Rogue SSL Certs Issued For CIA, MI6, Mossad 152
Orome1 writes with this excerpt from Help Net Security: "The number of rogue SSL certificates issued by Dutch CA DigiNotar has ballooned from one to a couple dozen to over 250 to 531 in just a few days. As Jacob Appelbaum of the Tor project shared the full list of the rogue certificates, it became clear that fraudulent certificates for domains of a number of intelligence agencies from around the world were also issued during the CA's compromise — including the CIA, MI6 and Mossad. Additional targeted domains include Facebook, Yahoo!, Microsoft, Skype, Twitter, Tor, Wordpress and many others."
F-secure has a partial list (Score:5, Informative)
It may not be complete, but, F-secure has a list [f-secure.com] of the ones created, including *.*.com, *.*.org, www.cia.gov, addons.mozilla.org, *.torproject.org, etc...
Re:Wow... (Score:5, Informative)
Re:PGP-based system? (Score:4, Informative)
Self-signed certs are an improvement because they're harder to forge or steal. In case you haven't been paying attention over the last few years, we have this thing called Distributed Verification AKA an SSL Notary system to prevent MITM attacks.
The centrally controlled system of CAs relies on perfect security at the CA (which as we've seen, they don't have) and a constant game of whack-a-mole to revoke certs. Long story short we have to stop using certs for authentication, it was a stupid idea but we all crossed our fingers and hoped it could work, but as we can see now, it can't. It's better to just use a self-signed cert that can't be stolen or forged at your choice of a few convenient locations and use distributed verification to prevent MITM attacks. That way you know you have an encrypted connection between your PC and the web host using the same cert other people around the world are seeing, and that's the most you can hope for without sending out-of-channel information (which isn't the worst idea in the world, BTW) or relying on some idiotic system of "trust dealers" like CAs which are just a disaster waiting to happen.
Re:Draw the consequences (Score:4, Informative)
For a start, webbrowsers should notify users if a certificate was replaced, even if the replacement is signed.
Certificate Patrol [mozilla.org] for Firefox.
"This add-on reveals when certificates are updated, so you can ensure it was a legitimate change."
The UI is good too. Certificate Patrol, along with NoScript and Cookie Monster [mozilla.org], is a major reason to use Firefox.
X.509 handling is largely neglected by UI designers, not just in web browsers.
Sometime clients actually have options like "[x] Accept all certificates".
Alternatives (Score:4, Informative)
There has been a lot of push at the recent DEFCON conferences, and associated conversation since, to look at alternatives to the current CA system. Moxie Marlinspike [twitter.com] has been pushing a remote-view notary system called which is currently a Firefox plug, and [convergence.io]Dan Kaminsky has been pushing for DNSSEC. [twitter.com]
There has been an awful lot of discussion [stackexchange.com] about the technical details of SSL certificates on the Security StackExchange [stackexchange.com] (Stack Overflow cousin) website, including the related blog post I penned: A Risk-Based Look at Fixing the Certificate Authority Problem [blogoverflow.com].