DigiNotar SSL Breach
You probably heard about the breach of the DigiNotar SSL certificate authority by now. In the process, a fraudulent certificate was issued for *.google.com and there is some evidence that the certificate was used to intercept traffic from Iran.
The reason we haven't really written about this so far is that we are somewhat struggling with the advice we should give you.
First of all: The SSL "race to the bottom" CA model is broken. Fraudulent certificates have been issues before, even without breaching a CA's systems.
But what can you do to replace or re-enforce SSL? Lots go over some of the options:
One possibility is to remove the DigiNotar CA from the list of trusted CAs. The problem with this approach is that now legitimate certificates, signed by DigiNotar, will no longer validate. The last thing you want to do IMHO is to get users accustomed to bypassing these warnings. I am not sure how popular DigiNotar is, so maybe it is an option in this case.
Certificate revocation lists are supposed to solve this problem. But they are not always reliable. However, for high profile breaches like this one, expect a browser patch that adds the certificate to a blocklist. Apply the patch as it becomes available.
Use DNSSEC. DNSSEC provides an alternative means to validate that you are connecting to the correct site. It is not perfect either, but somewhat complimentary to SSL and the two together provide some meaningful protect. Sadly, it is not up to you to enable DNSSEC on most sites you connect to.
There are a number of browser plugins that implement reputation systems. I am not sure how well they work. They are pretty new. One that gained some traction is Convergence, which will compare the certificate you received with certificates others received from the same site. How well this works (in particular: false positives...) will yet need to be shown.
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
Application Security: Securing Web Apps, APIs, and Microservices | Online | US Eastern | Jan 27th - Feb 1st 2025 |
Comments
Will that even work with IE? I read somewhere that if a CA root is missing that IE will silently download and install it if it's on Microsoft's OK list.
JJ
Aug 30th 2011
1 decade ago
DNSSEC only really says "for this hostname contact this IP". If you contact the IP, but the packets are transparently intercepted and redirected to a proxy with the correct cert information, you're still screwed.
RFC 4255 specifies a way to put SSH host key hashes into DNS to prevent interception issues, but I haven't been able to find a similar way of putting SSL key hashes into DNS, which in combination with DNSSEC would be further along the path to ensuring end-to-end security. I'm sure people will find a way around even that however :(
Gary P
Aug 30th 2011
1 decade ago
Could be modified like this:
# delete certificate
$store = new-object system.security.cryptography.x509certificates.x509Store 'Root', 'LocalMachine'
$store.Open('ReadWrite')
$certs = @(dir cert:\localmachine\root | ? { $_.Subject -like '*diginotar*' })
foreach ($cert in $certs) {$store.Remove($cert)}
$store.close()
Fire that off via advertisement in SCCM every hour or so in case it gets readded before the patch comes out.
Again, this doesn't really help. All it will do is drop the users to the IE warning page, but if we educate users to think before they click, or at least warn them that if they hit it, to be careful, I think we'll be ok.
Jeff H.
Aug 30th 2011
1 decade ago
The other major alternative is the Perspectives firefox addon: http://perspectives-project.org/. It has 'notaries' that view the same site from different locations on the web and check to see if the certificate is the same. I plan to be trying it soon.
In the medium-term, some combination of the two approaches above would work. In the long term the solution is to overhaul SSL in some way. One idea I heard is to allow a certificate to be signed by multiple CAs, indicating different levels of security: Major companies such as banks or Google should be using 3 or more, whereas my random web forum doesn't really need more than one.
GSE
Aug 30th 2011
1 decade ago
kdb
Aug 30th 2011
1 decade ago
Adam
Aug 30th 2011
1 decade ago
Instead of "deleting" the certificate, disable all usages of the cert / trust of the cert.
Ensure your organization uses group policy to prevent users from bypassing certificate warnings on users' browser.
Mysid
Aug 30th 2011
1 decade ago
pwobbe
Aug 31st 2011
1 decade ago
"...breach affected Mozilla [addons] and at least four other organizations. Fraudulent certificates for Yahoo.com, the Tor Project, WordPress and the Baladin blogging service"
http://www.theregister.co.uk/2011/08/31/more_site_certificates_forged/
Steven
Aug 31st 2011
1 decade ago