Forgot your password?
typodupeerror
Security Government The Internet United Kingdom IT Technology

Rogue SSL Certs Issued For CIA, MI6, Mossad 152

Posted by timothy
from the usual-suspectors dept.
Orome1 writes with this excerpt from Help Net Security: "The number of rogue SSL certificates issued by Dutch CA DigiNotar has ballooned from one to a couple dozen to over 250 to 531 in just a few days. As Jacob Appelbaum of the Tor project shared the full list of the rogue certificates, it became clear that fraudulent certificates for domains of a number of intelligence agencies from around the world were also issued during the CA's compromise — including the CIA, MI6 and Mossad. Additional targeted domains include Facebook, Yahoo!, Microsoft, Skype, Twitter, Tor, Wordpress and many others."
This discussion has been archived. No new comments can be posted.

Rogue SSL Certs Issued For CIA, MI6, Mossad

Comments Filter:
  • Can we move on now? (Score:5, Interesting)

    by ka9dgx (72702) on Monday September 05, 2011 @02:02PM (#37309644) Homepage Journal

    We've now had proof positive that no centralized trust system is workable against a sustained attack. Can we start to get some distributed trust systems in place, instead? The idea of a single proof of identity has failed. It's time to move on to a system that allows multiple checks and balances.

    Monocultures are great for creating massive failures, which is why nature wipes them out over time.

  • by Anonymous Coward on Monday September 05, 2011 @02:03PM (#37309648)

    Delete all your root certs. Add sites on an individual basis.

  • by nweaver (113078) on Monday September 05, 2011 @02:12PM (#37309698) Homepage

    The root of the problem (pun intended) is NOT that the SSL/TLS certificate hierarchy is a centralized trust, but that there are hundreds of roots of trust, any one of which may be compromised, and all of which are considered equally valid by the browser.

    Who outside of the Netherlands even heard about DigiNotar before this happened?

    This is why some people like the idea of using DNSSEC for distributing key material: there exists only a single valid path of trust to a single root for a key associated with any given name: its actually more centralized than SSL/TLS, which is what is desired.

  • by elsurexiste (1758620) on Monday September 05, 2011 @02:17PM (#37309744) Journal

    That may very well work for you or your organization. Not so much for third parties or the internet, which is the case here. I mean... would you trust a bank's homepage if it's self-signed?

  • Re:Wow... (Score:5, Interesting)

    by FriendlyLurker (50431) on Monday September 05, 2011 @02:18PM (#37309746)

    Related: Forget Rogue, Microsoft handed ability to intercept SSL on windows [google.com] (Another Wikileaks revelation [google.com], translated) to Tunisian dictator Ben Ali, apparently in return for contracts, stifling open source competition etc etc in Tunisia and allowing them to intercept Facebook, Google,... before the Arab spring revolution took place.

  • by mellon (7048) on Monday September 05, 2011 @02:18PM (#37309750) Homepage

    The trouble with this is that it makes the root cert *insanely* valuable if we start using it in the way you describe. As a practical matter, there needs to be some additional system in place to provide a backstop for the root, so that merely compromising the root is not enough to successfully spoof every domain. DNSSEC + SSL CA is actually not a bad idea. But I am really worried about the push to use DNSSEC as the new single point of failure.

  • by Zerth (26112) on Monday September 05, 2011 @02:21PM (#37309766)

    If I could pick up the cert from a local branch or by taking a picture of a barcode on the screen of an ATM, probably.

  • by Sancho (17056) * on Monday September 05, 2011 @02:37PM (#37309880) Homepage

    its actually more centralized than SSL/TLS, which is what is desired

    Centralization only works if you place a high amount of trust in the central organization. Do you trust ICANN? Do you trust .us? .ir? .uk?

    The CA system is only broken because there are weak links. The client trusts 200 CAs, and any one of them can sign for any domain. But what if we required 2 CAs to agree? 5? 10? It would be up to the admins of the server to decide how many CAs they wanted to use, and users could decide for themselves how many are required to agree in order to consider the cert valid.

    Moxie Marlinspike has some other ideas that sound pretty neat. Unfortunately, at first glance, his techniques seem to also rely on SSL, creating a chicken-and-egg problem. I may have been misunderstanding him, though.

  • by Anonymous Coward on Monday September 05, 2011 @02:52PM (#37309964)

    See this statement:
    http://www.4-traders.com/VASCO-DATA-SEC-USD-11275/news/VASCO-DATA-SEC-USD-VASCO-DigiNotar-Statement-13782237/

  • Re:Wow... (Score:5, Interesting)

    by BCoates (512464) on Monday September 05, 2011 @05:21PM (#37310906)

    Not really. Any government can get their state CA included in the windows root CA list just for the asking. OSX and Firefox are slightly more restrictive, but not in a useful way, they allow lots of state CAs as well.

    This is a broad problem with the HTTPS system, too many unrestricted root CAs with no concern for realistic security scenarios.

    This is not a good system, but it has nothing to do with Tunisia. The wikileaks cable you posted doesn't even talk about SSL, just about how using supported Microsoft software in the government will make the government more effective at everything, including domestic espionage.

"Catch a wave and you're sitting on top of the world." - The Beach Boys

Working...