Comodogate

Its unfortunate I'm posting this on April 1 -- but this is no joke. I've resisted writing about Comodogate, as I was hoping the media would cover this properly for everyone. They've failed, and companies are not taking seriously their responsibilities to their customers.

If you're not familiar with Comodogate, here's some background reading, "The Recent RA Compromise" "What the SSL", "Detecting Certificate Authority compromises and web browser collusion", "Iranian hackers obtain fraudulent HTTPS certificates: How close to a Web security meltdown did we get?", "Mobile Carrier Delays Harm Internet Security" (external links)

The short version of it is -- the Internet was hacked, a 'state level actor' is suspected and all signs point to Iran [but that might be on purpose]....

These types of attacks are supposed to be impossible, thanks to the SSL Certificate system. Unfortunately, the systems problems are well known and I wrote about issues in the CA trust system when Christy Clark put electronic voting in her platform. I called it irresponsible to trust corporate actors in this way. Fast forward a few weeks and Comodogate hits. CA trust is now at an all time low. A CA (Certificate Authority) cert may be in the wild, and with the _vast majority_ of web browsers being totally unpatched for this vulnerability, everyone is at risk. This risk is particularly significant for Iranian Internet users. You see, a CA certificate is a certificate that is to trust much like a mint is to money. Sure, you can rob a bank, but if you can steal a minting machine you can create an unlimited amount of money. In this case, the CA certificate, [if in-fact the "Global Trustee" certificate is a CA cert as the EFF suggests], is the digital equivalent of a minting machine capable of printing valid certificates for any website. Further, this global certificate is the equivalent of a digital weapon-of-mass-destruction; it could end all trust in digital commerce in the United States, Canada, and around the world by allowing anyone to impersonate any secure website. Your bank, your electronic voting system, your email, even Facebook -- they're all vulnerable so long as your browser is not updated to blacklist this rogue CA.

So, if you're reading this story, stop.  Go patch your browser with the latest version -- and continue reading. If you're working for a company or organization, make sure IT has patched the browsers within the last 9 days.

So why am I writing this post now? Well, 9 days ago the hack was disclosed, the browsers were patched and responsible companies like Microsoft and Mozilla released disclosures to their customers informing them of the risk to their communications and how to apply the patch. This is all I could find from Google confirming the issue. Google doesn't mention that their accounts might have been, or are presently being, compromised (as one of their certificates was explicitly hacked). They haven't indicated to their non-technically sophisticated customers that their recent browser updates were meant to close a gaping security vulnerability. Even on the  Google Security Blog this issue was downplayed, with the notice on Comodogate not offering a real warning to users. Google clearly knows about the problem, and has addressed it internally, but are hoping that their customers never notice that even Chrome suffered a critical vulnerability along with other vendors' web browsers. WTF? This reaction is so not 'Googley'.

Anyway, read their "Improving SSL certificate security" post... I'm EXTREMELY disappointed. First, they talk about their certificate catalog, which is a DNS TXT-record based lookup tool that they claim can serve as an 'interim measure' while we wait on DNSSEC. The reality is that despite being a neat nerd tool, being DNS based, this catalog adds NO VALUE, to the certificate trust chain. Google's 'measure' is based on an already insecure system, the DNS. You see, to perform a man-in-the-middle attack against SSL you need to have control over the local networking infrastructure/DNS anyways. Thus, if you can replace the DNS record for the target domain, you can just as easily replace the DNS record for *.certs.googlednstest.com... set it IN TXT to "14867 15062 74" and you've completely defeated this catalog. The OCSP protocol is ostensibly better, but it too apparently can be disabled with a simple DNS redirect and 500 error in all major browsers, even patched ones.

So, is Google providing an actual interim strategy? Hardly. What's missing is any acknowledgement from Google that they may have been a target of espionage. What's missing is Google failing to disclose that their www.google.com CA trust HAS BEEN HACKED and that a hacker has a VALID private key for that domain, one that works in the majority of web browsers in use today! You would think they would have a disclosure, press releases, and that they would WARN THEIR USERS, especially those in Iran, that they can not trust the CA certificate system, especially for that domain, without patching their browsers or disabling the Comodo CA as a trusted CA certificate (something you can do manually without patching your browser)

I would further point out that while many are claiming these certificates have not been detected by certificate observatories, and are therefore not live on the internet -- I would argue that of course they're not live on the internet, their purpose is in a targeted MITM attack against SSL [ as described here [pdf] and here [pdf] ] and if used correctly would not be detectable.  Thanks to browsers broadcasting their user agents and patch versions in the clear prior to a ssl attack being initiated, any hacker would know if his attack was going to succeed _before_ launching the hack. In effect: this type of hack will be nearly impossible to spot in the wild, or by internet observatories when the hack is launched with precision.

Google, you need to warn your users properly.