Site Certificates Forged; Internet Security Not So Secure
from the lock-and-key dept
Ed Felten has the details on a rather worrisome bit of information released by some security researchers on how to forge site certificates. Generally speaking, secure certificates for sites were considered to a pretty definite sign that you were safely connected to a particular site -- and transferring any data between you and that site securely. The ability to forge such certificates throws all that into doubt, and it severely disrupts the ability to be confident in a secure transaction online. Felten describes how this is fixable (though, some certification authorities should have made changes a while ago to prevent this), but it's yet another reminder that what's secure today might not be so secure tomorrow.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: online security, security, security certificates
Reader Comments
Subscribe: RSS
View by: Time | Thread
Hmm?
What is NEW?
And a REAL certificate, I thought, was only $99 per year..
And the Cert, PROVES WHAT?? that they PAID for the Cert..
NOT that MS certifies the site, or EVEN MONITORS it..
[ link to this | view in chronology ]
Re: Hmm?
Apple doesnt use certificates? what do they use...
(what do you mean by "MS"?)
[ link to this | view in chronology ]
Re: Hmm?
Um. Not quite.
What is NEW?
Read the details. Plenty.
And a REAL certificate, I thought, was only $99 per year..
What does the cost have to do with anything?
NOT that MS certifies the site, or EVEN MONITORS it..
Huh? What does Microsoft have to do with anything?
[ link to this | view in chronology ]
I do recognize that creating a comparable system is a major undertaking, but that is only more reason that innovation in this field should be continuous. If it takes five years to develop the proper framework, then work on it should begin at least five years before the current system is made obsolete. The fact that it is difficult to give a timeline for such obsolescence only makes it more essential that work on a higher-level system should begin immediately after the current system is implemented.
[ link to this | view in chronology ]
MD5 Is Bad, Don't Use MD5, M'Kay
MD5 has been known to be week for a few years now. All the smart people started moving off it soon after. What happened is that a few certificate authorities (CAs) have been lax. Some CAs have been shown to be lax in other ways as well, so while this is disappointing, it shouldn't be a complete shock.
The right solution is to drop these CAs' root certificates from the popular browsers. They can't be trusted, so they should be dumped.
[ link to this | view in chronology ]
There's no such thing as "secure" in a digital environment.
The certificate cryptography has run its last leg, but this should have been expected. Now that we have even more powerful software at our disposal, it was just a matter of time before this occurred.
What sucks about the cat & mouse game is that often the "break" is found faster than a new development strategy can be enforced.
Or does all this DRM cracking teach you nothing?
Personal note: As a consumer, it is YOUR responsibility to monitor your accounts. You should always review your credit report once per year (it's free), watch your bank statement DAILY, and be aware passing your credit card/bank info over the internet is NEVER 100% safe (what's to stop a thief working for the company to steal the number?).
This is why you don't send information to sites you don't know/trust.
[ link to this | view in chronology ]
Re: There's no such thing as "secure" in a digital environment.
Umm, no it hasn't. Read closer. It's a fundamentally strong, well-designed system, and one of the optional components of it, which has been known for years to be weak, was finally cracked completely. The rest of the system (i.e. when used with hash functions other than MD-5) is still as secure as ever. In this case, a minor update to CA policies (stop using MD5) and web browsers (to reject or warn about use of MD5) solves the problem quite simply.
often the "break" is found faster than a new development strategy can be enforced.
Not in this case. I would bet that modern public-key encryption won't be completely cracked until the development of quantum computers.
Or does all this DRM cracking teach you nothing?
That's right, all this DRM cracking teaches us nothing at all about public-key encryption. Cracking DRM is much easier, because every user is necessarily given both the key and the lock, and someone just has to figure out how they work together. There's no such thing as un-crackable DRM. The tech guys realize this, but the media companies don't, so there's a huge industry of con artists selling new "stronger" DRM schemes to media companies and then acting surprised when they get cracked.
If you aren't part of the solution, there's a lot of money to be made in prolonging the problem!
[ link to this | view in chronology ]
Re: There's no such thing as "secure" in a digital environment.
it teaches us plenty about how NOT to implement PKI. i also teaches us that time and talent will cannot be stopped with money.
[ link to this | view in chronology ]
Re: There's no such thing as "secure" in a digital environment.
[ link to this | view in chronology ]
MD5 ongoing usage
The real problem here is not the root certificates. The root organizations will be updated shortly. It is in the secondary certificates, which are rooted in a cert that uses MD5.
As I understand it, this vulnerability relies upon a malicious applicant who provides one data string to the CA for cert generation, having previously generated another string with the same hash. As I understand it, much of the data is provided by the applicant, including the cert issuance time, which may not be verified by the CA when the cert is issued.
Unfortunately, many standards still require MD5, such as digest authentication. This is clearly a problem.
[ link to this | view in chronology ]
Some Certicate Authorities are offering SSL certificates with no verification at all, so the application of creating two certificates with colliding MD5 hashes, getting the one certified and then using the other, is limited at best. There's nothing to be gained from this.
In practice, no one cares about the browser warnings they get even when SSL certificates are outdated or wrong, because we're so used to them by now from lazy companies who can't be bothered to certify the right domain name.
We all just click through the warnings because we want to use the site.
If you don't believe me, take it from a guy who really knows what he's talking about: http://www.schneier.com/blog/archives/2008/12/forging_ssl_cer.html
The only thing this research hopefully does, is to serve as a wake-up call to everyone to stop using MD5 because it was cracked years ago.
[ link to this | view in chronology ]