friends aren't going to do the SSH style thing - warn user if the cert changes for whatever reason- even if it's a valid cert.

I'd like to know if my bank's cert suddenly changed from the old cert to some cert signed by some CA in Elbonia. :)

Re:Don't do this at home (1)

gbjbaanb (229885) | more than 4 years ago | (#26211515)

no, they only trust the root certificate authorities, who in turn trust their partners, who in turn trust their resellers, who in turn trust their friends, who in turn trusts Vladimir 'the violator' Ilvymich.

So, how long before someone buys a Microsoft.com certificate and supplies some critical 'updates'?

Re:Don't do this at home (3, Funny)

Anonymous Coward | more than 4 years ago | (#26211233)

I have a much bigger concern. Who certifies those who certify the certifiers?

Re:Don't do this at home (0)

Anonymous Coward | more than 4 years ago | (#26211323)

>>Oh, dear. So who certifies the certifiers?
>The suppliers of web browsers - Microsoft, Mozilla, Opera, Apple (Safari), KDE (Konqueror), Google (Chrome).

Duh.. you do.

Re:Don't do this at home (0)

Anonymous Coward | more than 4 years ago | (#26211441)

And who certifies me?

Re:Don't do this at home (2, Funny)

gomiam (587421) | more than 4 years ago | (#26211481)

...your local psychiatrist?

Re:Don't do this at home (2, Funny)

Screaming Cactus (1230848) | more than 4 years ago | (#26211503)

Simple. We give the MITM attackers the power to certify the certifiers. That way we have a system of checks and balances.

Re:Don't do this at home (5, Informative)

iammani (1392285) | more than 4 years ago | (#26211253)

Folks who are surprised should definitely check out the list of Certificate Authorities. In Firefox Prefences -> Advanced -> Encryption -> View Certificates -> Authorities Tab

The first one is TÃoeRKTRUST Elektronik Sertifika HizmetSaÄYlayıcısı.

And its much worse in IE -- Internet Option-> Certificates -> Trusted Root Cert. Autho. I have not heard of 25% of the Authorities.

As the wise put it, security is only as strong as the weakest link.

Re:Don't do this at home (3, Insightful)

Timothy Brownawell (627747) | more than 4 years ago | (#26210779)

Gotta think over the SSL certs one more. I never really liked the mechanism behind it, i like it even less now.

The current mechanism is that the site owner pays a particular CA to identify them, and end-users/browsers trust any CA to identify any site (they can't know which CA the site owner actually paid). Site owners (the ones paying the bills) have no incentive to demand that the CA be competent.

A better system would have the end-user pay someone they trust to identify the site; they are directly paying for the identification service and can take their business elsewhere if they get crap service. This would also mean that the site owners don't have to pay someone who, really, can't actually provide any assurances to the end-users (because all CA-signed certs are treated the same). Better to just have everyone go self-signed, and then let someone (paid by the end-users) keep records of who used what cert when as seen by what network routes.

Mapping to real-world identities is a separate issue (only provided by "extended validation" or whatever certs due to browser UI issues), and is (1) rather expensive because you need people involved to look at paperwork and such and (2) mostly isn't needed, because you'll generally find IRL groups' sites by communication from those groups (eg, my electric bill has the electric company's URL printed on it, I don't need to look them up in google and then verify that I got pointed to the right place).

Re:Don't do this at home (1)

somersault (912633) | more than 4 years ago | (#26210839)

(they can't know which CA the site owner actually paid)

Isn't that what the 'issued by' field is for in a certificate?

Re:Don't do this at home (1)

Timothy Brownawell (627747) | more than 4 years ago | (#26210895)

(they can't know which CA the site owner actually paid)

Isn't that what the 'issued by' field is for in a certificate?

No, that says which CA issues that particular cert. Which may not be the same CA that the site owner paid, for example if I pay Verisign for a cert for my site and when you visit you get a cert from "one of Comodo's resellers", you really have no way to know that I didn't buy a cert from them and you shouldn't trust it.

Re:Don't do this at home (2, Informative)

Nursie (632944) | more than 4 years ago | (#26211283)

Unless you've already decided that you don't trust Comodo, for this reason, and have struck them from your list of trusted authorities.

Re:Don't do this at home (1)

jonbryce (703250) | more than 4 years ago | (#26210929)

Most people just look for the padlock. Do they even know how to inspect a certificate?

Re:Don't do this at home (4, Insightful)

Anonymous Coward | more than 4 years ago | (#26210955)

Pesronally I'd like VISA and Mastercard to give me Root CA certs to use for purchasing on line - then if they foul up and someone gets a dodgy cert then they pick up the bill.

As it is, I don't think anyone would be liable (except yourself) to pick up the cost of shenanigans

Re:Don't do this at home (1)

Timothy Brownawell (627747) | more than 4 years ago | (#26211355)

Pesronally I'd like VISA and Mastercard to give me Root CA certs to use for purchasing on line - then if they foul up and someone gets a dodgy cert then they pick up the bill.

Hey, I like that idea. But it would need a way for the site to have multiple certificates where the user chooses which one they want (does SSL/TLS permit this?), and support for this in the browser UI... I suppose the root cert would probably come on a mini-CD or USB stick when they mail your card.

Re:Don't do this at home (0)

Anonymous Coward | more than 4 years ago | (#26211439)

https://mastercard.example.com/
https://visa.example.com/

maybe? I dunno. Maybe trust paths could be established from intermediate CAs to your card issuer - just click the padlock icon and check there is a path back to your preferred root depending on what task you are doing.

Re:Don't do this at home (5, Insightful)

betterunixthanunix (980855) | more than 4 years ago | (#26210985)

The problem with the system you described is that it relies on end users to understand what is happening. Most FF or IE users have no understanding of what a certificate even is, how it works, or how a MITM attack works. If you told end users that they would pay for identification services, every scam artist on earth would be setting up their own CA and charging users for the root signing certificate, which would then be used for MITM attacks. Worse, the idea that end users could try and verify self-signed certificates is preposterous also, and again, scam artists would be all over it.

From a security standpoint, the current system is pretty much the best you can hope for. People who presumably know what they are doing select your CA roots for you; a mistake there is equivalent to a buffer overflow that allows an attacker to install a key logger. The CAs, wishing to remain in business, have an incentive to do some level of checking on who they issue certificates to: if it became known that a CA was just signing any CSR, with no checks whatsoever, software makers would stop shipping their public key, and legitimate users would not pay for a signature. This, by the way, is the incentive for site owners to buy signatures from competent CAs: an incompetent CA is likely to not have their public key shipped with popular software, so their signatures are worthless.

It's not common for a CA public key to be removed from a software package, because of the ruckus it would create (potentially thousands of websites suddenly having untrusted certificates), but if a CA has truly incompetent practices, then yes, their public key will be removed. In general, software makers try to hold CAs to high standards to get their public key shipped with the software in the first place, so unless the CA itself allows its practices to worsen, it is unlikely that they would find themselves in that position.

Trusting a third party for security is tough, but if you are smart enough to be aware of that, then you should also be aware that you can personally add or remove CA public keys from any software that you use. If you feel that Comodo is untrustworthy, remove their public key, and every time you get a warning, report it to the owner of the website you were trying to visit.

Re:Don't do this at home (2, Insightful)

Ed Avis (5917) | more than 4 years ago | (#26211349)

if a CA has truly incompetent practices, then yes, their public key will be removed.

Clearly not the case, since Comodo is still trusted.

The browser maker (or someone else - the government security agency?) would need a team of people constantly testing the certificate issuers, trying every ruse possible to get bogus certificates issued. If any issuer fell for it then they would be struck off the list of trusted issuers (and the updated list would be pushed out as a security update). I don't see this happening.

Re:Don't do this at home (1)

Bert64 (520050) | more than 4 years ago | (#26211197)

They really should use self signed certs for things like banks, and provide you a copy of the root cert in the branch so you can be certain the two match up... No third party involved.

Re:Don't do this at home (1)

Vellmont (569020) | more than 4 years ago | (#26211293)


Site owners (the ones paying the bills) have no incentive to demand that the CA be competent.

What do you mean they have no incentive for competent CA's? They have every incentive, since without competent CAs the security of the system will collapse. The site owner presumably cares about the security of the communication. If they didn't, why use SSL at all?

The real problem with the current system is that ALL the common CA's have to be trusted, not just some or one. A better system would involve only the CA who the site owner contracted with has to be trusted for that sites security.

Re:Don't do this at home (1)

Kjella (173770) | more than 4 years ago | (#26211357)

What do you mean they have no incentive for competent CA's? They have every incentive, since without competent CAs the security of the system will collapse. The site owner presumably cares about the security of the communication. If they didn't, why use SSL at all?

As a system, yes. Individually, no way. They want the cheapest CA = the one cutting the most corners that doesn't throw a nasty warning when visited by their customers. If people lose faith in the padlock, all the site owners are equally screwed no matter who they bought their cert from.

Re:Don't do this at home (1)

Timothy Brownawell (627747) | more than 4 years ago | (#26211429)

What do you mean they have no incentive for competent CA's?

The security of my site's users doesn't depend on the competence of whichever CA I choose, it depends on the competence of the least competent CA trusted by their browser. So there's no incentive for me to pay extra for a more competent CA, because their competence (or lack thereof) doesn't really affect anything.

A better system would involve only the CA who the site owner contracted with has to be trusted for that sites security.

I don't think that's possible, how do you know which CA that is?

Re:Don't do this at home (1)

Vellmont (569020) | more than 4 years ago | (#26211549)


So there's no incentive for me to pay extra for a more competent CA, because their competence (or lack thereof) doesn't really affect anything.

This is true. My point is really that shifting the burden of proof from one entity to the other doesn't really address the real problem. The problem isn't that one party has more interest in security than the other (sometimes true, sometimes not), it's that the weakest CA ruins it for everyone else.


I don't think that's possible, how do you know which CA that is?

With the current x509 based certs, it's not. The whole thing was based on all the CAs being "trusted".

I guess I'm starting with an idea I know to be secure (or at least doesn't have a single point of failure), and then find a way to implement that. I don't know if it's possible to implement such a system or not.

OK, which CA must leave the trusted list? (5, Interesting)

Anonymous Coward | more than 4 years ago | (#26210793)

There's only one way the CA system can work: Responsibility and repercussions. If a certificate authority signs forged certificates, then it can no longer be trusted and must be removed from the list of trusted CAs. To trust an untrustworthy CA is a security bug and should trigger updates from all browser developers which remove the offending CA. Make the CAs work for their money.

Re:OK, which CA must leave the trusted list? (1)

characterZer0 (138196) | more than 4 years ago | (#26210921)

The problem with that is IE.

Suppose Mozilla, Google, Apple, Gnome, The KDE Team, and Opera all remove untrustworthy CAs from their browsers.

Microsoft can leave the untrustworthy CAs in IE, and there are automatically a bunch of sites that are, for most users, IE only.

Re:OK, which CA must leave the trusted list? (0)

Anonymous Coward | more than 4 years ago | (#26210987)

If it doesn't happen too often, they could flag the CA as untrustworthy and warn users that, even though the certificate checks out ok, it was signed by a CA which is known not to perform proper identity checks, so it might be forged. Make it one of those FYI bars at the top of the browser window, so that the user doesn't have to do anything to continue. If the situation gets worse, unlist the CA. Then it's Microsoft's problem if it doesn't follow suit and IE doesn't protect the users from fraud.

Re:OK, which CA must leave the trusted list? (1)

glop (181086) | more than 4 years ago | (#26211007)

Maybe they could display a warning for that CA.
Or just go to the CA, tell them they need to do a better job or 20% of the web users will see a message saying : "this website has obtained a certificate from CA XXX which has very poor security checks".
Of course, such an update would make good headlines for the New York Times and others, so the CA could not take the risk of ignoring the threat. They would need to address the issue to avoid the bad press.

Re:OK, which CA must leave the trusted list? (2, Insightful)

bunratty (545641) | more than 4 years ago | (#26211111)

Telling them to do a better job now does no good if they've been issuing valid certificates to bad guys already. If they were not doing the proper validation of individuals who were requesting certificates, we need to consider all certificates issued by that CA to be untrusted.

Re:OK, which CA must leave the trusted list? (1)

Nursie (632944) | more than 4 years ago | (#26211331)

Perhaps.

Or perhaps they need to get their CRL in order, which is the mechanism for dealing with certificates that have been revoked or compromised.

Re:OK, which CA must leave the trusted list? (2, Insightful)

Kent Recal (714863) | more than 4 years ago | (#26211333)

So, who will step forward and remove such authorities from the CA list? Mozilla? Opera? Microsoft even?

Something tells me that no one will and nothing will happen. The dust will settle, the offending CA will, at best, adjust their practices slightly but not effectively - and within 6 months we'll see more CAs pop up left and right using the same broken procedures.

There's just too much money involved in this game. Owning a CA authority is effectively a license to print money and the beancounters everywhere will just keep on repeating their mistakes over and over in order to "streamline" the process for "optimized revenues". I would even go as far to suspect that this *might* be a PR stunt to drive more people into the horridly expensive "green addressbar" certs (and wait for it, we'll see more colors in the future, for even more security!).

The only technically correct way out of this would be to abandon this broken and tainted system altogether.
But it's not gonna happen, VeriSign and friends will make sure of that with all their weight.

Re:OK, which CA must leave the trusted list? (2, Insightful)

maxume (22995) | more than 4 years ago | (#26211421)

As a user of Firefox, that's fine with me (the entire point of the certificate system is to provide security; in that context, features and convenience are lower priorities than actually providing security).

Basically, my neighbor's paper house is not a good reason for me to leave my doors unlocked.

Re:OK, which CA must leave the trusted list? (1)

camperdave (969942) | more than 4 years ago | (#26211091)

If a certificate authority signs forged certificates, then it can no longer be trusted and must be removed from the list of trusted CAs.

That just moves the problem one rung up the ladder. How can we trust that the list of trusted CAs is valid and up to date? Who maintains this list? Me? You? The Scam Artists? A central trust agency? The Government?

Re:OK, which CA must leave the trusted list? (2, Informative)

bunratty (545641) | more than 4 years ago | (#26211147)

Microsoft maintains the list for IE. Mozilla maintains the list for Firefox. And so on. Use a browser from a company you can trust, or you may just regret it one day.

Re:OK, which CA must leave the trusted list? (1)

timeOday (582209) | more than 4 years ago | (#26211267)

Plus, decertifying a CA would nuke thousands of websites that did nothing wrong; even for this lax CA I'm sure most of the companies registered there are legit.

Re:OK, which CA must leave the trusted list? (1)

moose_hp (179683) | more than 4 years ago | (#26211543)

No, it's their fault to do bussiness with an untrustworthy CA, they should be the first ones asking for more security in the registration process or move their certificates to another CA who do things right.

Considering that they used the same registration method, they should had noticed that the process did not protect them from forgery.

Re:OK, which CA must leave the trusted list? (5, Insightful)

timeOday (582209) | more than 4 years ago | (#26211311)

How can we trust that the list of trusted CAs is valid and up to date? Who maintains this list? Me? You? The Scam Artists? A central trust agency? The Government?

Go ahead and accuse me of not being libertarian, but yes, I think making and enforcing standards for CAs is a good role for the government. I would never put my money in an unregulated bank, or send premiums to an unregulated insurer, or go to a back-alley doctor.

Re:OK, which CA must leave the trusted list? (1, Insightful)

giorgiofr (887762) | more than 4 years ago | (#26211447)

I would never put my money in an unregulated bank, or send premiums to an unregulated insurer, or go to a back-alley doctor.

But you have no problems forcibly preventing me from doing so, should I wish to. That's not even close to not being a libertarian. It's being a dictator.

Re:OK, which CA must leave the trusted list? (5, Insightful)

Vellmont (569020) | more than 4 years ago | (#26211457)


but yes, I think making and enforcing standards for CAs is a good role for the government.

Which "the government" are you talking about here? You might have noticed the internet is worldwide, and there's no single authority to control it. Browser makers are also free to put whatever CA's root certificates in their browsers that they wish (along with all anyone else who distributes software that uses an x509 certificate).

and then... (0)

Anonymous Coward | more than 4 years ago | (#26210799)

slashdotted-and then you wonder why I don't RTFA :-)

Re:Don't do this at home (1)

Nursie (632944) | more than 4 years ago | (#26211303)

What's wrong with the mechanism?

The problem (IMHO) is that the implementation is sucky and too many roots are put into browsers by default.

The actual mechanism works really really well, but you have to make sure you restrict your circle of trusted roots to orgs you *really* trust, for anything that's at all important.

Re:Don't do this at home (1)

Vellmont (569020) | more than 4 years ago | (#26211403)


I hope the article author understands that unless he's really lucky, he is in deep legal trouble already.

How? Was someone defrauded? Was their money lost? Was someone unjustly damaged? I just don't see the law broken here.

From what I can tell, what happened is the author found a way to get a signed SSL cert from a CA for mozilla.org. He doesn't mention that he tried to pass it to anyone, or even released the cert to anyone. The only party that might claim injury is the CA, and if they're smart they'll try to keep this as quite as possible. (Because they're the giant incompetent boobs here, and a lawsuit would only draw attention to that fact).

ha ha (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#26210629)

haha

I see dead links... (1)

Nabeel_co (1045054) | more than 4 years ago | (#26210647)

All the links are down... One of the down sides of seeing a story when it is new I guess.

Looks interesting though! Might get more interesting when their web server stops spitting out flames...

Google Cache (0)

Anonymous Coward | more than 4 years ago | (#26210823)

There isn't a whole lot of info [74.125.45.132] .

Really now. (4, Funny)

cp.tar (871488) | more than 4 years ago | (#26210667)

The example cited is "RESOLVED INVALID". The link to the "perfect attack" seems to be slashdotted. And at the time I started writing this comment, there have been no comments whatsoever.

Does this mean that Slashdotters have all swarmed the link trying to find out how to execute the perfect attack? Are we seeing a new trend here, with people actually reading TFAs?

Or is it that too many people have Greasemonkey scripts filtering out kdawson's posts?

Re:Really now. (5, Funny)

ghmh (73679) | more than 4 years ago | (#26210711)

Apparently the perfect attack is actually 'Slashdot in the Middle'

Re:Really now. (4, Insightful)

daveewart (66895) | more than 4 years ago | (#26210719)

The example cited is "RESOLVED INVALID"

That's because the behaviour reported in the bug (the actual MITM attack) is *not* a problem with Firefox as suspected by the reporter: Firefox was behaving correctly by identifying the SSL certificates as invalid. It is however an interesting report of a MITM attack.

Re:Really now. (1)

BSAtHome (455370) | more than 4 years ago | (#26210741)

Being among the first to read all about the "perfect attack" is by definition "stuff that matters". The slashdot effect is proportional to the headline and proportional to the amount of damage that potentially can be done [sorry, no citations available]. Therefore, reading TFA is merely a function of headline and potential damage.

BTW, I decoded your .sig, will you please sue me now?

Re:Really now. (1)

cp.tar (871488) | more than 4 years ago | (#26210805)

BTW, I decoded your .sig, will you please sue me now?

Absolutely. My lawyers will call your lawyers and arrange everything.

Re:Really now. (1)

bunratty (545641) | more than 4 years ago | (#26210751)

The reason for the "RESOLVED INVALID" is that the bug reporter thought they were reporting a bug in Firefox causing all those annoying SSL popups. What was actually happening was that the user was being attacked with a man-in-the-middle attack. Therefore, this shows how Firefox protects you from the attack. As annoying as those dialogs may be, they are necessary to warn the user of a potential attack.

Re:Really now. (1)

neumayr (819083) | more than 4 years ago | (#26210885)

Sure, because users are so prone to pay any attention to annoying dialogs.
Not that I have a better idea, except maybe to do away with user interaction concerning SSL all together - block invalid certs by default, don't show some confusingly complicated dialog, just give some error message.
Radical, yes, but I don't see any other way.

Re:Really now. (1)

Qzukk (229616) | more than 4 years ago | (#26210949)

don't show some confusingly complicated dialog, just give some error message.

And that's exactly what firefox 3 does. You get a blank screen with a message that the SSL certificate is invalid and that the site cannot be trusted, and a tiny little link to open the dialog to add an exception if you really want to go to that site anyway.

Pisses everyone with self-signed certs off.

Re:Really now. (0)

Anonymous Coward | more than 4 years ago | (#26211069)

It really shouldn't. If they're remotely competent (okay, I know that's asking a lot), they'll have set up their own mini CA with something like TinyCA [sm-zone.net] and have installed that CA's cert in the browser's CA list. If you're using truly self-signed certs rather than certs issued by your own mini CA, you're retarded.

Re:Really now. (1)

neumayr (819083) | more than 4 years ago | (#26211237)

I'm not familiar with TinyCA, but if you still need to add the CA you created to the browsers list manually, how does that help?
You still need to tell your users what to do, and it's probably as much work as just accepting you selfsigned cert.

Re:Really now. (1)

bunratty (545641) | more than 4 years ago | (#26211257)

Because you need to add only one CA instead of many self-signed certs?

Re:Really now. (1)

Kent Recal (714863) | more than 4 years ago | (#26211425)

Pisses everyone with self-signed certs off.

And is perfectly backwards, as far as I am concerned.
Browsers should display a warning dialog for *every* cert that is encountered for the first time, something along the lines of "This site wants your trust, please check the cert details carefully before accepting".

Being issued by VeriSign or Thawte doesn't make a cert any more trustworthy in my eyes.
They have issued forged certs for microsoft.com and such before and it will keep on happening. It can happen to my or your online banking site just later today, who knows?

What I want from my browser is to warn me when a site that I previously added to my trust-list suddenly *changes* its cert. None of the major browsers do that as far as I know. As long as the new cert is signed by one of the so called "authorities" it'll just happily let me send my data to whatever phishing site without the smallest warning dialog...

Re:Really now. (1)

bunratty (545641) | more than 4 years ago | (#26211487)

The problem with your approach is that users get so many warning dialogs they get used to clicking through quickly, and therefore miss the important warnings for when a cert changes. You need to save warning messages for truly important events, so the user does not become desensitized to them.

Looks like DDOS beats all (2, Funny)

00_NOP (559413) | more than 4 years ago | (#26210673)

It had "0" comments when I started and I still could not RTFA

Re:Looks like DDOS beats all (1)

cp.tar (871488) | more than 4 years ago | (#26210813)

That's called "slashdotting".

Re:Looks like DDOS beats all (1)

Briareos (21163) | more than 4 years ago | (#26211525)

More like "/. subscribers seeing articles 30 minutes early" (but with comments disabled)...

np: Tocotronic - Gegen Den Strich (Pure Vernunft Darf Niemals Siegen)

Go wild! (-1, Troll)

Anonymous Coward | more than 4 years ago | (#26210689)

Mac Blocker didn't have time for what was happening to him, but he couldn't stop it either. He needed to escape, but his orgasm was beginning to build again. He was security chief of this damned place, did Rothman really think he could stop him by locking him up.

He looked down, something was happening to his cock, it was changing shape. His balls had already become huge and hung low and had a fuzzy grey covering of fur. Fur was growing all over his body, he watched, half fascinated and half horrified as his red human hair began to disappear beneath the tan and grey fur on his chest and belly. He rubbed and scratched his abdomen. He was growing carpet of badger fur on his chest and felt it growing on his back. He felt his face and realized that it was happening there too. If he could have seen himself in a mirror, he would see the beginnings of the distinctive black and white stripes on his face and his nose and lips beginning to darken. The backs of his arms were growing dark with fur.

He was brought out of his musings about his growing furriness by his aching cock. He watched it finish changing into the proper shape for a badger, not that he had ever noticed an animal's cock before, but he guessed this was the right shape, given what was happening. His cock was growing huge and it demanded attention. His mind became simpler in thought as he began to stroke himself with a clawed hand that rivaled that of the ursine animorphs. Lustfully, he began to lick and suck on his own cock. Inside of his mind 'Mac the Man', the extremely heterosexual human male, was disgusted by what was happening, but 'Blocker the Badger' was in complete bliss. He was reliving his swollen balls of he last vestiges of Mac's human genetics. Blocker the Badger kneaded and fondled his balls with one growing clawed hand and pumped the elongated shaft with the other. If Mac had, had a cell mate, male or female, he would be releasing his load into whichever hole was first presented. It's what made the milking machines so easy to use; the animorph would bliss out and provide as much semen as the beast could pump out before it was sated. The beast didn't care as long as its sexual needs were fulfilled. Mac the Man went into a sort of hypnotic state as the Blocker the Badger gained complete control. The badger licked up and sucked down the last drops of human seed and was coaxing out the first badger-man sperm.

By the time Mac Blocker the badger-man had regained the balance in his mind between beast and man and could think clearly again, he was completely transformed.

Mac didn't like being changed against his will, but he had to admit, he had the best of both worlds now. Mack had been a stocky man since he was in high school and was on the wrestling team. His time in the army had just increased his muscular, stocky physique. Now, he noted that he was much more powerful than he had been before. That bastard Rothman had only done him a favor. He heard Billy and George in the other rooms. Though the rooms were generally sound proof to the human ear, his new ears were picking up their grunts and moans and garbled words that sounded like, "Oh, fuck, yeah!" and "God that's good!". He guessed the milking machines were providing them with the same kind of distraction his auto-fellatio had provided for him and he knew that the machine would still be attached and he'd still be blissfully shooting out loads if he hadn't acted so quickly.

In retrospect, sucking one's own cock wasn't that bad and he had rather enjoyed it. He had bragged to his buddies that if he could do such a thing, he'd never leave the house. Well, he found now that, that wasn't quite true. He wanted out of this cell more than he wanted to suck his cock again, though at the thought of doing it, his huge badger cock gave a jerk and his balls tingled in anticipation.

He'd fix Rothman, but first he had to get out of here and free his partners. George's new bulk and raw power would be of great use and Billy's new agility and wiry strength could help them all get out of here. The problem now was this: Mac the Man knew that his codes had been locked out by now, but he had a secret code he hadn't bothered telling anyone about that could free him he just needed to get to the keypad. Upon examining Blocker the Badger's hands, he realized it would be awhile before he was dexterous enough with the clawed hands to use them without hitting the wrong keys. He knew that if he were to break the reinforced glass, which he could easily do, he might reach the keypad by the door. But if he hit the wrong sequence, it would activate alarms and flood his cell with a neurotoxin that would kill him in seconds. The antechamber just before the holding cell would activate the air-tight seals against the gas and the solid steel doors would be locked tight as a bank vault.

There wasn't any immunity to that and it didn't matter how strong you were. He'd seen the same toxin used on test subjects to insure it's effectiveness on mammalian, reptilian and avian life. He'd also seen it used on animorphs and it was quite effective. Basic biology didn't change, just because you were a hybrid of two mammals. The neurotransmitters still required certain chemicals to function. These cells weren't the local county jail; they were designed to contain biohazard level life-forms, so Mac Blocker had to be careful.

Everything would be just fine, if he could just see to punch the keypad and if he could reach the keypad. There were no reflective surfaces in the antechamber and none available in the cell that he could squeeze through the 8"x8" window after he'd broken out the reinforced glass. Even the milker had been automatically retracted to a place he couldn't get to it when he'd removed if from his groin.

Mac was sure he could do it; he just needed to figure out how. He sat and calmed himself, he had a plan. As he thought it through, he heard George and Billy in the throes of their final orgasm. He heard the milkers shut off and then he heard loud snoring. It was George was most certainly, the man had been his friend for years and he'd heard him snore many times when he'd fall asleep in Mac's recliner after dinner. He'd given Mac a job and stepped aside when this promotion came up so that Mac could take it. George said he was old, he had enough pay and he didn't need the headache. That was partly true, George had, had heart bypass surgery and he probably couldn't have taken the stress. George had been like a father to him and he was angered that Rothman had punished him, punished them, buy making them experiments for the army's use. It was Mac's fault that George and Billy too, were in this mess. He was just too ambitious. If it weren't for him talking them into selling out to Transgene, they'd both be home now, same as they had always been and not on their way to a breeding program.

Mac put aside all his anger and concern, mostly for George, and concentrated on the task ahead; he realized the incredible risk he was about to take.

Re:Go wild! (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#26210747)

[citation needed]

"Citation needed" LOL (0, Redundant)

davidwr (791652) | more than 4 years ago | (#26211411)

Mod parent +1 funny grandparent -6 loser.

SSL/TLS need more info (1, Informative)

mlwmohawk (801821) | more than 4 years ago | (#26210691)

I never liked the notion of "trusted" certs. I have always built my own certs. While I can't read the article, I would say it is an obvious vulnerability in host naming.

SSL/TLS is mathematically secure. I mean, yes, it really is. You can trust that aspect of it. It breaks down in practice where secrets need to be kept secret or in areas where strict adherence to good practices are vital but not done.

Re:SSL/TLS need more info (1)

neumayr (819083) | more than 4 years ago | (#26210767)

So you tell your browser to only trust those certs you manually accepted?
Kind of a big hassle, don't you think? You really expect the average web user to go through that process?

That being said, it is rather irrelevant to the encryption scheme if it's mathematically secure, but vulnerable to a breakdown of the way it's organized. It's broken either way.

Re:SSL/TLS need more info (1)

somersault (912633) | more than 4 years ago | (#26210919)

So you tell your browser to only trust those certs you manually accepted?
Kind of a big hassle, don't you think? You really expect the average web user to go through that process?

How often do you visit completely new secure sites? Not that often unless you're a crazy shopaholic who likes to try out new online stores every day. He didn't say that the average user should do it though, just that he himself prefers that method. Me, I think I'll drop COMODO from my trusted certs for the moment..

Re:SSL/TLS need more info (1)

mlwmohawk (801821) | more than 4 years ago | (#26210939)

So you tell your browser to only trust those certs you manually accepted?
Kind of a big hassle, don't you think? You really expect the average web user to go through that process?

Well, its more complicated than that. The mechanism is broken because the process by which you get a cert is the same process in which you use one.

In a "secure" environment, you install the cert. Then you use it.

That being said, it is rather irrelevant to the encryption scheme if it's mathematically secure, but vulnerable to a breakdown of the way it's organized. It's broken either way.

This is true. There needs to be a mechanism by which "certificates" are downloaded separate and individually and securely.

I would like to see a non-profit organization that allows people and companies to register downloadable certs for free or at a minimal cost.

Each site can create its own certs and register them with, say, mozilla.org, and browsers go there for certs rather than download them rather than from the potentially spoofed site.

Right now self signed certs are problematic because there is no mechanism for trusting their download, and the companies in charge of managing certs are too expensive or too restrictive for small sites or special projects.

Re:SSL/TLS need more info (1)

bunratty (545641) | more than 4 years ago | (#26211079)

A few months ago, I got a certificate signed by a CA [rapidsslonline.com] that is trusted by essentially all browsers. The cost was $15 per year. They even bothered to check that I had access to the admin's account on the server I was requesting the cert for. How is $15 per year too expensive for a small site or special project?

Re:SSL/TLS need more info (1)

mlwmohawk (801821) | more than 4 years ago | (#26211145)

How is $15 per year too expensive for a small site or special project?

That's actually pretty cheap, I'd seen them for $250 and high per year. Still, I'd rather see a non-profit organization instead.

Re:SSL/TLS need more info (1)

bunratty (545641) | more than 4 years ago | (#26211299)

Well, there's CAcert [cacert.org] , but they are not listed as a trusted CA in any browser. StartSSL [startssl.com] , which is a commercial company, issues certificates for free and they are trusted by Mozilla browsers currently. But as far as I know, if you want a cert that's trusted by default in all modern browsers, you'll need to pay a few bucks.

Re:SSL/TLS need more info (1)

cjb658 (1235986) | more than 4 years ago | (#26211565)

Like this one [cacert.org] ?

Their root certificate needs to be installed first though.

Re:SSL/TLS need more info (1)

neumayr (819083) | more than 4 years ago | (#26211135)

I would like to see a non-profit organization that allows people and companies to register downloadable certs for free or at a minimal cost.

Each site can create its own certs and register them with, say, mozilla.org, and browsers go there for certs rather than download them rather than from the potentially spoofed site.

That would introduce another point of failure, and be rather expensive. Giving people or browsers a way to at least check the cert's fingerprint would be cheaper and afaik just as effective.

Right now self signed certs are problematic because there is no mechanism for trusting their download, and the companies in charge of managing certs are too expensive or too restrictive for small sites or special projects.

In the case of special projects, I think they ought to have secure communication channels they could use to distribute their certs.
I don't know about small sites though. If they don't have a limited audience and therefore no way of distributing their certs securely, but absolutely must encrypt/authenticate their traffic, I guess there's no real way short of actually paying for their cert.
Self signed certs suck, they just educate the user to simply accept whatever SSL warning their browser throws at them.

Re:SSL/TLS need more info (1)

mlwmohawk (801821) | more than 4 years ago | (#26211211)

That would introduce another point of failure, and be rather expensive. Giving people or browsers a way to at least check the cert's fingerprint would be cheaper and afaik just as effective.

Yes and no. Say it is mozilla.org. A single TRUSTED source for certs separate from the actual site makes it very difficult for a MITM to spoof.

Self signed certs suck, they just educate the user to simply accept whatever SSL warning their browser throws at them.

That's precisely my point, self-signed certs are far more secure in theory, but there is no mechanism to use them securely.

In thinking about it, it should be the job of ICANN or the top level domain registrar to host certs for your domain. That way, there is a TRUSTED mechanism for obtaining self-signed certs.

Re:SSL/TLS need more info (1)

Nursie (632944) | more than 4 years ago | (#26211375)

"That's precisely my point, self-signed certs are far more secure in theory, but there is no mechanism to use them securely."

This is a confusing use of terminology.

Strictly speaking, a self-signed certificate is one that has been used to sign itself. Using one of these for a server is not supported by all SSL implementations and is, IMHO, "a bad thing"(TM) to do simply from the angle of conventions.

However, if you mean that creating your own private CA certificate and using it to sign a server cert, then getting the user to import the CA cert public key rather than the self-signed cert itself, that's fine, and just as secure.

Re:SSL/TLS need more info (1)

rhsanborn (773855) | more than 4 years ago | (#26210843)

SSL/TLS is secure for encrypting data between two known, trusted entities. It's using these as a form of identification that is an issue. Even that may not be so much an issue as the policies that cert issuers use to identify domain holders isn't very thorough and is a pretty poor foundation on which to base a global internet trust system.

Re:SSL/TLS need more info (1)

neumayr (819083) | more than 4 years ago | (#26210947)

Yes well, encryption loses much of its appeal if it doesn't also correctly authenticate the communicating entities.
Those policies cert issuers use or, as it seems, sometimes ignore, are a part of the encryption scheme's organization. Which is broken, breaking the scheme.

nothing new (0)

Anonymous Coward | more than 4 years ago | (#26210745)

Getting your own certs isn't hard. My test firm has both SSL Certs and Code Signing Certs.

Re:nothing new (2, Informative)

neumayr (819083) | more than 4 years ago | (#26210787)

The author's point was that he could get a signed cert the says mozilla.org.
Should have tried paypal.com, but I guess he didn't want too much legal trouble.

Re:nothing new (1)

somersault (912633) | more than 4 years ago | (#26210961)

With a certificate for mozilla.org and a knowledge of security procedures couldn't he release his own patch to install back doors into a very significant number of browsers and thereby have access to the username and password for millions of paypal, online shopping and banking accounts?

Re:nothing new (1)

bunratty (545641) | more than 4 years ago | (#26211011)

I suppose it would be possible to get the username and password of someone who has write access to the source code repository. On the other hand, it's open source, so many would notice the backdoors being put into the source code. If any builds were created that had the backdoors, they would be quickly deleted.

Re:nothing new (1)

somersault (912633) | more than 4 years ago | (#26211203)

I was thinking more that he sends out a fake update message and pretends to be mozilla.org, nothing to do with the real repositories necessary? Probably would require DNS cache poisoning and such too though, I'm no expert on security.

I call BS (0)

Anonymous Coward | more than 4 years ago | (#26210871)

my guess it is either phishing, a router compromise, someone taken over their DNS or a transparent proxy somewhere that is redirecting to alternate sites with a valid cert. This is not news people if your upstream is compromised.

Sensationalist - reroute & self signed certs (3, Interesting)

owlstead (636356) | more than 4 years ago | (#26210923)

What's so perfect about the attack listed? It clearly shows up that the certificate is not trusted. With the new and improved, (and for me, irritating) screens of Firefox, where you are clearly warned, this should not be such a big problem.

What I don't get is that they do not try and locate the idiot trying to do this. Because that is one of the problems with these kind of man in the middle attacks - a single person that does actively goes after you can do some damage. This makes such attacks harder to perform, even if they are technically feasible.

Maybe they should make it even clearer that you should not use self signed certificates for banks and such, but this is far away from the IE bug that let leaf certificates (with some missing key usages) sign other certificates with any URL.

I've created one of those attacks on a corporate LAN (just for show, using a proxy) ages ago. Guess that made me a script kiddie :)

Re:Sensationalist - reroute & self signed cert (1)

owlstead (636356) | more than 4 years ago | (#26210937)

This is a very old, already solved IE bug, sorry if that's confused anyone.

Re:Sensationalist - reroute & self signed cert (4, Insightful)

bunratty (545641) | more than 4 years ago | (#26210979)

In the perfect attack, the certificate is issued by a trusted certificate authority, so no warning is shown. It truly is a perfect MITM attack. We do know exactly who is issuing certificates without verifying the identify of the individuals requesting them. It's time for browser makers to remove some trusted CAs from their lists so users can be secure.

Re:Sensationalist - reroute & self signed cert (1, Insightful)

Anonymous Coward | more than 4 years ago | (#26211265)

actually, simply 'removing' a ca isn't quite sufficient, i think we're better served by remembering the ca with a note that it is NOT trusted.

otherwise a user can just go back and add it again.

wrong - parent didn't read before commenting (0)

Anonymous Coward | more than 4 years ago | (#26211103)

the response here is sensationalist and irresponsible; this is a real attack possible due to a CA that is violating contracts and trust

Re:wrong - parent didn't read before commenting (1)

owlstead (636356) | more than 4 years ago | (#26211141)

From the link (firefox bug report):

ALL web pages I have to sign in to (or sometimes just visit) say this and I
have to manually add the certificate by:
1. Clicking on the blue wording at the bottom
2. clicking on the add exception button
3. click get certificate
4. confirm the certificate

Once I do this, it does not pop back up for that specific page, but it is quite
annoying! I am using the firefox 3.1, but it did this with 3.0 and before. I am
using wireless internet (over an unsecured wireless network - basically
bumming). I am also using Windows XP and I formatted my hard drive last night
because I got a bug. So it's like I'm using a brand new computer.
It did this for facebook, myspace, hotmail, my college's network, and more.

Am I missing something here?

Re:wrong - parent didn't read before commenting (1)

owlstead (636356) | more than 4 years ago | (#26211239)

Seems that the "perfect" attack would be a combination of a bad CA and this attack. Of course, that you can reroute traffic from access points is not new. So what *is* actually new? Maybe the notion that it is too easy to get certificates from some CA's, but the article is not directly about that It's a bit of a shame that I still cannot read all the articles, maybe there is more information in there. But the Firefox bug report does not show a perfect attack, so why is it referred to?

Oh well, disabled the capabilities of the Comodo certificates, lets see which web sites use those.

Re:wrong - parent didn't read before commenting (1)

totally bogus dude (1040246) | more than 4 years ago | (#26211367)

It's referred to as an example that MitM attacks against SSL sites do actually occur in real life, and it's not just a theoretical vulnerability that nobody actually tries to exploit.

This probably isn't news to many people, but it might be, and so is probably worth pointing out.

The fact that it does actually happen combined with the fact that Comodo apparently issue certificates without any validation checking whatsoever is what prompts the "Perfect MITM attacks" headline. i.e. it's trying to make it clear that this is actually a real threat. At least, for bums using other people's APs. ;)

Re:wrong - parent didn't read before commenting (0)

Anonymous Coward | more than 4 years ago | (#26211269)

Am I missing something here?

Yes. Something is seriously wrong with that.

Re:Sensationalist - reroute & self signed cert (1)

complete loony (663508) | more than 4 years ago | (#26211561)

To make it a perfect attack you need to either compromise DNS / BGP or sit in the middle of the data stream. I'm guessing the authors example does not do these things, so firefox and any other browser should complain. But if you were to setup a server with the fake mozilla.org cert and then redirect mozilla.org to this server via your hosts file, your browser would not complain at all.

Use your OWN certs... or use CACert.org's (3, Interesting)

fibrewire (1132953) | more than 4 years ago | (#26211019)

CAcert certificates are pretty nice because they are FREE!!! even if they need to become a little more responsible in the near future. The cool thing about "Free" is the value is in innovation, because it's the only way to survive being free in the first place. Maybe tie CAcerts to an OpenID??? Honestly, you get what you pay for... friends... hookers... etc.

Sounds familiar (1)

sy5t3m (1349857) | more than 4 years ago | (#26211513)

Something about being issued a certificate for a domain you don't own sounds real familiar.

Oh yeah, I got issued some fake certs by startcom last time there was a story about SSL and firefox. Certs that would have allowed a perfect MITM attack against FF users.

So perhaps startcom should be looking again at their free SSL certs instead of posting lines like this on the previous blog posting:
"Dear beloved Mozilla community and brave know-all, freedom-loving geeks, please get yourself legitimate SSL certificates for your sites - you can get them freely from StartCom without paying a dime."

Anyone pulling off MITM attacks in the first place could easily target the startcom servers so that emails to microsoft.com actually end up in the attackers inbox. They only need that one email to receive the fake cert. Not as easy as simply asking for the cert, sure, but it's hardly a secure way to issue certs.

which (1, Insightful)

Anonymous Coward | more than 4 years ago | (#26211581)

Which CA is this, and how do I disable it in safari?

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?