(Possible) Diginotar Hacker Comes Forward

arglebargle_xiv writes "At the risk of burning people out on the topic of PKI fail, someone claiming to be the Diginotar hacker has come forward to claim responsibility: It's the ComodoGate hacker. He also claims to 0wn four more 'high-profile' CAs, and still has the ability to issue new rogue certificates, presumably from other CAs that he 0wns." Whether this claim turns out to be truthful or not, what led to the breach in the first place? Reader Dr La points to an interim report commissioned by the Dutch government (PDF), according to which "a) No antivirus software was present on Diginotar's servers; b) 'the most critical servers' had malicious software infections; c) The software installed on the public web servers was outdated and not patched; and d) all servers were accessible by one user/password combination, which was 'not very strong and could easily be brute-forced.'"

Weakest link

[Errol backfiring]

Yep. Our whole security system is exactly as strong as the weakest link.

Re:

[houstonbofh]

And crap like this is why I don't understand why my browser has to go apeshit over self singed cirts. "Oh My God! You may be at risk because this cirt was MADE BY SOMEONE WITH A CLUE!"

Re:Weakest link

[arglebargle_xiv]

And crap like this is why I don't understand why my browser has to go apeshit over self singed cirts.

The browser is acting as a food critic. Everyone knows cirts should be cooked rare, not singed. That just spoils the flavour.

Re:

[Jawnn]

I don't care if he singes things himself or not, but I am a bit concerned over this "cirt" thing. It sounds like it could be painful if singed.

Re:

[Junta]

This is a huge deal because for browsers/libraries that do not refresh CA certificates promptly, some select population of people can reduce all certs to as bad as self-signed certificates.

Saying self-signed certs are somehow better than certs signed by a compromised CA is rather silly.

Re:

[houstonbofh]

Not what I am saying. I am saying that self signed cirts are not the evil that modern browsers make them out to be, and official CAs are not the paragon of security.

Re:

[Errtu76]

Please, for the love of Diginotar, at least say 'certs' if you want to abbreviate 'certificates'.

Re:

[grnbrg]

A clue about making a certificate that's worthless against MITM attacks? Congratulations on identifying yourself as completely fucking clueless.

You better get in touch with all the admins running their ssh daemons with self-generated (and unsigned!) host keys! How could such a gaping vulnerability be missed?!

Re:

[heypete]

SSH is not as widely used by the general public, who has little knowledge of security, and wouldn't know how to verify a key fingerprint (or understand why they needed to do so) if asked.

Re:

[grnbrg]

You missed the point -- parent post suggests that self-signed certificates don't prevent MITM attacks.

ssh doesn't even bother to sign the host keys (certificates), and it does quite well in preventing them.

For that matter, even the current implementation of browsers prevents MITM attacks with self-signed certs.... If I connect to a site with a SS cert, I get a warning about it, and whitelist that cert. If I come back some other time, and there is a new self signed cert, I get the warning again. Since I k

Re:

[vadim_t]

Yes, but how do you know whether the first self-signed cert you got is a good one?

With SSH CAs are not needed because somebody else is acting as the CA, either yourself when you're accessing your own system, or whoever is giving you access to theirs. And SSH is only really secure if you actually bother to compare fingerprints.

What's the big difference?

[TheLink]

But how do you know whether the first, second, third, fourth, Xth CA signed cert you got is a good one?

What if the CA signed cert you got was actually created by the hacker? By default most browsers won't warn you, as long as the cert is signed by ANY of the dozens of CAs accepted by your browser[1] (I personally use Certificate Patrol so I am more likely to be warned in such situations - cert changed CA and changed way before expiry).

Seems a worse situation than the self-signed cert - where you can choose

Re:

[vadim_t]

CAs are generally safer because browser vendors require passing an audit to be included. And like in this case, they will remove the certs for CAs that fail to perform properly.

If you were using self-signed certs in Iran, all they'd need to do is to do MITM at the ISP level, and you'd never, ever notice without an alternative non-Iran-controlled connection. They could simply take the site's cert, generate a new one on the fly with the same data, present it to you, and make sure to use the same cert the next

Re:

[TheLink]

In fact in such a situation, a CA outside of the control of your enemies might be your best bet of remaining secure

WRONG! Because most browsers don't warn you if _ANY_ CA (recognized by your browser) in the control of your enemies signs the site's certs. It just takes ONE out of the dozens, does not matter which CA! Recent versions of Google Chrome warn you but only for google's stuff (certificate pinning: http://www.imperialviolet.org/2011/05/04/pinning.html [imperialviolet.org] ).

Whereas if you can get the fingerprint of the self-signed cert from some other channel (e.g. get a friend outside the country to tell you), you will know if it i

Re:

[vadim_t]

The secure way of doing things with a CA:

Alice works at Yoyodyne, Inc. She has to make a business trip to Iran/China/your favourite not very trustable country.

Bob the Yoyodyne sysadmin generates a CA cert, gives it to Alice with a fingerprint.

Alice flies to Iran and uses Bob's CA cert to validate the cert on yoyodyne.com. Cert expires? No problem, Bob can make a new one and Alice will be able to trust it.

Company starts a new project that requires a second cert? No problem either, Bob signs the cert with the

Re:

[Junta]

So tell me again which situation is safer?

If you are the sort to meticulously peruse fingerprints and seek manual confirmation via phone of fingerprint validity, the 'out of the box' behavior of manual key approval that SSH does *might* be 'safer' compared to *default* browser behavior.

If you are the sort to blindly accept the fingerprint on first connection (99.9% of the population), the CA system has better odds of blocking a MITM than your individual efforts. If dealing with servers that frequently change or round-robin shell access, some devel

MITM from day one

[tepples]

If I connect to a site with a SS cert, I get a warning about it, and whitelist that cert. If I come back some other time, and there is a new self signed cert, I get the warning again.

And if there was already a man in the middle on the first day you visited the site, you're screwed. There is the Perspectives project, which uses network route diversity to detect a man in the middle, but it doesn't work so well if the man in the middle is situated between the server with the self-signed cert and its upstream Internet connection, such as a server behind a country's firewall.

Re:

[Junta]

How could such a gaping vulnerability be missed?!

It is a vulnerability and it hasn't been missed: http://tools.ietf.org/html/rfc4255 [ietf.org]

SSH should have done x509 from it's inception with self-signed as default. No worse than current state of things with a great opportunity to do better.

Re:

[amorsen]

You could easily have ended up with the undeployable mess that is self-signed IPSEC certificates. Sometimes it is best to be careful what you ask for, you might get it.

Re:

[heypete]

You are, I trust, aware that there are CAs out there that offer free (or very nearly free) certificates that are widely trusted by browsers, and so won't annoy users with annoying warnings. Why not use those?

Re:

[Pieroxy]

Last time I stumbled over a comment like this I asked for a link. I was given one, and pretty much all of the pages served me errors and other crap... I could not even click on "order".

So, do you think you can provide me with a link to such a CA that would be both free and functional ?

Re:

[Junta]

No, I really am not concerned with MITM attacks on my own LAN, and in the VPN network.

That's a particularly special case, sounds like you are accessing a remote work server from home using a technology explicitly designed to be unobtrusive and by extension indistinguishable from any other internet connection. Not exactly the scenario where a browser can reasonably detect and change behavior even *if* it were a good idea. Of course, a number of VPN client rely upon DNS and SSL certificates to initiate the connection, so a MITM during VPN connection establishment is not entirely out of the q

Re:

[houstonbofh]

Has anyone analyzed how many browsers already have updates invalidating DigiNotar authority or discussed if DigiNotar has a functional OSCP that is returning accurately? The system when used *as designed* does stop MITM attacks. This is the first widespread compromise of a CA that I can recall, and I expect already many users are in browsers that already distrust the compromised key. I suspect most people will have updated their CA certs without even being aware of this incident within a few months. So it does stop MITM attacks.

Second big one, but I can't find a link to the first. (Google is flooded with this one...) And it does not matter if you have a condom for every partner but that one with AIDS. http://blog.thoughtcrime.org/ssl-and-the-future-of-authenticity [thoughtcrime.org] SSL is not secure, and has not been for a while. The fact that it is going public now is a lag behind the lack of security.

Re:

[Junta]

http://blog.thoughtcrime.org/ssl-and-the-future-of-authenticity

This article is intelligent and correctly identifies the issues and puts them in accurate context in the face of hordes of people mindlessly saying 'DNSSEC fixes all'. The problem is not the technology, but the politics and laziness that distorts the use of the technology. I doubt any approach can be dreamed of that wouldn't, in practice, be perverted in implementation. Self-signed certs are simply worse. You can manage it intelligently, by having a private CA for your organization and distribute the ce

Then start your own private CA

[tepples]

I really am not concerned with MITM attacks on my own LAN, and in the VPN network.

I agree with Anonymous Coward [slashdot.org]: start your own private certificate authority and install its root certificate on PCs on your LAN and PCs that connect to your VPN.

Re:

[Hatta]

Why are you using SSL on your home LAN in the first place? If it's impossible for anyone to have access to your LAN, then you don't need encryption. If it's possible an attacker is on your LAN then self signed certs just give you a false sense of security.

Re:Weakest link

[drolli]

A good security system is not as weak as the weakest link.

Re:

[houstonbofh]

Can you find me 5 people that have never broken the "cup holder" that believe our current system is a "good security system?"

Re:

[Junta]

The problem is that our current system may not in practice *be* a 'good security system', but if implemented correctly it *would* be.

The challenge is this will undoubtedly hold true for any proposed alternative implementation strategy, making churning the underlying technology an exercise in futility unless you fix the aspects preventing the x509 system from working as designed.

You are right

[whoda]

It's the same as equivalent resistance of resistors in parallel, slightly weaker than the weakest link.

It's Ichsun

[GameboyRMH]

The hacker is Ichsun again, better known as "skill of 1000 hackers."

Re:

[black soap]

It looks like in this case "our whole security system was the weakest link."
Or maybe "Our whole security system was their security system, which was the weakest link."

Servers run by Diebold

[cvtan]

Clearly they were using voting machines for web servers. That explains everything. Oblig: http://xkcd.com/463/ [xkcd.com]

"No antivirus software was present"

[Neil_Brown]

on Diginotar's servers

Is this uncommon? Do most (sane) administrators run anti-virus on each of their servers?

Re:

[imroy]

Do most (sane) administrators run anti-virus on each of their servers?

I guess you do if you're running Window servers, which apparently Diginotar were.

Re:

[somersault]

If they're Windows servers, then yes..

Re:

[gmuslera]

Is debatable if running windows in critical servers is something that sane administrators would do. sane administrators shouldt need to run antivirus in their servers, either because run something safer or know enough to avoid running into that risks.

Re:

[confused one]

Well, according to Netcraft, 15% of the web is run on IIS. That's potentially a lot of insanity.

Re:

[jhoegl]

Only if multiple people have access, or there are user files stored on it would i need anti-virus.

If you are the only one that has access, no user files are stored, and it performs simple tasks... probably not needed.

See, what people who think Anti-virus is important dont seem to understand is that it wont protect against vulnerabilities, nor against 0 day. It is a false sense of security for the senseless. I can run for years without anti-virus and never get a virus. How would I know if I dont have a

Re:

[UnknowingFool]

While your points on 0 day bugs is true, in this case, the malware would have been detected by current AV software. AV software is no magic pill that will solve all security problems however I don't understand why the company didn't use it.

Re:

[Enderandrew]

I'd contend that you're betting running anti-virus on Windows servers than running without it, but at the same time I think far too many people see it as a crutch.

Most anti-virus software scans files already in your system against a list of known infections. It is far too easy to fuzz past detection, not to mention that it can't protect against the latest unknown infections.

The best protection is proper sandboxing and security policies. Don't let anything in unless you have to. Don't trust anything.

And hone

Re:

[BLKMGK]

How would that have worked? A CA is responsible for pumping out certs, for a fee, all day every day as well as verifying existing certs. If you think that this isn't done in an automated fashion by every CA out there then you don't understand the volume! All this guy did was break in and get the CA to do what it's normally setup to do and bypass the checks that would normally prevent the action. An air gap isn't reasonable in this scenario and I bet no other CA has one either. Personally I'm not surprised t

Re:

[Ja'Achan]

Do them once a day? Why would you need a certificate within 15 minutes?

Re:

[BLKMGK]

Because maybe your competitors do it that fast? Want to bet they aren't much different than any other CA in this regard?

And even if this was air-gapped somehow - why does anyone think the request wouldn't have gone right through with the other thousand(s?) or more requests bulk shipped through? How exactly would that have helped? The guy didn't *just* create a cert - he pushed it through their entire system including their databases that affirm it when a revocation is checked.

Really all it seems like he nee

Fear the mighty script kiddy

[jellomizer]

We need to stop giving these "Hackers" such press. Oh they broke into a insecure system. They must be real Computer Geniuses. There should be far more press about the state of the hacked sites security, and less on those actual hackers. The hackers are just some dumb kids who did some quick searching around and got some silly tools. The real story is that such organizations have such a poor security.

Re:

[erroneus]

It's not the hacker that is the story, but the light on the security situation at large. That a script kiddy was able to do this adds to the embarrassment. Unfortunately, most people will not understand this fact and will instead seek to destroy all script kiddies. ... this is the same mentality in the medical world that has led to the unintentional creation of MRSA. The over-use and dependence on killing everything that might be a germ has bred superbugs. And these days, they are also seeking to destro

Re:

[jellomizer]

No I wouldn't go that far.
"Organized Crime" wouldn't dominate because there isn't much money/risk for hacking. A single person may make a good living but organized crime has resources and wouldn't be profitable. And for the most part hackers are able to take a site down and create damage but not really get anything really valuable out of it. It would be like the mafia going around knocking down people mailboxes just for the sake of it.

Those tools while made by someone who isn't a complete idiot, But th

Re:

[BLKMGK]

Umm, this "kid" was able to pump out certs from a CA that could potentially have allowed a great deal of damage. He didn't just break in and deface the system, he broke in and got around the systems that were in place to prevent these kinds of certs from being produced - unless you think this CA didn't know that Google and Microsoft were already rooted elsewhere.

As for not being able to do more than damage.... what do you call having a database of credit cards stolen? SSNs? Credit card PROCESSING systems? T

Re:

[Doctor_Jest]

I think this kid's a distraction. It's rather like a "hey look over here!" while someone else is picking your pocket.

Organized crime isn't advertising. They aren't in it for the "LULZ" or whatever. They are conducting "business" and in the process of conducting that business, they put up distractions like this person who claims responsibility (or allow this person who is totally bogus but in it for the fame) to deflect interest in looking at them as the culprit.

"Virtual sleight of hand".... for lack of a be

Re:

[Enderandrew]

Admiration is the problem.

You gain more fame for hacking a system than you do for discovering the same vulnerability and quietly patching it. I know companies like Google offer bug bounties, but what if they gave awards and more public recognition?

Honest question:

[Haedrian]

How DOES one become a trusted CA? Shouldn't there at least be some sort of procedure to check that they can be trusted?

Re:Honest question:

[tetromino]

Well, here [mozilla.org] are the requirements for a CA's certificate to be included in Mozilla products. In particular, they require an independent audit of the CA's policies and internal operations. Presumably other browser vendors follow similar procedures.

Re:

[houstonbofh]

Well, here [mozilla.org] are the requirements for a CA's certificate to be included in Mozilla products. In particular, they require an independent audit of the CA's policies and internal operations. Presumably other browser vendors follow similar procedures.

Now I get it! He was not a hacker, or a cracker. He was an independent auditor!

Re:

[bill_mcgonigle]

Nah, sounds more like this one [wikipedia.org].

Re:Honest question:

[bill_mcgonigle]

And Mozilla gave these jokers a pass while raking CACert across the coals [mozilla.org].

That distinction is very instructive as to the real motivations of the PKI industry.

The difference between CACert and DigiNotar

[frehe]

I love this comment from Mozilla's Nelson Bolyard in that thread:

I have no opinion about the worthyness of the particular CA being proposed in this bug. I don't know who it is yet. But my question would be:

Does webtrust "attest" to this CA?

I think that should be one of the criteria. PKI is about TRUST. All root CAs that are trusted for (say) SSL service are trusted EQUALLY for that service. If we let a single CA into mozilla's list of trusted CAs, and they do something that betrays the publics' trust, then there is a VERY REAL RISH that the public will lose ALL FAITH in the "security" (the lock icon) in mozilla and its derivatives.

We don't want that to happen. If that happens, mozilla's PKI becomes nothing more than a joke. If you want to see mozilla's PKI continue to be taken seriously, you will oppose allowing unattested CAs into mozilla's list of trusted root CAs.

Re:

[DdJ]

How DOES one become a trusted CA?

By social engineering applied to the browser vendors.

Re:

[timmy.cl]

You definitely hit the nail! We should establish a new system that proves the CA's are trustworthy. I'd name it CACA*, for Certification Authorities' Certification Authority. Better yet, it should be decentralized, so there should be many independent CACAs all around the world, and every computer out there will have every CACA's certificate installed. This will definitely be the ultimate, perfect, unbreakable trust system.
 
* Pun intended: "caca" is spanish for poop.

More details from the Pastebin source

[arglebargle_xiv]

According to the hacker's Pastebin message, one of the other CA's he's 0wned was GlobalSign, a fairly major CA for which it won't be so easy to pull the root certificate as it was for Diginotar. He's also claiming responsibility for the StartSSL breach that occurred a month or two back. GlobalSign have reportedly gone into panic mode. It also includes other details like:

I got SYSTEM privilage in fully patched and up-to-date system, how I bypassed their nCipher NetHSM, their hardware keys, their RSA certificate manager, their 6th layer internal "CERT NETWORK"

as well as their domain admin password Pr0d@dm1n (you can see why Dignotar passed their security audit, they didn't use password1).

The organization is the interesting part

[alfredos]

How does an organization that works with moderately complex technology, where security is of the utmost importance, go down such a dark alley so many others have treaded before with foreseeable and dreadful consequences? Point-haired bosses? perhaps appointed by politicians? Too good a business to think about the pillars? Seriously, did they never ever have anyone raise the alarm? What happened if someone did?

Re:

[houstonbofh]

Doing it right costs more money than the PHBs want to spend. At every job I have had, I have gone to management with "This is a bad idea, and it will bite us." Most of the time when we get bit, I do not get the blame. Sometimes, even with the repeated and documented warnings, I get the blame anyway. And soon after, a new job with a, hopefully, more sane company.

Re:

[rjstanford]

Maybe if you'd gone to them with "This is a bad idea, it has a xx% chance every month we're doing it of costing us $$$ in direct fees and around $$$ in indirect bad press. I can rectify it for $ plus $ per month," they'd have taken you up on the suggestion?

Alternately, maybe you would have realized as they did (correctly in some cases, not so in others, I'm sure) that the economics actually supported not fixing the problem?

Re:

[houstonbofh]

I can accept that in many cases. It is when they flip flop later to blaming me for the exact thing I warned them about that I start polishing up the CV.

Re:

[DrBoumBoum]

Maybe if you'd gone to them with "This is a bad idea, it has a xx% chance every month we're doing it of costing us $$$ in direct fees and around $$$ in indirect bad press. I can rectify it for $ plus $ per month," they'd have taken you up on the suggestion?

I used to be very idealistic too when I was much younger. Ah the good old days :-)

No antivirus software on the server?

[caseih]

May we assume by this finding in the Dutch report that the servers were not running any form of Unix or Linux? In any case I do not see how an antivirus program is going to stop an intrusion.

I used to chuckle when our local credit-card processing system would ask me to ensure that my web server had an up to date antivirus package installed. Rather than out right lie, I explained to them that my web server ran Linux and that they don't run antivirus software, but are kept patched and secured with proper firewall rules and proxy servers, and protected by the IDS at the border of the DMZ.

Anyway, not even sure why they mentioned antivirus software at all. The problem was more systemic. Their entire system did not seem to be built with security in mind. Where was the IDS? Why did the public-facing servers have the CA private certificates on them at all?

Re:

[ledow]

Worse than that - their all-Windows servers (including the signing server) were all part of the same domain and so all could be logged into with a single set of credentials (which is what the intruder had, by brute-forcing that crappy password) and all joined to the same networks.

Re:

[tqk]

All major AV firms now have antivirus packages for Linux (Un*x) that offer both realtime (on-access) and on-demand (hand-started) virus scan protection. They protect the Linux OS as well as the Windows people who connect to Samba, Apache etc. from the transmission of malware.

Proving there are admins out there who're highly susceptible to the marketing claims of AV vendors. BS!

I can understand if your *nix box is the SMTP Smarthost or the Samba server for a bunch of user/Win* boxes, that you'd want to try to scrub crap out of incoming stuff before passing it onto the internal LAN/WAN. However, that's got nothing to do with protecting the Smarthost or Samba server.

Good security practices are generally more than capable of protecting *nix boxes, specifically don't allow the serv

Re:

[StikyPad]

AV just sucks up CPU cycles, provides a false sense of security, and makes AV vendors rich.

Proving there are admins out there who're highly susceptible to the "best practices == invulnerability" fallacy. AV is a lot like insurance in that it may increase overhead with no ROI. But on the other hand, it can mitigate an otherwise catastrophic event, and better than insurance, it can protect against that event rather than cover the costs of cleanup. It's not a silver bullet by any means, but neither is it a w

Re:

[tqk]

Geez, another one! Q.E.D.

'Claiming' to be the hacker?

[plover]

Hell, if he really hacked it, he'd have signed the message with DigiNotar's key. He's the only person in this whole debaucle I'd trust to actually have a clue as to how to really use their certificates.

Re:

[chrb]

As a proof to show that he really did infiltrate DigiNotar, he shares the domain administrator password of the CA network: Pr0d@dm1n. DigiNotar would be able to confirm if this was accurate or not.

Maybe something will come of that...

Re:

[cronius]

He could publish a signed certificate of "ComodoGateHackerOwnsDiginotar.com". Or he could sign a domain name consisting of e.g. a base64 encoded compressed message.

Compromised CAs

[unencode200x]

FTFA:

3.2

Compromised CAs

The attacker(s) had acquired the domain administrator rights. Because all CA servers were members of the same Windows domain, the attacker had administrative access to all of them. Due to the limited time of the ongoing investigation we were unable to determine whether all CA servers were used by the attacker(s). Evidence was found that the following CAs were misused by the attacker(s):-

DigiNotar Cyber CA-
DigiNotar Extended Validation CA-
DigiNotar Public CA - G2-
DigiNotar Public CA 2025-
Koninklijke Notariele Beroepsorganisatie CA-


Stichting TTP Infos CAThe security of the following CAs was compromised, but no evidence of misuse was found (this list is incomplete):-

Algemene Relatie Services System CA-
CCV CA-
DigiNotar PKIoverheid CA Organisatie - G2-
DigiNotar PKIoverheid CA Overheid en Bedrijven-
DigiNotar Qualified CA-
DigiNotar Root CA-
DigiNotar Root CA Administrative CA-
DigiNotar Root CA G2-
DigiNotar Root CA System CA-
DigiNotar Services 1024 CA-
DigiNotar Services CA-
EASEE-gas CA-
Hypotrust CA-
MinIenM Autonome Apparaten CA - G2-
MinIenM Organisatie CA - G2-
Ministerie van Justitie JEP1 CA-
Nederlandse Orde van Advocaten - Dutch Bar Association-
Orde van Advocaten SubCA Administrative CA-
Orde van Advocaten SubCA System CA-
Renault Nissan Nederland CA-
SNG CA-
TenneT CA 2011-
TRIAL DigiNotar PKIoverheid Organisatie TEST CA - G2-
TU Delft CA


For some of these CAs extra security measures were in place (like the CCV CA). This makes it moreunlikely they were misused.

Re:

[DrBoumBoum]

Known compromised CAs

FTFY

Dutch security

[SigILL]

I say that as a dutchman. I'm ashamed to be from the same country as these bozos.

Re:

[rvw]

I say that as a dutchman. I'm ashamed to be from the same country as these bozos.

Did you read the pastebin? He hacked Diginotar specifically because of Srebrenica 16 years ago. Something else to be ashamed of. And I'm not ashamed about these Diginotar bozos. The Dutch government should be blamed here for trusting them completely. If Fox-it could find all these problems within a week, why didn't the government find out earlier?

From the report...

[MtHuurne]

First, here is the actual PDF [rijksoverheid.nl] instead of some web-based PDF viewer surrounded by dubious ads.

The most damning statement from the report (in my opinion) didn't make the summary: "The separation of critical components was not functioning or was not in place. We have strong indications that the CA-servers, although physically very securely placed in a tempest proof environment, were accessible over the network from the management LAN."

I have worked at company that generated encryption keys and they did so on a PC in a locked rack in a locked room with no network connection; such an approach would have prevented this attack.

This fragment from the timeline is also interesting:

19-Jun-2011 Incident detected by DigiNotar by daily audit procedure
02-Jul-2011 First attempt creating a rogue certificate
10-Jul-2011 The first succeeded rogue certificate (*.Google.com)

So an incident was detected three weeks before the first rogue cert was issued.

Re:

[BLKMGK]

Umm bullshit?

Lets play pretend that this was air gapped\tempested\protected by dogs and this guy managed to insert a request for a cert into their system bypassing any dupe checks and payment crap. It would have been dutifully carried on whatever media they had used a million times before to the "special" machine, a cert created, and the cert sent on it's way to the attacker same as any other.

How does an air gap solve this problem exactly? Doing them by hand and checking their authenticity with a human is a

All Messages from ComodoHacker

[eulernet]

Here are the messages from ComodoHacker on pastebin:

http://pastebin.com/u/ComodoHacker [pastebin.com]

He published a cert for Mozilla in March.

Bacon

[blueg3]

a) No antivirus software was present on Diginotar's servers;

As per the XKCD, if this is a problem, you're already doing it wrong. Antivirus software won't save you against sophisticated attacks, only unsophisticated ones. CAs need to be safer than that.

b) 'the most critical servers' had malicious software infections;

Probably because of (c).

c) The software installed on the public web servers was outdated and not patched;

Seriously, everyone who runs a business should know not to do this.

and d) all servers were accessible by one user/password combination, which was 'not very strong and could easily be brute-forced.

Well, that's just stupid.

So (c) and (d) are the real problems, and they're pretty obviously problems.

SSH does it right.

[grnbrg]

The ssh host key for a server is generated automatically by the ssh daemon the first time it runs.

The first time a user connects to that server, they get a fingerprint they can check, and a "This is the first time you've connected to this host, are you sure it's the right one?". Subsequent connections are silent, unless the host key changes. You get a big, scary message if a host you've allowed in the past changes it's key. (As this signals a potential MITM attack.)

SSL certs should be handled the same wa

Re:

[grnbrg]

Dammit.

".... is the same server they're trying to connect to today."

Re:

[Anonymous Coward]

There's an add-on for Firefox called Certificate Patrol which does precisely that - it even shows you the diff between the old and new certificate. Alas, it still requires constant vigilance - Joe Random User will click through any warning, no matter how scary, if promised scantily clad dancing bunnies.

Re:

[rvw]

There's an add-on for Firefox called Certificate Patrol which does precisely that - it even shows you the diff between the old and new certificate. Alas, it still requires constant vigilance - Joe Random User will click through any warning, no matter how scary, if promised scantily clad dancing bunnies.

Thank you for this tip! Very useful in getting a little bit more grip on the whole situation.

Re:

[vadim_t]

If you're using SSH that way, you're donig it horribly wrong.

SSH's security comes from you verifying the key. In a CA system you delegate that responsibility to somebody else, but with SSH that responsibility falls squarely on you, and the security of the system depends on you doing the checking properly.

When using SSH correctly what you do is to obtain the system's fingerprint by yourself, or from whoever allows you access to their server over a secure channel, connect, and verify that it matches. Only the

Route diversity

[tepples]

Learning fingerprints from email or IM conversations isn't guaranteed to be safe.

Nothing is guaranteed to be safe under this system of things. But typically, e-mail, IM, microblog, and the SSH connection itself will follow different network paths, and a man in the middle is unlikely to have compromised all at the same time. This is the principle of route diversity, the same thing the Perspectives add-on uses to check HTTPS certificates against notaries spread throughout the Internet.

Re:

[vadim_t]

That assumes a mostly secure system where an attacker managed to sneak in for a short time.

That assumption doesn't apply in places like Iran, where such shenanigans may well be organized by the government itself and happen at ISP level, for every single internet user in the country. Then all the network paths you have go through the attacker.

Sure, their transparent proxy might not be catching fingerprints in IMs today, but if that gets popular enough you can be sure it eventually will be upgraded to do that

The irony...

[rainer_d]

...of an ad selling "high assurance ssl certificates" on the top of this page is hardly beatable.

"High assurance" now just means "not p0wned, yet".

Re:

[somersault]

It all made sense to me, and it's useful to know that SSL is less than trustworthy right now.

By the way - you spelled blatantly wrong while saying things were wrong. Ho ho ho.

Re:

[ledow]

Because, if you understood anything about PKI, you'd know that all major browsers would have trusted these certificates by default for over a month for sites such as Google, Windows Update and a myriad other popular sites.

And still we don't know what else may have slipped through the net and got certified. The hack was hardly social engineering either - they brute-force cracked Windows domain passwords after gaining entry through compromised web-based servers.

Yes, the CA is an idiot (first, they were runni

Re:

[Randseed]

My comments were wrong. You (and other posters) have a good point. Specifically Ledow, and one random anonymous coward. However, I do disagree with the latter on the idea that people wouldn't have been clicking OK on random certificates: People are sheep, and, well, they DO.

Re:

[GameboyRMH]

Self-signed certs, distributed verification system. Try it out now:

http://www.networknotary.org/firefox.html [networknotary.org]

http://www.convergence.io/ [convergence.io]

Have you been living in a cave?

Re:

[0123456]

a) No antivirus software was present on Diginotar's servers;

This shouldn't have been listed; it should be considered a good thing.

If they were running antivirus software it would mean they were running Windows on their servers, which would be insane.

Re:

[BLKMGK]

AV products are a little smarter than that now. A little....

Re:

[jimicus]

Not necessarily, you put Windows onto a domain and all of a sudden you're one person with Domain Admin rights and a stupid password away from having the whole lot compromised.

Throw in the sort of corporate politics that often leads to non-technical senior managers demanding (and getting) domain admin rights and there you go.

Re:

[Thud457]

Throw in the sort of corporate politics that often leads to non-technical senior managers demanding (and getting) domain admin rights and there you go.

That's what honeypots were invented for.

Re:

[Errol backfiring]

Why not? It seems that you can hire entire botnets including hacking software of your choice. So a brute-force attack is hardly anything you need to make your hands dirty on. The hardest part is finding a vendor without attracting attention.

Apart from that, I find it hard to believe that a malicious hacker would step out into the open. And an ethical hacker would have gone public very soon after the hack.

Re:

[mla_anderson]

The admin's point of view should be that there will always be barbarians at the gates, it's his job to keep them out. In this case the admin instead put up a big bright neon welcome sign. It is this gross negligence which so over shadows the hacker's criminal activities that causes outrage here. This is part of the way we self police, or at least educate. In the non-tech inclined world the perceived level of responsibility will be switched.

Re:

[SmurfButcher Bob]

Because "the hacker" is inevitable. Period.

If you run into the center lane of a 70mph freeway and get hit by a truck, you do NOT blame the truck. If you jump off a building and hit the ground, you do NOT blame the ground. They are always there, and their existence must be expected.

Re:

[umghhh]

Not entirely true - just read all the posts - still there seems to be a consensus that an organisation that is charged with ensuring security has certain responsibility and while we know it is impossible to guarantee that such things never happen you could do something at least and the admins in this authority did not do much which means they are at least partially to blame.