Apple Criticized For Not Blocking Stolen Certs 154
CWmike writes "A security researcher is criticizing Apple for lagging with its response to the DigiNotar certificate fiasco. He is urging the company to quickly update Mac OS X to protect users. 'We're looking at some very serious issues [about trust on the Web] and it doesn't help matters when Apple is dragging its feet,' said Paul Henry, a security and forensics analyst with Lumension. Unlike Microsoft, which updated Windows on Tuesday to block all SSL certificates issued by DigiNotar, Apple has not updated Mac OS X to do the same. Meanwhile, even Mac OS X users who want to go DIY are stymied, reports Bob McMillan, because the OS can't properly revoke dodgy digital certificates."
Not just Apple... (Score:4, Interesting)
At the request of the Dutch government, Microsoft is delaying the update in the Netherlands (home of DigiNotar) until next week, to avoid confusion (and to buy the government more time to roll out new certs).
I feel much safer now, knowing our government has the power to stop Microsoft from rolling out security updates in a country.
Re: (Score:2)
Yup. Much better to just shut down the government for a few days than to not overreact to an already fixed security issue.
Re: (Score:2)
Apparently it;'s NOT a fixed security issue if you use IE in the Netherlands. It WOULD be fixed if the certificate were removed.
Re: (Score:2)
One would hope that any and all private keys for the DigiNotar root certificates have been regenerated and replaced and are NEVER going to be used to generate certificates again.
Re: (Score:2)
these guys just got blackballed by Mozilla and Google. IE is next. They're not issuing anything ever again - for all intents and purposes they cease to be a CA - MS/GOOG/MOZ will never trust them again.
Re:Not just Apple... (Score:4, Informative)
The only thing that might prevent this, is hoping the revocation list of diginotar is complete
> implying browsers actually check CRL or OCSP responses
HA HA, good one. Only Opera checks OCSP and won't show you that the site is "secure" when it can't contact the OCSP server. Firefox can be defeated by putting "3" in the OCSP response (come on, we're talking about full scale MITM, adding OCSP to atack, which also uses HTTP is trivial). IE even when gets a OCSP failure or can't connect to OCSP at all will still show green bar...
If you're using regular certificates Firefox and IE don't even check for OCSP...
Re:Not just Apple... (Score:5, Informative)
At the request of the Dutch government, Microsoft is delaying the update in the Netherlands (home of DigiNotar) until next week, to avoid confusion (and to buy the government more time to roll out new certs).
I feel much safer now, knowing our government has the power to stop Microsoft from rolling out security updates in a country.
I'm in the Netherlands and I got the patch just fine.
Must be because I use the English version of Windows
Re: (Score:1)
Re: (Score:3)
That Microsoft was looking out for customer's interests rather than governments? I would think this should be applauded.
Re: (Score:1)
Re: (Score:2)
That's because it's not using IE, it's using the windows HTML libraries which are incidentally IE like, they're always there so they are what developers program against.
Re: (Score:1)
Not really. The Dutch government asked Microsoft the same thing that it asked Mozilla: not to block the Staat Der Nederlanden Root (yet), of which DigiNotar was one of the partners. The Fox-IT audit did not find any evidence of fraudulent certificates under this root, so there no clear and present danger for these certificates.
That said, the root certificate will be invalidated anyway. The government is only asking for more time to do so. We're talking about renewing some 10,000 certificates btw, and granti
Re:Not just Apple... (Score:4, Informative)
The Fox-IT audit did not find any evidence of fraudulent certificates under this root, so there no clear and present danger for these certificates.
That is old information. The Dutch government only asked Mozilla to not block their root while the Fox-IT audit was still in progress. But by the time it was finished, it could not be proven the Staat Der Nederlanden CA was clean, so they then gave up on DigiNotar entirely and gave Mozilla the OK to block everything.
Re: (Score:1)
Re: (Score:2)
What I don't understand is why in hell the browser simply doesn't ask before trusting any cert encountered? Sure it might be like the damn cookie question (allow/deny) 40-50 times for a single website but wouldn't this at least be a practical check as the only ones that need to be trusted by default are the Root certs.
In my case, I've set all certs to untrusted status and enabled those few exceptions to policy that I actually encounter as there are very few websites where I actually see SSL certs in use. Ri
Re: (Score:2)
Oh good idea! I'm going to do that right now.
Re: (Score:1)
I feel much safer now, knowing our government has the power to stop Microsoft from rolling out security updates in a country.
Better than the opposite. I trust governments more than corporations. Governments are (still) elected and accountable before their citizens
Of course, unless you're an anti-government fanatic libertarian nut-job.
Re: (Score:2)
Unfortunately Slashdot is populated by equal numbers of each extreme so no matter what you say there will be someone waiting to obnoxiously inform you of your error.
Re: (Score:3)
And that sums up the difference between your political ideology and mine in a succinct little package. I trust corporations more than governments; corporations aren't allowed to jail and kill you.
Re: (Score:2)
corporations aren't allowed to jail and kill you.
So naive. What about Blackwater?
Anyway, my government is not allowed to kill anyone. Yours is, because most of your people support it.
Re: (Score:2)
I feel much safer now, knowing our government has the power to stop Microsoft from rolling out security updates in a country.
I doubt they have "the power" so much as common courtesy. I bet the exchange went something like this:
Microsoft: "We're going to push out an update to block DigiNotar certificates soon."
The Dutch: "Hey Microsoft, most of our government infrastructure uses those certs. Our IT staff is pretty backed up right now. Can you delay the release a week for the Dutch version?"
Microsoft: "Sure."
Microsoft could have refused, if they wanted to be dicks about it, and the Dutch gov probably could have threatened some s
FUD (Score:3, Funny)
These certs are blocked on all Apple equipment and always have been. Anyone getting the certificate accepted is obviously holding it wrong.
Re: (Score:1)
Why anonymous? I very nearly had coffee on my monitor because of that.
Re: (Score:1)
Why anonymous? I very nearly had coffee on my monitor because of that.
Let me guess: he's American, you are not. Causing coffee on a monitor is reason to sue.
Reality (Score:5, Funny)
Somewhere deep in Silicon Valley, a programmer is looking at a comment something like this:
/*******
FIXME: WTF Hack here. CRLs require authentication of being revoked, but we never bothered to check the callback of the revoke. Maybe if we bothered to have a revoke infrastructure? For now, we'll just not bother fixing this until 10.1 or 10.2.
******/
return true;
Re: (Score:2)
If you read the article, you would learn that this isn't the case. It's pretty clearly a bug (not a missing revocation infrastructure) since the problem only occurs on Extended Validation certs. Otherwise, the revocation works as it should.
Re: (Score:2)
You sound like you know what you're talking about. But what's an "Extended Validation cert."? To me it sounded like a browser problem, but I'm NOT informed in that area.
Re: (Score:2)
An Extended Validation certificate is one that includes information indicating that a specific legal entity (person, corporation) has been confirmed as being the owner of the certificate, rather than just in control of a particular domain. In modern browsers that understand this extended information, you will often see the name of the corporation next to the 'lock' icon.
Re: (Score:2)
You mean this story is about Apple deciding that you can't decide that you don't trust someone who you can identify?
That's grotesque! I frequently decide that someone in particular (rather than someone I can't identify) is untrustworthy.
Certificate revocation (Score:5, Interesting)
The biggest issue that has come to light here imho is that it's nigh impossible to revoke an issued certificate. When a certificate is out, and it's signed by a trusted CA, there is basically no way to revoke it. Revoking involves updating browsers, or even complete operating systems (like Windows or OS-X). Just because one CA made a small mistake, got hacked for whatever reason, and the whole world has to update their software.
Errors will be made. Certificates will be issued erroneously by a CA, or through hacking. Certificates will be lost/stolen. But for some reason there is no proper way in the whole system to fix that kind of errors. If we let it be, it's just a matter of time before the whole system crumbles and nothing can be trusted any more.
Any thoughts on this? Any ideas on how this could be fixed?
Re: (Score:2)
The major browsers support OCSP. The technology exists, whatever the practical problems are in using it.
Re:Certificate revocation (Score:4, Informative)
Certificates can be revoked by putting them on the certificate revocation list [wikipedia.org]. The OCSP [wikipedia.org] protocol is analogous. Here, try it yourself: http://validation.diginotar.nl/ [diginotar.nl] - get an OCSP client (IE7+, FF3+, Chrome, etc do it automatically) and try to authenticate any of the fraudulent certificates.
Somebody getting a hold of the private keys for the CA itself is a bigger problem - keys can be signed by the attacker faster than they can be revoked. I haven't heard that that's the case - just that fraudulent certs were made, presumably through the same semi-automated process that everybody else uses.
I don't know if there's a way to revoke a CA cert (that is, *all* certificates signed by a certificate). But that doesn't seem to be required here, so the standard revocation procedure works.
Re: (Score:2)
Welcome to the Diginotar OCSP Service. To use this service, please use compatibel client software. Thanks.
Why did we ever trust these guys?
Re: (Score:2)
Certificates can be revoked by putting them on the certificate revocation list [wikipedia.org]. The OCSP [wikipedia.org] protocol is analogous. Here, try it yourself: http://validation.diginotar.nl/ [diginotar.nl] - get an OCSP client (IE7+, FF3+, Chrome, etc do it automatically) and try to authenticate any of the fraudulent certificates.
OK sounds cool. I can't be bothered to try it out myself, I'll take your word for it. But if there's such a revocation system, why do we still need browser or even OS updates to deal with this issue??
Re: (Score:2)
I can't be bothered to try it out myself, I'll take your word for it
if there's such a revocation system, why do we still need browser or even OS updates to deal with this issue??
Probably because people are too trusting, and never bother to test that OCSP works..
Re: (Score:2)
I can't be bothered to try it out myself, I'll take your word for it
if there's such a revocation system, why do we still need browser or even OS updates to deal with this issue??
Probably because people are too trusting, and never bother to test that OCSP works..
Do you check the Linux kernel for back doors? Or any other software that you use, like Firefox? I don't. Because I trust the community at large. Not a single vendor. I know there are people that make it their business to make sure there are no back doors in the kernel, or in Firefox, and that SSH has no bugs, and that SSL certificates are secure, and that CAs issue only valid certificates. The whole Diginotar issue came to light not thanks to Diginotar, but thanks to the community at large: security experts
Re: (Score:2)
Yes, but the joke was that the revocation system is in place, yet even someone who's asking about it can't be bothered to test it out and see if it works. Bugs won't get fixed if they're not noticed and reported.
Re: (Score:2)
Re: (Score:2)
It's entertaining to watch the armchair quarterbacks at it, even the ones calling themselves "security ex
Re: (Score:2)
Just saying...
Re: (Score:2)
Same here. I'm on Firefox 7.0. I'll see if there's a difference with aurora.
Re: (Score:2)
From what I understand, the Diginotor CRL isn't to be trusted at this point. Logs were deleted as part of the hack, and they're not completely sure which fraudulent certificates were issued.
Their OCSP servers were modified to consider all certificates as revoked, except for those on a whitelist. This is the opposite of how OCSP usually works, and the correct approach in this situation. However, CRLs can only be used as a blacklist.
Source: http://isc.sans.edu/diary.html?storyid=11512 [sans.edu]
Re: (Score:2)
CRLs and OCSP only work if you can reach the server they're hosted on.
You could have systems fail hard on failure to reach such servers, but that gives the SSL parts of the internet single points of DoS failure, not to mention that some CAs run pretty flaky servers to start with.
Re: (Score:2)
Take a walk to the trusty stonewalled bank not a 'firewalled' phony bank, don't buy a Mac, another FOSS victory btw..
Re: (Score:1)
FF allows disabling certifiers and it runs on OSX and Windows:
Preferences | Advanced | Encryption, View Certificates, scroll down to DigiNotar Root Certificate, press Edit and uncheck.
It's a manual update, but no new browser or OS update. And it's supposed to be updated automatically-- I might have disabled it in About:Config
Re: (Score:1)
Re: (Score:2)
I just get an update from Ubuntu that blacklists Diginotar. So that part is done.
Yet you're also one of those people that doesn't get the point. This kind of blacklisting should be done automatically, in real time, without needing to update software on a client computer. Now other comments mention that there is some automated system, yet the fact that these updates get so much attention and are presented as "the solution" tells me that that system is broken.
Re: (Score:2)
My thought is that it's probably impossible to patch the architecture of the certificate system in such a way that it:
a) reliably rejects revoked certificates
b) is transparent to users, performing quickly on valid certificates and never or very seldom rejecting them.
c) covers all the use cases the certificate system is supposed cover
d) doesn't require the user to understand the the certificate system and make sound judgments about when it can safely be bypassed.
Covering the substantial majority of users in
Perspectives? (Score:2)
d) doesn't require the user to understand the the certificate system and make sound judgments about when it can safely be bypassed.
Doesn't the perspectives firefox plugin handle this? If that concept were included within the browser framework, it might add a secondary check to the top-down hierarchical (and thus critical-point-of-failure) of trusting CAs alone.
Re: (Score:2)
No it doesn't. It appears to implement a decentralized certificate architecture its authors consider a better than the standard, and in many use cases they're probably right.
It's really a mixed bag with either architecture. Let's take the scenario where a corporate network has serious problems and it carved into separate islands disconnected from each other and the Internet. Both architectures fail, throwing the user back on his judgment, but in different ways.
It's Safari not the OS (Score:1)
The problem lies with Safari not with OSX. Use a different browser. This is not an OS problem. I do wish Apple would get their finger out and fix it though.
Re: (Score:1)
No, it's an OS problem.
On OSX Safari, of course, and I think FF, Opera, and Chrome, do not use their own root certificate list like on windows. They use the OS level keychain service for their encryption needs, whether it be form data or certificates.
This has the advantage that changing the certificate trust value will affect all browsers on your system (that use the built-in encryption services), and other things that require certs (like VPN) and the disadvantage that, if it's not working correctly, will
Re: (Score:2)
No, it's an OS problem.
The only problem is ignorant users. The OS does a fine job of revoking certs, if you know how to use the OS.
You just revoke them in Keychain Access and they are revoked system wide. Open it, find your cert, mark it as never trusted. Takes about 8 seconds, I timed it.
Anyone who thinks certificates can't be revoked in OSX is an idiot.
Re: (Score:2)
On OSX Safari, of course, and I think FF, Opera, and Chrome, do not use their own root certificate list like on windows. They use the OS level keychain service for their encryption needs, whether it be form data or certificates.
No FF has its own list. However it only has "Delete or Distrust . . " as one option not two.
Re: (Score:2)
No FF has its own list. However it only has "Delete or Distrust . . " as one option not two.
It's actually two options that work differently depending on the type of certificate.
If the cert was built-in to Firefox, then "Delete or Distrust..." removes all the trusts for the cert but does not delete it. This means that the cert can't be used to validate anything, but it also means that you don't have to re-install Firefox to get back a built-in cert that was accidentally deleted.
If the cert was not built-in, then "Delete or Distrust..." deletes the cert. Since you obviously imported it once, you s
Double standards? (Score:2)
Comodo hasn't had just one, but two such breaches in the past few years (use the Slashdot search to find the stories).
How come their certificates are still trusted and included with all browsers and operating systems whereas Diginotar's certificates were obliterated from all browser and almost all operating systems immediately?
Is it because DigiNotar is only a regional Dutch CA? Talk about disgusting double standards then.
Re: (Score:1)
Re: (Score:2)
I don't care they reacted quickly. It has happened TWICE to Comodo.
It's about trust. I don't trust amateurs who can't even learn from their own mistakes.
I've distrusted Comodo's certificate like I did with DigiNotar and the Chinese CA.
The reason not to remove Comodo can't be that they're bigger than DigiNotar. Double standards are absolutely unacceptable in this field.
Re: (Score:1)
Re: (Score:2)
Maybe I've missed some recent news but last I heard, the Comodo hacker was ichsun AKA "skill of 1000 hackers," who is an Iranian and is an at least decently skilled black hat.
Re:Double standards? (Score:4, Insightful)
Because Comodo proactively detected the problem, put a stop to it, and had an appropriate audit log showing how large the problem was and what certs were wrongly issued.
Evin DigiNotar acknowledges that removal of their root key is the only way to contain their leak.
OTOH, I chose to disable Comodo's keys in my browser.
Re: (Score:3)
because Comodo's announced the problem and revoked the bad certificates within minutes of them being created. Whereas DigiNotar did nothing for a month.
CAs are all about trust, sure Comodo showed they have some problems but also that they do the right thing when shit happens. DigiNotar showed they are completely untrustworthy - security breaches happen the ignoring them bit is unforgivable for an entity whose role is solely about trust.
Re: (Score:3)
Reading the 'pedia, it seems like DigiNotar's been careless for a while. Only 9 certificates were issued with Comodo, and it was handled very very quickly. It also doesn't seem like Comodo was actually compromised - Wikipedia says "a user account with an affiliate registration authority had been compromised"
By comparison, nobody's quite sure just how many DigiNotar certs were issued, or over how long a period of time. DigiNotar themselves have said they can't ensure that all fraudulent certs will be revoked
Their own fault (Score:2)
As a Dutch reader, I can guarantee you that nobody in his right mind here minds the way DigiNotar's fiasco is handled. They deserve this, and worse. If you're basically selling trust, you'd better be trustworthy.
On the Mozilla Security Blog, the the reason why they handled this as they dit is explained very well:
http://blog.mozilla.com/security/2011/09/02/diginotar-removal-follow-up/ [mozilla.com]
Re: (Score:2)
DigiNotar didn't tell anyone, when they found out. Given that the CA system is built on trust, it means they have lost everyone's trust.
Next to that, they don't seem to have a good audit trail, so can't tell what is and isn't affected.
Everyone knows computer security can't be 100%. The central issue is trust. DigiNotar is no longer trusted, Comodo is because of the different way they handled things when a breach occurred.
Always the same from Apple (Score:3, Interesting)
They lack in security and fixing exploits, and yet, they like to brag about somehow being "more secure" than Windows.
Oh, and Microsoft I believe already released a patch... yesterday? Tuesday?
Re: (Score:1)
It gets worse (Score:3)
While ordinarily just a dick move, due to the intel transition this means that there is a large user base out there(namely the ones that still run PPC macs) that basically will never get any new security patches for their systems and they are stuck with either pitching their hardware or taking the risk that they will not be a victim.
Apple really needs to make these EOL policies not only clear, but announce them significantly ahead of time so that people who decide to migrate have plenty of time to do so.
Re: (Score:1)
Re: (Score:1)
Re: (Score:2)
And from that fraction most would be fine with an Open Source Alternative.
However apple looks 'cool' and 'fashionable' and most people who I know have macs don't use any of those.
Re: (Score:2)
... most people who I know have macs don't use any of those.
There you have it... proof positive! I'll need to register your comment with a DOI for further citation. Until then, I think it would be safe to refer to this as "Haedrian's Llaw".
Re: (Score:2)
Allright, lets both camp outside of apple stores and ask people why they're buying macs.
Alternativly we could look at the sales of those 3 programs, and compare them to the Mac userbase.
Re: (Score:2)
Except it's not 100% closed.
Re: (Score:1)
yeah, its 110% closed. only jobs' express written permission can allow automatic changes to be made to his slaves' computers!
Yup. (Score:3)
Same here. Snow Leopard user. Can confirm it. Stupid OS. I hope this will forever silence the 'if you think that firefox is a proper Mac application GTFO' trolls. This time, it's *better* to use Firefox.
Re: (Score:2, Informative)
You should probably learn to read the article before mouthing off, as what you describe is specifically stated as not necessarily working:
Users can revoke a certificate using Keychain, but if they happen to visit a site that uses the more-secure Extended Validation Certificates, the Mac will accept the EV certificate even if it's been issued by a certificate authority marked as untrusted in Keychain.
"When Apple thinks you're looking at an EV Cert, they check things differently," Sleevi said in an interview Wednesday. "They override some of your settings and completely disregard them."
Re: (Score:2)
BTW, Apple issued an update today anyhow.
Hard Info and Tools (Score:4, Interesting)
Folks,
I have detailed info and tools on my website at
http://ps-enable.com/articles/diginotar-revoke-trust [ps-enable.com]
The short story is that it is possible to protect yourself, but it requires deleting the DigiNotar root cert(s), then revoking trust on the two roots plus four intermediates.
--Paul
Comment removed (Score:3)
Re: (Score:2)
Android does not currently have a system for adding or removing CAs from the OS. However this particular instance did not affect android as DigitNotar was never a trusted CA as far as I have found to begin with. The Android system has a far smaller trust base than e.g. Firefox (57 CAs vs 96).
Re: (Score:1)
Opera does not need to be updated. They have always warned you if a certificate is revoked, and if they can't verify that it is not revoked they regard it as unsecured. See http://my.opera.com/securitygroup/blog/2011/08/30/when-certificate-authorities-are-hacked-2 [opera.com]
Idiots, certs are easy to disable in OSX (Score:2, Informative)
reports Bob McMillan, because the OS can't properly revoke dodgy digital certificates."
Really? Cause I just set the trust to 'Never' in Keychain Access and it works just fine.
If you don't know how to do something, you shouldn't talk out your ass.
Re:Idiots, certs are easy to disable in OSX (Score:5, Informative)
FTFA:
Re:Idiots, certs are easy to disable in OSX (Score:4, Informative)
Re: (Score:2)
It's easy to do from command line. I even wrote a package and distributed it to my machines that does the dirty work.
Apphole Hypocricy? (Score:1)
Apple has a reputation for its aggressiveness when it comes to its own security, searching the houses of people suspected of finding lost phones and throwing them in jail. But apparently when it comes to the security of their customers, their enthusiasm wanes.
You mean Apple doesn't care about the end user? (Score:3)
Mac OS, or Safari? (Score:1)
Apple Has Released Certificates Security Update (Score:1)
For Lion & Snow Leopard. http://support.apple.com/kb/HT4920 [apple.com]
Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information
Description: Fraudulent certificates were issued by multiple certificate authorities operated by DigiNotar. This issue is addressed by removing DigiNotar from the list of trusted root certificates, from the list of Extended Validation (EV) certificate authorities, and by configuring default system trust settings so that DigiNotar's
Re: (Score:1)
Re: (Score:1)
Re: (Score:1)
The problem may be that browsers may not check for CRLs by default, or the DigiNotar's CRL cannot be relied on. So for either scenarios, MS/Google/Mozilla sent out system/software updates to just deal with this CA at the core. Not a bad approach.\
Yes, ideally each browser should by default check if a certificate has been revoked. Hopefully this will be reviewed for the future.
Re: (Score:1)
I believe you should get your sarcasm detector checked.