Vulnerabilities / Threats
9/6/2011
12:10 PM
50%
50%

Are Digital Certificates Doomed?

Certificates are fundamental to the Web's SSL security model. But the recent DigiNotar attack and Comodo hacks show that the system must be strengthened, experts say.

Have digital certificates become too unwieldy to be trusted?

Such certificates are fundamental to the SSL security model employed on the Web and ensure that users have a secure, encrypted connection directly to the website they're visiting. But if attackers hack into certificate authorities and issue false certificates for legitimate websites, all bets are off, not least when it comes to eavesdropping.

Beginning in July, for example, fraudulently obtained digital certificates--issued by Dutch certificate authority DigiNotar--were used to launch man-in-the-middle attacks against Gmail users. Successful exploits would have resulted in attackers being able to read targeted people's email.

"This attack illustrates one of the many security problems with SSL: there are too many single points of trust," said Bruce Schneier, chief security technology officer of BT, in a blog post. In other words, subvert any of those points of trust and security fails.

In the case of DigiNotar, the Dutch certificate authority (CA) didn't discover--never mind own up to--its security breaches until their scale had reached quite large proportions. Then again, according to preliminary results of an audit into the breach commissioned by the Dutch government, DigiNotar practiced poor information security, including no centralized logging, no centralization of critical components, out-of-date and unpatched software, and an administrator password that could have been easily compromised via a brute-force attack, said Chester Wisniewski, a senior security advisor at Sophos Canada, in a blog post. Furthermore, "all of the certificate servers belonged to one Windows domain, allowing the compromise of one administrator account to control everything," he said.

Based on those revelations, the Dutch government seized control of DigiNotar, which is owned by Chicago-based Vasco. Dutch prosecutors said they were evaluating whether to pursue DigiNotar officials for criminal negligence.

Interestingly, the damaging exploit--at least in the time required by businesses such as Google, Microsoft, and Mozilla to code patches--resulted from the exploitation of a certificate authority that saw revenues of less than 100,000 British pounds ($141,000) for the first six months of 2011, according to a statement released last week by Vasco. That statement also promised that DigiNotar "expects to have a solution for its entire customer base before the end of this business week" and that it "expects that the cost of this action will be minimal."

In a subsequent, undated damage control letter to investors, however, Vasco changed its tone, saying that while the company had acquired DigiNotar in January 2011, and planned to fully integrate the DigiNotar's products into its own by 2012, Vasco's own products remained "100% DigiNotar-free."

In other words, DigiNotar appears to be doomed. On Friday, Mozilla released an unprecedented statement saying that it was permanently blocking every DigiNotar certificate, forever. "In an incident earlier this year we worked with Comodo to block a set of mis-issued certificates that were detected, contained, and reported to us immediately," said Jonathan Nightingale, director of Firefox engineering in a blog post. "In DigiNotar's case, by contrast, we have no confidence that the problem had been contained. Furthermore, their failure to notify leaves us deeply concerned about our ability to protect our users from future breaches." Google and Microsoft have likewise begun permanently blocking DigiNotar's certificates.

DigiNotar was punished because it failed to come clean quickly. "The integrity of the SSL system cannot be maintained in secrecy," said Nightingale. "Incidents like this one demonstrate the need for active, immediate, and comprehensive communication between CAs and software vendors to keep our collective users safe online."

But the exploit of DigiNotar shows how easy it is to subvert SSL, as well as the serious repercussions that can result even when clear lines of communication exist. Might that lead to reform--or possibly regulation--of certificate authorities? "Now that someone (presumably from Iran) has obtained a legit HTTPS cert for CIA.gov, I wonder if the US gov will pay attention to this mess," said Christopher Soghoian, a graduate fellow at the Center for Applied Cybersecurity Research at Indiana University, via Twitter on Saturday.

On Monday, Roel Schouwenberg, a senior antivirus researcher at Kaspersky Lab, said in a blog post that the DigiNotar hack would have a political impact equal to Stuxnet, and "put cyberwar on or near the top of the political agenda of Western governments." Furthermore, he suggested that DigiNotar wasn't an isolated event. "With some 500 authorities out there globally it's hard to believe DigiNotar is the only compromised CA out there."

Schouwenberg's prediction was prescient. On Tuesday, an attacker claimed credit for the DigiNotar attacks, using the same "Comodohacker" Pastebin account that had been used to claim credit for the exploit of the Comodo certificate authority earlier this year.

While the DigiNotar exploit was discovered, Comodohacker claims to control more certificate authorities. "I have access to 4 more so HIGH profile CAs, which I can issue certs from them too which I will, I won't name them," according to the Pastebin post. Comodohacker also claimed to have accessed the StartCom certificate authority, but was blocked by a hardware security module. Furthermore, the attacker claimed to have current access to GlobalSign, and promised to demonstrate that soon.

Unfortunately, no quick fix appears to exist for SSL. "This incident demonstrates in a real way the fragility of the SSL/TLS certificate trust model in use on the net today," said Wisniewski at Sophos. "I hope adoption of replacement technologies like Moxie Marlinspike's Convergence take off in a meaningful way to provide us with more confidence in the security of our communications."

Convergence is a proposal from Marlinspike that involves crowdsourcing certificate verification, by comparing the certificates that users around the world receive for a given website, to help ascertain whether they're legitimate or not. But the approach is relatively new, and so far only available as a Firefox plug-in. Arguably, it's also just one step toward what will need to be a major reform of the information security and business practices of certificate authorities.

The vendors, contractors, and other outside parties with which you do business can create a serious security risk. Here's how to keep this threat in check. Also in the new, all-digital issue of Dark Reading: Why focusing solely on your own company's security ignores the bigger picture. Download it now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
121 Pieces of Malware Flagged on NSA Employee's Home Computer
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/16/2017
Mobile Malware Incidents Hit 100% of Businesses
Dawn Kawamoto, Associate Editor, Dark Reading,  11/17/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Managing Cyber-Risk
An online breach could have a huge impact on your organization. Here are some strategies for measuring and managing that risk.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.