Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Rogue SSL Certs Issued For CIA, MI6, Mossad

timothy posted more than 2 years ago | from the usual-suspectors dept.

Security 152

Orome1 writes with this excerpt from Help Net Security: "The number of rogue SSL certificates issued by Dutch CA DigiNotar has ballooned from one to a couple dozen to over 250 to 531 in just a few days. As Jacob Appelbaum of the Tor project shared the full list of the rogue certificates, it became clear that fraudulent certificates for domains of a number of intelligence agencies from around the world were also issued during the CA's compromise — including the CIA, MI6 and Mossad. Additional targeted domains include Facebook, Yahoo!, Microsoft, Skype, Twitter, Tor, Wordpress and many others."

cancel ×

152 comments

Sorry! There are no comments related to the filter you selected.

Wow... (1)

fuzzyfuzzyfungus (1223518) | more than 2 years ago | (#37309618)

"*.*.com". I could really use a wildcard cert that wild...

Re:Wow... (5, Interesting)

FriendlyLurker (50431) | more than 2 years ago | (#37309746)

Related: Forget Rogue, Microsoft handed ability to intercept SSL on windows [google.com] (Another Wikileaks revelation [google.com] , translated) to Tunisian dictator Ben Ali, apparently in return for contracts, stifling open source competition etc etc in Tunisia and allowing them to intercept Facebook, Google,... before the Arab spring revolution took place.

Re:Wow... (1)

Arancaytar (966377) | more than 2 years ago | (#37310686)

Ben Ali should ask for his money back.

Re:Wow... (4, Interesting)

BCoates (512464) | more than 2 years ago | (#37310906)

Not really. Any government can get their state CA included in the windows root CA list just for the asking. OSX and Firefox are slightly more restrictive, but not in a useful way, they allow lots of state CAs as well.

This is a broad problem with the HTTPS system, too many unrestricted root CAs with no concern for realistic security scenarios.

This is not a good system, but it has nothing to do with Tunisia. The wikileaks cable you posted doesn't even talk about SSL, just about how using supported Microsoft software in the government will make the government more effective at everything, including domestic espionage.

that needs to be a slashdot story (1)

decora (1710862) | more than 2 years ago | (#37310910)

... im trying to google around a little bit to write one, but im frankly exhausted.

Re:Wow... (2)

yakatz (1176317) | more than 2 years ago | (#37309844)

Unfortunately (or fortunately, depending on your point of view), most browsers do not support nested-wildcard certificates.
(I have tried it).
The CA I usually use catches it and warns you, but some other CAs take your money and leave you with a mostly-useless certificate.

Here we go again (1)

Mensa Babe (675349) | more than 2 years ago | (#37309912)

I have written many times about it (here [slashdot.org] and here [slashdot.org] in just the last week) and usually my messages get ignored for some reason but the point is that it shouldn't be surprising at all that intelligence agencies are using false certificates just like I am not surprised that they are using false passports. This is the way such agencies work. They have been doing this since the Gutenberg and there is no reason they should stop now. If you don't like it then just use hard-coded certificates for the most important sites that you use and get over it.

Re:Here we go again (1)

Kagura (843695) | more than 2 years ago | (#37310804)

I believe the CIA, Mossad, MI6, etc. are ALL using fraudulent SSL certs when they require it. However, there is no proof that these specific organizations are involved in the Diginotar mess. It's not good to throw around speculated information like it's the truth.

PGP-based system? (1)

ksd1337 (1029386) | more than 2 years ago | (#37309620)

I wonder. Would it be possible to create a system that used PGP instead of SSL/trust-hierarchy? I would think it'd be a lot more secure, not to mention easier to use.

Re:PGP-based system? (1)

GameboyRMH (1153867) | more than 2 years ago | (#37309804)

How would handing out PGP keys be any different from using self-signed certs? Although it's obvious now that self-signed certs would definitely be an improvement.

Re:PGP-based system? (1)

Dahamma (304068) | more than 2 years ago | (#37309938)

How would using self-signed certs be an improvement? As long as the CAs that do this are revoked it seems like it would still be a more secure system than requiring the end user to manually trust every single HTTPS site on the internet. Most users would never know the difference from a spoofed web site with a self-signed certificate vs a spoofed web site with a CA-signed certificate...

Re:PGP-based system? (3, Informative)

GameboyRMH (1153867) | more than 2 years ago | (#37310038)

Self-signed certs are an improvement because they're harder to forge or steal. In case you haven't been paying attention over the last few years, we have this thing called Distributed Verification AKA an SSL Notary system to prevent MITM attacks.

The centrally controlled system of CAs relies on perfect security at the CA (which as we've seen, they don't have) and a constant game of whack-a-mole to revoke certs. Long story short we have to stop using certs for authentication, it was a stupid idea but we all crossed our fingers and hoped it could work, but as we can see now, it can't. It's better to just use a self-signed cert that can't be stolen or forged at your choice of a few convenient locations and use distributed verification to prevent MITM attacks. That way you know you have an encrypted connection between your PC and the web host using the same cert other people around the world are seeing, and that's the most you can hope for without sending out-of-channel information (which isn't the worst idea in the world, BTW) or relying on some idiotic system of "trust dealers" like CAs which are just a disaster waiting to happen.

Re:PGP-based system? (1)

iluvcapra (782887) | more than 2 years ago | (#37310104)

PGP at least has a mechanism for webs of trust, so if two or three of your trusted friends trusted bankofamerica.com you would be able to trust it yourself, and if you wanted to verify it yourself you could go to a branch and witness the fingerprint, hopefully posted somewhere in plain sight but where it can't be easily tampered with, like behind the teller glass.

For most people the trust of three friends, or the trust gained by obtaining a fingerprint at the brick-and-mortar branch would be more than sufficient for most kinds of commerce. But it's not boneheaded simple, and it requires you to undertake your own trust process, so there's a stumbling block and most people wouldn't bother.

OTOH, The system we have now, where system software and hardware vendors promulgate trust is acceptable -- if you don't trust your hardware or OS vendor, you're screwed no matter how you look at it, because a hardware/OS vendor can always circumvent software security. The problem is when a root authority suddenly is discovered as untrustworthy, in which case people have to go through an manually revoke certs. But in PGP, if you suddenly found one of the agents in your web of trust was a malefactor, you just end up with the same problem.

Re:PGP-based system? (2)

GameboyRMH (1153867) | more than 2 years ago | (#37310134)

And how is this web of trust better than a distributed verification system like Perspectives / Convergence? I think asking Average Joe users to attend key signing parties is a bit much

Re:PGP-based system? (1)

avgjoe62 (558860) | more than 2 years ago | (#37310170)

Did someone say a key party? I'm there, as long as there are hot chicks too!

This pisses me off (1)

cc1984_ (1096355) | more than 2 years ago | (#37309624)

It pisses me off how I have to jump through so many damn hoops only to get a false sense of security. We might as well go to using self signed certs as the norm for all the added security CAs give us.

well managed self-signed certs are safer (3, Insightful)

YesIAmAScript (886271) | more than 2 years ago | (#37309654)

At least you know how many and which certs were issued from an authority that you run yourself.

The chain of trust is only as strong as the weakest link in the chain.

Re:well managed self-signed certs are safer (5, Interesting)

elsurexiste (1758620) | more than 2 years ago | (#37309744)

That may very well work for you or your organization. Not so much for third parties or the internet, which is the case here. I mean... would you trust a bank's homepage if it's self-signed?

Re:well managed self-signed certs are safer (4, Interesting)

Zerth (26112) | more than 2 years ago | (#37309766)

If I could pick up the cert from a local branch or by taking a picture of a barcode on the screen of an ATM, probably.

Re:well managed self-signed certs are safer (1)

Dahamma (304068) | more than 2 years ago | (#37310022)

But that would basically limit all of your online transactions to businesses with a local office within driving range. Not many people are going to be willing to fly to Seattle just to get a cert to buy something online from Amazon...

Re:well managed self-signed certs are safer (1)

YesIAmAScript (886271) | more than 2 years ago | (#37310152)

Then you talk to a bank agent over they phone and they read you the fingerprint of the self-signed cert. You verify it and if you believe this person works for the bank, you're done.

The problems with the system have been not within PKI, but the verification of trustworthiness. As a part of fixing this, each of us may have to work a little bit harder in order to establish that we trust a certificate. In fact many would say it is the unwillingness to make this effort that led us to this mess.

Re:well managed self-signed certs are safer (2)

elsurexiste (1758620) | more than 2 years ago | (#37310762)

I would rather say we rely on CAs to avoid the hassle. If I trust "X", and "X" says I can trust "Y", that should be enough. I think dropping the hierarchical scheme and adopting a distributed scheme is better than individual verification (most people don't understand what is good for them anyways).

Re:well managed self-signed certs are safer (1)

Dahamma (304068) | more than 2 years ago | (#37311290)

if you believe this person works for the bank, you're done.

Which still means there is plenty of room for social engineering/hacking. It's still about trust, and talking to someone on the phone doesn't change that.

It's debatable whether this would result in better or worse security, but it's not debatable that the costs in time and money over the current system would skyrocket. Every company on the planet wanting to do online transactions needing customer service reps available any time someone wants to verify their certificates? And besides, 90% of Internet users don't understand and don't want to understand how it all works, anyway.

It's the same sort of issue as with credit cards - the whole system is amazingly unsecure and prone to fraud, but the credit card companies don't have incentive to improve it because the reduced fraud that would result in a better system doesn't outweigh the costs (in development, as well as - more significantly - convenience to the customer, ie. extra revenue) involved.

Re:well managed self-signed certs are safer (1)

perlchild (582235) | more than 2 years ago | (#37309812)

It's not havoc, it's just more work.
Just revoke all the "root" certs in current use, and you're back to the basic:
VERIFY (once, and then once they expire) every trusted cert you use, and sign them with your own key.
Others in this thread mention validating the keys offline, which, for your bank, might make a lot more sense than trusting a third party.

Re:well managed self-signed certs are safer (2)

rtaylor (70602) | more than 2 years ago | (#37310098)

How does manual verification help the bulk of the population identify fake certs?

Re:well managed self-signed certs are safer (1)

grahammm (9083) | more than 2 years ago | (#37310694)

It would help if the browsers warned if a site sends a different certificate than the previous time(s) you visited the site. To handle certificate expiry, a certificate could also be accepted if it is signed by the one already held by the browser. That way if someone did set up a MITM attack, anyone who had previously visited the site would be warned that something may be amiss. For the 'popular' sites like Google, facebaook, Amazon etc. it is very likely that a large number of people would have the certificate prior to the setting up of the MITM and the alarm would be quickly raised.

Re:well managed self-signed certs are safer (0)

Anonymous Coward | more than 2 years ago | (#37311100)

how would that work if I change CAs? My current certificate is signed by GoDaddy, and I get a new certificate from NetworkSolutions. The certificates are valid, they get installed properly, and your detector still says there's a problem because I changed CAs.

Unless there's field in the certificate that I don't know about that allows you to tie a replacement certificiate to the one it's replacing.

Re:well managed self-signed certs are safer (0)

Anonymous Coward | more than 2 years ago | (#37309848)

Self Signed certs are fine to encrypt traffic so that a third party can't see what is transmitted between you and the WWW site, but it does nothing to prevent man in the middle attacks, or give me trust that the WWW site I am talking to is really who I think it is. There will always need to be some sort of centralized "trusted org".

The problem is that Firefox now ships with more than 75 diffferent "builtin trusted CAs" any one of which can sign a certificate for mybank.com. Combine that with the DNS poisoning attack that just affected ups.com and theregister.com, etc. and there is no security what-so-ever.

The big question is how do I have 100% trust that the cert I have in my possession is really from mybank.com?

Re:well managed self-signed certs are safer (1)

GameboyRMH (1153867) | more than 2 years ago | (#37309944)

The big question is how do I have 100% trust that the cert I have in my possession is really from mybank.com?

A CA cert doesn't offer authentication either, when black hats and governments can issue themselves fraudulent certificates to impersonate those websites.

Re:well managed self-signed certs are safer (2)

plover (150551) | more than 2 years ago | (#37310846)

No, you don't need a centralized trusted org. That is the entire point between the "web of trust" of PGP. I sign my own key and rate it level 4. I sign the keys of my best friends, employer, and the banks where I do business and rate them a level 3. I sign the keys of retail stores where I'm a customer, and the keys of casual acquaintances level 2. I sign the keys of people I know only on the web and rate them no higher than level 1 or 0.

Now, when you are trying to evaluate the key of www.shadybank.com, you can look at their signers. You can say "I see that my good buddy Fred signed your key, and I trust him at level 3, therefore I'll trust you to level 2." You can say "I see that four friends who all trust you at level 2 have signed your key, so I'll trust you at level 1" or even "I see that I have a dozen friends at level 2 all signed your key, so I'll also trust you at level 2." You could say "I trusted this site at level 0 for a transaction last year, and I've used them three times since and didn't get my ID stolen, so I'm going to bump them to a 1." Or you could even happen by the offices of ShadyBank, examine the framed key they have posted on the wall, and decide to bump your trust level to 3 anyway.

The point is that you can establish your own criteria for figuring out whether or not you want to trust a third party. You assign levels of trust to people and organizations you trust. And you place your trust in those who you think deserve it. Today, you get whatever random crap the CAs sign. And you get all of the crappy CAs built into your browser, including diginotar, and who knows who else?

I'm thinking I'd like a "web of trust" of CAs. I have no idea which ones to trust, and I'm not sure I trust the Mozilla Foundation or Microsoft or Google to pick the trustworthy ones. Instead, if I could have ratings from my friends saying "GoDaddy is a good CA, but Diginotar is crappy", I could use that.

Extended validation certificates (2)

sakdoctor (1087155) | more than 2 years ago | (#37309722)

Extended validation certificates were definitely a step in the right direction, with a pretty green favicon background.
But that wasn't enough. So we went to Ultra-yotta-analprobed-extented-validated-certificates with a plaid favicon background, thus fixing the problem forever.

Can we move on now? (5, Interesting)

ka9dgx (72702) | more than 2 years ago | (#37309644)

We've now had proof positive that no centralized trust system is workable against a sustained attack. Can we start to get some distributed trust systems in place, instead? The idea of a single proof of identity has failed. It's time to move on to a system that allows multiple checks and balances.

Monocultures are great for creating massive failures, which is why nature wipes them out over time.

Re:Can we move on now? (2, Interesting)

Anonymous Coward | more than 2 years ago | (#37309648)

Delete all your root certs. Add sites on an individual basis.

But its NOT centralized trust... (4, Interesting)

nweaver (113078) | more than 2 years ago | (#37309698)

The root of the problem (pun intended) is NOT that the SSL/TLS certificate hierarchy is a centralized trust, but that there are hundreds of roots of trust, any one of which may be compromised, and all of which are considered equally valid by the browser.

Who outside of the Netherlands even heard about DigiNotar before this happened?

This is why some people like the idea of using DNSSEC for distributing key material: there exists only a single valid path of trust to a single root for a key associated with any given name: its actually more centralized than SSL/TLS, which is what is desired.

Re:But its NOT centralized trust... (3, Interesting)

mellon (7048) | more than 2 years ago | (#37309750)

The trouble with this is that it makes the root cert *insanely* valuable if we start using it in the way you describe. As a practical matter, there needs to be some additional system in place to provide a backstop for the root, so that merely compromising the root is not enough to successfully spoof every domain. DNSSEC + SSL CA is actually not a bad idea. But I am really worried about the push to use DNSSEC as the new single point of failure.

Re:But its NOT centralized trust... (0)

Anonymous Coward | more than 2 years ago | (#37309896)

ROOT only signs top level domains. Like .COM, .NET and country level domains. There is actually very little need for root cert to be anything remotely connected to anything.

It would be much simpler to hijack .COM or another top level domain in DNSSEC scenario than the ROOT. But then a new .COM could be generated and every registrar would re-issue. Actually, key rollovers are something that's been thought up as very important part of DNSSEC, while many CA roots have keys that do not expire for decades.

Re:But its NOT centralized trust... (3, Interesting)

Sancho (17056) | more than 2 years ago | (#37309880)

its actually more centralized than SSL/TLS, which is what is desired

Centralization only works if you place a high amount of trust in the central organization. Do you trust ICANN? Do you trust .us? .ir? .uk?

The CA system is only broken because there are weak links. The client trusts 200 CAs, and any one of them can sign for any domain. But what if we required 2 CAs to agree? 5? 10? It would be up to the admins of the server to decide how many CAs they wanted to use, and users could decide for themselves how many are required to agree in order to consider the cert valid.

Moxie Marlinspike has some other ideas that sound pretty neat. Unfortunately, at first glance, his techniques seem to also rely on SSL, creating a chicken-and-egg problem. I may have been misunderstanding him, though.

Re:But its NOT centralized trust... (2)

AlXtreme (223728) | more than 2 years ago | (#37310334)

But what if we required 2 CAs to agree? 5? 10? It would be up to the admins of the server to decide how many CAs they wanted to use, and users could decide for themselves how many are required to agree in order to consider the cert valid.

Interesting, but all that would do is spur companies to automatically obtain multiple certificates from multiple CAs. If such a system were compromised we'd be in the same situation as now.

Perhaps both avenues are required: Each CA may only service one tld (so a compromise at a .nl CA would not put Iranians at risk via bogus .com certificates, partitioning the trust each CA can give) and extra security by having certificates signed by multiple CAs. You could even image browsers expanding their current flawed color-coding: 2 CAs = yellow, 5 = half-green/half-yellow, 10 = full-green.

But even then the skeptic in me knows that the DigiNotar's of such a system will still be able to screw it up...

Re:But its NOT centralized trust... (1)

Sancho (17056) | more than 2 years ago | (#37310500)

Good additions/modifications to the idea.

Re:But its NOT centralized trust... (1)

Junta (36770) | more than 2 years ago | (#37310560)

Interesting, but all that would do is spur companies to automatically obtain multiple certificates from multiple CAs. If such a system were compromised we'd be in the same situation as now.

Uhh, no, a single CA being compromised would be meaningless, you'd have to compromise as many authorities as is required to trust a cert, and do so within a time period short enough to avoid at least one of those being revoked/removed from browsers.

Re:But its NOT centralized trust... (0)

Anonymous Coward | more than 2 years ago | (#37310000)

How about instead of re-centralizing, we decentralize more.
Right now, trust originates with the user, flows to the OS or browser maker that specifies their trusted CAs, and from there is multiplied out to hundreds of certificate authorities. So we have hundreds of single parties that can break the whole system.

Instead of multiplying the trust and distributing it to each of them, we should divide the trust and distribute it over all of them. So, in order to be trusted, a site must have certificates from some significant fraction of the CA's trusted by a given piece of software. That way we'd still have hundreds of parties, but none of them could break the system without conspiring with many others.

All the infrastructure is already there, browser makers just need to start displaying the fraction of CAs a site has certificates from in some obscure corner or the UI and warn sites that that obscure number will turn into a big yellow pop-over warning in x months so that they can get their additional certificates in order.

Re:But its NOT centralized trust... (1)

Anonymous Coward | more than 2 years ago | (#37310544)

...Who outside of the Netherlands even heard about DigiNotar before this happened?...

I'm dutch. I never heard of them before this event. Though, now they went from being one of the many unknown (to the general public) service companies to being a very well known and very badly managed company.

Re:But its NOT centralized trust... (2)

Junta (36770) | more than 2 years ago | (#37310610)

: its actually more centralized than SSL/TLS, which is what is desired.

The key is not the centralization or de-centralization (though a system without well-defined roots of trust or in which the end-user is responsible for tracking the validity of the roots of trust would be bad). The issue at hand is DNSSEC has no concept of validation beyond DNS cache lifetimes. If an authority key is compromised, then you push out your fixed keys and the threat ages out of the system in relatively short order. 100% OSCP with unforgiving clients would be the most trivial fix to this mess. If you think that can't be accomplished, then DNSSEC is certainly never going to pan out as the same people not doing it right with x509 today aren't going to do it right with DNSSEC either. DNSSEC is only promising now because it is not ubiquitous. The people doing it are intrinsically interested in security and therefore no one is yet watering down the security for various 'practical' concerns.

Re:But its NOT centralized trust... (1)

incense (63332) | more than 2 years ago | (#37311182)

The root of the problem (pun intended) is NOT that the SSL/TLS certificate hierarchy is a centralized trust, but that there are hundreds of roots of trust, any one of which may be compromised,

The problem is the consequences when a centralized trust is broken. In principle, the number of roots does not matter (even if in real life, it makes it easier to find a viable attack route), because the root of the evil is that it will suffice to break a single point.

A proper design would make sure that even in the case of successful hackers, rogue employees, silent break-and-entry by foreign intelligence agencies or hostile government take-overs, the consequences would not be dire.

This is why some people like the idea of using DNSSEC for distributing key material: there exists only a single valid path of trust to a single root for a key associated with any given name: its actually more centralized than SSL/TLS, which is what is desired.

Even though based on false premises (IMHO), your conclusion is intriguing. Would you kindly explain which threats dnssec will remove?

Re:Can we move on now? (2)

Ken_g6 (775014) | more than 2 years ago | (#37309994)

Can we start to get some distributed trust systems in place, instead?

I suggest getting some Perspectives [mozilla.org] on the whole issue. Not only does it bypass warnings about self-signed certs, it gives an extra warning if a secure site looks hinky despite a valid cert.

Re:Can we move on now? (1)

Junta (36770) | more than 2 years ago | (#37310530)

The problem is not "centralized trust". The problem is a mix of x509 evolving but not mandating behavior (in the web context, CRL should be completely sunset and OSCP should be mandatory) and half-assing implementations today in the name of convenience (OSCP implementations are likely to ignore errors instead of failing validation, treating only an explicit 'invalid' as evidence of a problem. The root of the problem is a third party authority is used frequently without checking in with that authority. A system *more* distributed than x509 without changing any other characteristic would be trivial to suffer this sort of attack.

shadow Internet (1)

Gothmolly (148874) | more than 2 years ago | (#37309658)

Who really trusts any of the "free" sites like Google and Yahoo mail with anything secure? There's an entire separate network, of loosely coupled sites, often IP only, running on cable modems, etc where people can communicate - IRC, MUDs, private hosted sites, all with self-signed certs and the trustworthiness of the operators is all you have to go on. Thing IP version of the original BBS days. It's all a cycle.

Way past time... (1)

Frosty Piss (770223) | more than 2 years ago | (#37309666)

Time to drop DigiNotar from trusted cert list?

Re:Way past time... (2)

maxume (22995) | more than 2 years ago | (#37309734)

Uh, it pretty much already happened.

(That is, Microsoft, Google, Mozilla, etc., have dropped them, the various logistics are shaking out as we speak.)

Re:Way past time... (0)

Anonymous Coward | more than 2 years ago | (#37309856)

Uh, it pretty much already happened.

(That is, Microsoft, Google, Mozilla, etc., have dropped them, the various logistics are shaking out as we speak.)

Is that true? I heard that they only blacklisted the 200+ specific certificates that were publicly known to have been breached.

Re:Way past time... (2)

Nick Ives (317) | more than 2 years ago | (#37309904)

I've just checked my certs in Chrome and DigiNotar isn't there. I've got the "check for server certificate revocation" option ticked, which I guess must be on by default.

Re:Way past time... (1)

Inda (580031) | more than 2 years ago | (#37310414)

I deleted mine a few days back, when we were all told to.

Just checked FF6.0.1 and they're back. What's happened?

Re:Way past time... (1)

pootypeople (212497) | more than 2 years ago | (#37310924)

I believe that's only for Vista+ -- XP would have to have a patch.

Can them! (1)

simpleguy (5686) | more than 2 years ago | (#37309670)

There is no reason for this company to keep operating after such gross negligence. Any criminal liability here?

Re:Can them! (0)

Anonymous Coward | more than 2 years ago | (#37309816)

All browsers and the Dutch gov ditched them. They'll soon be bankrupt. Well deserved.

Re:Can them! (1)

plover (150551) | more than 2 years ago | (#37311092)

I'm concerned about Vasco, their parent company. They sell hardware and software authentication systems like DIGIPASS and IDENTIKEY, things that are used to protect bank accounts, transit systems, etc. Is there or could there be any cross pollination attack? Were DigiNotar certs used to sign any of the DIGIPASS hardware or software? Do any of the existing DIGIPASS solutions have the DigiNotar certificate baked into them?

F-secure has a partial list (5, Informative)

nweaver (113078) | more than 2 years ago | (#37309672)

It may not be complete, but, F-secure has a list [f-secure.com] of the ones created, including *.*.com, *.*.org, www.cia.gov, addons.mozilla.org, *.torproject.org, etc...

Re:F-secure has a partial list (0)

Anonymous Coward | more than 2 years ago | (#37309826)

Even more reason to nuke the Mushie bastards off the face of the planet

Re:F-secure has a partial list (3, Insightful)

AVee (557523) | more than 2 years ago | (#37309864)

I'm kind of perplexed by the *.*.com certificate, is there any use in having such a cert? Realistically there is no (legitimate) reason for such a certificate to exist. Is there any software around that will actually accept certificates which are that broad? I mean, if there ever is a clear giveaway for a MITM attack it would be a certificate like that.

Re:F-secure has a partial list (2)

Jeremy Erwin (2054) | more than 2 years ago | (#37309952)

There may be add-on for mozilla that supports wildcard certificates. And since addons.mozilla.org is associated with an alternative certificate, well...

Re:F-secure has a partial list (2)

rtfa-troll (1340807) | more than 2 years ago | (#37310738)

including *.*.com, *.*.org, www.cia.gov, addons.mozilla.org, *.torproject.org, etc...

err.. forget all those. There's only one you need to know: www.update.microsoft.com

Ownage.

Re:F-secure has a partial list (0)

Anonymous Coward | more than 2 years ago | (#37311004)

You don't need a list of domains, just invalidate the compromised root certificates. Because there are so many roots, this shouldn't affect more than a small portion of the Internet.

Consider me naive... (0)

Anonymous Coward | more than 2 years ago | (#37309678)

I would like to think the CIA, MI6, Mossad certificates being rogue isn't that big of a deal. *Surely* such organizations don't rely on 3rd party certificate creation for anything other than their public facing data (web sites only).

The commercial certificate issue is quite worrisome however.

Re:Consider me naive... (2)

anglico (1232406) | more than 2 years ago | (#37309738)

According to this [pcworld.com] article:
"Actually I think the secret service domains are the least alarming part. It's sexy, and will probably lead to a lot of questions and interest from government agencies. Of course, nobody wants to get caught with their pants down, but there's really no classified information on these domains. Those are on separate, secured internal networks. So the practical security impact of the Iranian government getting a certificate for the CIA is nill. It's really just very embarrassing, that's all," said Soghoian in an interview with Webwereld.

Re:Consider me naive... (1)

Mateorabi (108522) | more than 2 years ago | (#37310330)

obligatory [xkcd.com]

Draw the consequences (2, Insightful)

jeti (105266) | more than 2 years ago | (#37309710)

You can't trust the root CAs. The whole infrastructure is broken and needs to be replaced with something else.

For a start, webbrowsers should notify users if a certificate was replaced, even if the replacement is signed. And browsers shouldn't go into full panic mode over self-signed certs. They're still safer than using an unencrypted connection.

Re:Draw the consequences (2)

mellon (7048) | more than 2 years ago | (#37309774)

YES. User interface is at least as important as tech in security: if you have a bad UI, it doesn't matter how secure the infrastructure is, because people will use the bad UI to bypass it.

There are some problems with self-signed certs, but they can be addressed by a better UI. You don't want users to get into the habit of clicking through self-signed certs. But an intelligently thought-ought security model here would be a huge win, because as you say, self-signed certs do add value, particularly in a world where HTTP authentication sends passwords in the clear (or effectively in the clear, depending on which model you use).

Re:Draw the consequences (3, Informative)

xororand (860319) | more than 2 years ago | (#37310642)

For a start, webbrowsers should notify users if a certificate was replaced, even if the replacement is signed.

Certificate Patrol [mozilla.org] for Firefox.
"This add-on reveals when certificates are updated, so you can ensure it was a legitimate change."
The UI is good too. Certificate Patrol, along with NoScript and Cookie Monster [mozilla.org] , is a major reason to use Firefox.

X.509 handling is largely neglected by UI designers, not just in web browsers.
Sometime clients actually have options like "[x] Accept all certificates".

Re:Draw the consequences (0)

Anonymous Coward | more than 2 years ago | (#37310864)

> And browsers shouldn't go into full panic mode over self-signed certs. They're still safer than using an unencrypted connection.

No they aren't.

Encryption without authentication simply means that you are able to communicate securely with your attacker.

MitM isn't some theoretical attack solely of interest to cryptographers. It's by far the most likely form of real-world attack against data in transit.

time to fix it. (1)

markhahn (122033) | more than 2 years ago | (#37309716)

the SSL industry is a nasty piece of work - typical extort-what-the-market-will-bear flavor of non-equilibrium capitalism.

all DNS should be PK-signed and encrypted, and SSL should just use pubkeys found in DNS. a domain owner should be able to establish their own keys, signed by the domain key (which is in turn signed by their registrar as part of registration.)

capitalism isn't the answer (2)

YesIAmAScript (886271) | more than 2 years ago | (#37309806)

This is capitalism. Digitnotar screws up so they won't be able to charge money anymore.

What you've described is exactly what we have right now except for the pubkeys in DNS part.

A domain owner does establish their own keys, you generate a key pair and send it to the registrar to be signed.

The problem right now isn't lack of capitalism. It isn't that you can't establish your own key.

The problem is that there 150 registrars you might trust to certify a site. One of them is valid and the other 149 are just opportunities to get fooled by bogus certs. And the system doesn't even try to make it easier to figure out which is which.

Re:time to fix it. (1)

fuzzyfuzzyfungus (1223518) | more than 2 years ago | (#37309858)

Trouble is, what semblence of decency the CAs possess is preserved largely because of the fact that there are so many, more or less completely interchangeable, competitors out there. As long as you don't want some gold-embossed-hologram-edition Verisign EV cert, you can always find some shoddy CA who is far more user-friendly than security would desire.

The registrars, by contrast, are no less sleazy; but the more you reduce their interchangeability, in the pursuit of security, the less incentive they have to even pretend to care about dealing pleasantly with customers.

Re:time to fix it. (1)

Billly Gates (198444) | more than 2 years ago | (#37309888)

SecureDNS has been in the RFC stage for awhile. But guess who is in charge of the DNS servers? The american government. If they became a CA as well they would have immense powers that other countires would not like.

Also DNS cache poisoning attacks could put in fake CA and fingerprints redirecting users to fake bank sites and things of that nature. True you can do that today and man in the middle attacks have been done successfully before but a CA is used as a weapon agaisnt this. I remember 6 to 8 years ago that one site with the correct URL would look funny. I would do a IPconfig /renew all and then the correct site showed up for the url! Most ISPs have better security but still that is an issue that a CA can help with. Now it is one source and would get a fake CA on top of that.

Facebook (1)

royallthefourth (1564389) | more than 2 years ago | (#37309730)

Joke's on them since Facebook still doesn't support SSL!

Re:Facebook (2)

mellon (7048) | more than 2 years ago | (#37309786)

Yeah it does. Go look at your account settings again. I've been using SSL on facebook for several months now.

Joke's on you (0)

Anonymous Coward | more than 2 years ago | (#37310546)

Joke's on you. Not only have you missed a slashdot article or two on the subject, but you also failed to discover it through simpler means.

Why is Mossad listed together with CIA and MI6?! (0)

Anonymous Coward | more than 2 years ago | (#37309756)

Why is Mossad listed together with CIA, and MI6?!

What is the cultural connection, today?!

For CIA, I can see the NYC connection... ;)

There is NO apparent connection between The United Kingdom and today's Israel, beyond courtesy.

Why does this undercover crap even exist?!

It surely cannot be in the interest of Britains, can it, seriously? The Murdochs? Well, the daughter is still in charge of her businees, the old man, and the son... Oh, nothing happened! So, there is an apparent connection between The United Kingdom and today's Israel, beyond courtesy. Sad day, again.

Re:Why is Mossad listed together with CIA and MI6? (1)

fuzzyfuzzyfungus (1223518) | more than 2 years ago | (#37309866)

Umm... because they are all clandestine entities that Iran has togetherness problems with?

..and now you know: (1)

kheldan (1460303) | more than 2 years ago | (#37309788)

..that the Mossad has a website on the public Internet.

Couldn't find Ziva's picture, though; I'm SO dissappointed!

Re:..and now you know: (0)

Anonymous Coward | more than 2 years ago | (#37309930)

..that the Mossad has a website on the public Internet.

Couldn't find Ziva's picture, though; I'm SO dissappointed!

Agreed. A sad day indeed when Israel's intelligence agency (Mossad) fails to post a photograph of their single greatest asset in the Western World. Heck, she managed to openly infiltrate a US government intelligence agency (NCIS) and even become a US citizen while having a father as the head of Mossad. Damn, where is my photograph of Ziva Davide.

Trust noone (1)

udachny (2454394) | more than 2 years ago | (#37309810)

You cannot trust a single point of failure to handle security. Trust cannot be assigned it must be earned. If we are to move forward, we must admit past mistakes. self signed certificates + distributed verification system Who can be against more security but those who stand to lose if more security is implemented?

Re:Trust noone (1)

GameboyRMH (1153867) | more than 2 years ago | (#37309878)

This. We need to get distributed verification systems into all the mainstream browsers. Once the popular free browsers have it the commercial browsers will follow suit so they don't lag too far behind. Then we can transition from CA certs to self-signed certs. The CAs only had their good industry record to stand on and now that's gone, there's no possible reason to stay with them.

Sound crazy? HTTPS as we know it today started as a feature some dude tossed into Netscape Navigator.

Spy agencies (1)

Billly Gates (198444) | more than 2 years ago | (#37309842)

My guess is this is not a hacker out to steal credit cards, but rather a foreign government like North Korea, China, or even Israel if they are targeting such sites.

North Korea in particular is known to steal money too with World of Warcraft gold scams to give money back to Kim Jong Ill. Facebook and Twitter targeting also indicate spying. China would have a keen interest in this.

Either way this is dangerous and could have been going on for awhile. I agree we need some sort of key pair trusted relationship that is more secure. A CA wont work and my fear is the government (American) would love to be this new authority for a secure DNS like system.

Vasco is scared shitless and rightfully so (2, Interesting)

Anonymous Coward | more than 2 years ago | (#37309964)

See this statement:
http://www.4-traders.com/VASCO-DATA-SEC-USD-11275/news/VASCO-DATA-SEC-USD-VASCO-DigiNotar-Statement-13782237/

Re:Vasco is scared shitless and rightfully so (0)

Anonymous Coward | more than 2 years ago | (#37310782)

Why do they only talk about their own revenue and do not even mention the lives they have put in danger?
They even issued a release saying they want to work with the Dutch government to restore the trust in their organisation...

Forget it! Diginotar is gone, finished. The best Vasco can do is quickly close it before it becomes too widely associated with this mess.

Security and convenience (0)

Anonymous Coward | more than 2 years ago | (#37310040)

Security, in any shape or form, never has been and never will be about user convenience. Simple logic and some reading is all it takes. You don't need a computer science degree to figure that one out.

Re:Security and convenience (1)

JamesTRexx (675890) | more than 2 years ago | (#37310300)

And this is why I feel Diginotar should be red with shame.
Missing virusscanners on servers, easy passwords, unpatched software. There's no way in hell I'd let such negligence take place in a company responsible for such an important piece of security.
Why hasn't the CSO been frothing at his mouth with anger at this?

I love it ! (1)

ianare (1132971) | more than 2 years ago | (#37310068)

We're finally living in the future : "Iranian cyber-agents have compromised the secure communications link of Western Powers, partly as an effort to monitor activities of their own cyber-citizens and also as retaliation for an earlier Trojan horse computer virus attack which destroyed Iranian nuclear processing equipment".

Flying cars and Linux on the desktop anytime now !

Re:I love it ! (0)

Anonymous Coward | more than 2 years ago | (#37310692)

Don't be unreasonable, Linux on the Desktop is at least 10 years out.

Presumably the CIA, NSA, et al generate own certs? (1)

kfogel (1041) | more than 2 years ago | (#37310418)

Presumably the Three Letter Agencies generate their own cert chains themselves, and employees manually confirm the fingerprints and tell their browsers to trust those custom certs? In other words, their internal sensitive data shouldn't be at risk of exposure due to the DigiNotar problems, because they'd be crazy to depend on a cert root that they didn't generate anyway. I can see how this whole fiasco might make a difference for some non-employee accessing a CIA (or whichever) web site, but other than that, it shouldn't be significant for the TLAs... right?

-Karl Fogel

Re:Presumably the CIA, NSA, et al generate own cer (2)

rtfa-troll (1340807) | more than 2 years ago | (#37310848)

The Three Letter Agencies generate their own cert chains themselves (except those outsourced by the Shiva program), and employees used to manually confirm the fingerprints and tell their browsers to trust those custom certs plus those of their Sri Lankan support agency; Chinese contractors and another 5375 certificates from old contracts that nobody can remember which ones matter any more? In other words, their internal sensitive data shouldn't be at greater than commercially acceptable risk of exposure due to the DigiNotar problems, because they'd have been be crazy to depend on a cert root that they didn't generate in the days when they could afford to spend time defending the USA and not just chasing down evil anti-globalisation and other protesters anyway whilst having to spend hours a day listening to whining from prisoners they're torturing. I can see how this whole fiasco might make a difference for some non-employee accessing a CIA (or whichever) web site, but other than that, it shouldn't be significant for the TLAs senior management... right?

-Karl Fogel

FTFY. Sorry about the loss of conciseness.

The Mossad's web site is unclassified (1)

HonestButCurious (1306021) | more than 2 years ago | (#37310430)

It's just a front end for their recruiting staff. They post wanted ads there - and then advertise the same ads in Israeli newspapers.

Re:The Mossad's web site is unclassified (1)

PPH (736903) | more than 2 years ago | (#37311280)

So when somebody applies for a job at Mossad, there's a change that they went in through a phony site that collects their identities before directing them to the legit job listings. The operators of that phony site now have a list of potential employees.

(De)Centralization isn't the problem (1)

ilsaloving (1534307) | more than 2 years ago | (#37310478)

How centralized/decentralized the system is, isn't the problem. The problem is the lack of verification. Every one of the issuers is trusted to operate independently, with no overside or validation. What boggles my mind is that they are even able to issue certificates for domains that have already had certificates issued by someone else.

I'm not surprised that that an issuer got hacked. The only unhackable computer is one that is shut off and physically disconnected from the electrical outlet (you can't trust PDUs either, after all...). What does surprise me is that there is no peer review mechanism in place.

First investigation report now public (0)

Anonymous Coward | more than 2 years ago | (#37310722)

Published on Dutch government website: http://www.rijksoverheid.nl/bestanden/documenten-en-publicaties/rapporten/2011/09/05/fox-it-operation-black-tulip/rapport-fox-it-operation-black-tulip-v1-0.pdf

Alternatives (3, Informative)

autocracy (192714) | more than 2 years ago | (#37310974)

There has been a lot of push at the recent DEFCON conferences, and associated conversation since, to look at alternatives to the current CA system. Moxie Marlinspike [twitter.com] has been pushing a remote-view notary system called which is currently a Firefox plug, and [convergence.io] Dan Kaminsky has been pushing for DNSSEC. [twitter.com]

There has been an awful lot of discussion [stackexchange.com] about the technical details of SSL certificates on the Security StackExchange [stackexchange.com] (Stack Overflow cousin) website, including the related blog post I penned: A Risk-Based Look at Fixing the Certificate Authority Problem [blogoverflow.com] .

Diginotar's responses: irritating (1)

AaronLawrence (600990) | more than 2 years ago | (#37311024)

On Diginotar's site you can barely tell anything happened, except for a small "security incident" press release.
They are still trying to minimise it when it seems likely the whole company will be shut down for complete failure.
Cowards.

Re:Diginotar's responses: irritating (0)

Anonymous Coward | more than 2 years ago | (#37311246)

The problem is for all of the truly innocent companies that have certifictates issued by DigiNotar.

Is is feasible to get a certificate for www.thisexample.org issued by multple CAs?

If I generate 4 CSRs for www.thisexample.org and send each of them to a different CA to be signed, will I end up with 4 equivalent certificates that differ only in the certificate chain?

if I then pick one to use, and that CA then gets hacked, I can simply install a different CAs certificate and continue operations and let the certificate signed by the offending CA.

Yes, it increases my cost by a factor of 4, but would keep me online even if three of the CA's were removed from all browsers.

Unfortunately, this only works properly if all browsers verify all certificate chains all of the time.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>