What the SSL?

One of the most serious attacks on internet infrastructure occoured a few days ago, and as the Canadian media don’t seem to want to report on it, I will, as it seems only those in the industry in Canada are aware. This will likely change in the internet landscape generally, and has the potential for larger implications!

A quick backgrounder; if you’re using a plain text protocol, other people can see everything you do on the internet. For example, if you’re surfing the web (http://something in your browser) or checking your email (pop3 or imap), anyone in the area could be reading or logging everything you do. Many people use these insecure protocols, although they shouldn’t. Anyone can download wireshark, tcpdump or firesheep for free and watch what their network neighbours are doing. Providers should have fixed this a long time ago, but most haven’t. Anything that uses authentication, that you don’t want the world to be able to read, should be using SSL. This is often done by adding a suffix of the letter “s”. For example, next time you login to a website, make sure the URL starts with https:// instead of http:// in the URL bar at the top of your browser. When checking your email, use pop3s or imaps. If this is Greek to you, ask your local techy to verify this for you. For this to work correctly, you have to trust the remote host; this is done currently by the usage of certificates using public key infrastructure (PKI), that have been signed by a certificate authority (CA).

Your web browser (Firefox, Chrome, Safari, Opera, Internet Explorer etc) by default trusts at least 30 CAs (homework: how many CAs does your browser have built into it to automatically trust?). This means that any certificate that is signed by one of these CAs, your web browser now trusts. I’ve never been a fan of the CA model, as why should I trust some company just because it pays $100s of thousands of dollars to be trusted? However there aren’t many models to use, the other one right now is called a Web of Trust (WoT) where I’d have to choose the sites I trust or not, but I’ll explain that model in some other post. There are other potential solutions, like the hierarchy model that Dr. Radia Perlman proposes (similar to DNS).

If I haven’t lost you yet, let’s look into how people hack into computer systems these days, at the user level this is usually done by browser based attacks; most people don’t run something like NoScript, and so trust everything flash and java that exists. You shouldn’t. On the server side, most attacks are done by something called SQL injection, injecting something into a database that shouldn’t be accepted.

Recently an Iranian successfully ran an SQL injection into a system, and after poking around the hacked system discovered this was a pretty hot target, it was a CA called Comodo! What did he do when he realized this? He created himself some certificates, and had Comodo sign them, knowing that whatever the names of the certificates were, he could pretend to be that site to anyone on the internet, and their browser would most likely trust it was the real one. He was clever, he didn’t pick small targets:

Comodo has since verified, note this was as of March 23rd:

9 certificates were issued as follows:

Domain:  mail.google.com    [NOT seen live on the internet]

Serial:  047ECBE9FCA55F7BD09EAE36E10CAE1E

 

Domain:  www.google.com [NOT seen live on the internet]

Serial:  00F5C86AF36162F13A64F54F6DC9587C06

 

Domain:  login.yahoo.com  [Seen live on the internet]

Serial:  00D7558FDAF5F1105BB213282B707729A3

 

Domain:  login.yahoo.com    [NOT seen live on the internet]

Serial:  392A434F0E07DF1F8AA305DE34E0C229

 

Domain:  login.yahoo.com     [NOT seen live on the internet]

Serial:  3E75CED46B693021218830AE86A82A71

 

Domain:  login.skype.com     [NOT seen live on the internet]

Serial:  00E9028B9578E415DC1A710A2B88154447

 

Domain:  addons.mozilla.org     [NOT seen live on the internet]

Serial:  009239D5348F40D1695A745470E1F23F43

 

Domain:  login.live.com     [NOT seen live on the internet]

Serial:  00B0B7133ED096F9B56FAE91C874BD3AC0

 

Domain:  global trustee     [NOT seen live on the internet]

Serial:  00D8F35F4EB7872B2DAB0692E315382FB0

 

Wow. That has an amazing amount of potential for trouble, don’t you think? The login.yahoo.com certificate has already been seen used in the wild! This should be one of the biggest news stories you’ve heard about all week, why hasn’t it been? There are some really interesting questions to ask here:

  • Was this done by a state controlled actor, or really by the self professed Iranian student? Scroll to the end of this Comodo report which has a provocative suggestion
  • How much can still be done with these certificates?
  • Can we still trust the CA model as it exists today? As usual, @ioerror has some insight on the issue.

In case this wasn’t real enough, today the attacker has posted the private key online of addons.mozilla.org, and then as I disclosed on twitter, he appears to have created a twitter account and insists on proving it was him. When I contacted him the attacker via email, going by the name Sun Ich, he replied, “…there is a lot of vulnerable CAs, I got some other stuff”.