Falsely issued Google SSL certificate in the wild for more than 5 weeks

Filed Under: Google, Law & order, Privacy, Vulnerability

Update: Mozilla have announced out of an abundance of caution that they are releasing new versions of Firefox, Firefox Mobile and Thunderbird to revoke the trust of DigiNotar's root certificate for signing certificates.

I presume this is because DigiNotar has not explained how the Google certificate was signed and to prevent further abuse. This could cause issues for websites who have purchased certificates from DigiNotar.

It remains to be seen whether other browsers will follow in Mozilla's foot steps, but it may be prudent to remove DigiNotar from your trusted certificates until there is further clarification.

Update 2: Google is following Mozilla's lead by marking DigiNotar untrusted in the next release of the Chrome OS (Chromium).

Original post: Reports surfaced this morning that accuse the government of Iran with trying to perform a man-in-the-middle attack against Google's SSL services.

Padlock keyA user named alibo on the Gmail forums posted a thread about receiving a certificate warning about a revoked SSL certificate for SSL-based Google services.

The certificate in question was issued on July 10th by Dutch SSL certificate authority DigiNotar. DigiNotar revoked the certificate today at 16:59:03 GMT, but many browsers do not check for revoked certificates by default.

Rogue Google certificateThe certificate was valid for *.google.com and raises serious questions about who the certificate was issued to, and how it was signed.

Was DigiNotar compromised? Were the perpetrators able to acquire the CA's certificate and sign their own bogus certificate? Or was DigiNotar tricked into signing the certificate for someone pretending to be Google?

The answer to that question is nearly irrelevant as it is simply more evidence that the current CA infrastructure that we have decided to "trust" is totally untrustworthy. It doesn't matter how this happened, it has happened before and unfortunately will happen again.

I recently wrote about Moxie Marlinspike's new project Convergence, which proposes to eliminate the use of certificate authorities and replace the idea with a system of notaries and proxies. I am a big fan of Moxie's project and if you are a Firefox user you may wish to give it a try.

The evidence that Iran was using this certificate to spy on its citizens is circumstantial at best.

We don't know whether this was government initiated or just another random individual like the last Comodo certificate hack.

No httpsEither way, placing trust in more than 600 certificate authorities to be honest and not screw up is quite a leap of faith. Be sure to enable certificate revocation checks in your browsers and take a close look at alternatives like Convergence.

, , , , , , ,

You might like

14 Responses to Falsely issued Google SSL certificate in the wild for more than 5 weeks

  1. buia · 1496 days ago

    The idea of network perspectives is truly great, and I agree that global PKI today is failing. However, the issue I have with Convergence is that, while it may help ensure that you not being MITMed or communicating with services that are using illegitmate certificates, it doesn't really account for the trust-worthiness of the network entity you are conversing with. That's one thing that traditional PKI provides - the ability to trust certain CAs to go through due dilligence to issue certs to organizations that are who they say they are. The problem, I think, is not the concept of third party trust anchors, but rather the overabundance of third parties that are not effectively protecting their cert-issuing infrastructures, whose root certs are baked into IE and Mozilla.

    • Chester Wisniewski · 1496 days ago

      CAs today are doing *NOTHING* useful to verify identity so we still have the same problem. And why should I trust that the DNS record I am resolving is correct? Because it might be man-in-the-middle attacked... But Convergence/Perpectives solves that issue..

      Such a complex problem, but it's good to discuss it openly and try to brainstorm better solutions.

  2. buia · 1496 days ago

    I mean, how could this ever work in an enterprise or government environment? Would endpoints just trust all devices that check out perspectives-wise? How does the concept of perspectives / convergence apply to certificate signing (i.e. signed code, signed documents, etc)?

    It's an awesome idea, but it just doesn't seem to have the completeness we need to replace PKI (and yes, with all due respect to a brilliant and talented researcher, I do believe that level of ambition was expressed by MM). If anyone could educate me on what I'm missing I would really appreciate it :)

    • Chester Wisniewski · 1496 days ago

      Digital signatures aren't dead, but specifically for the purposes of SSL/TLS this appears to be a great solution. Code signing, document signing, etc is still a large problem to tackle and systems like Convergence don't solve that problem.

      It's not about replacing PKI so much as it is about replacing the authenticity component of SSL/TLS with something more controllable and truly trustworthy. I need to decide who I trust and I can promise you that I don't trust 600+ CAs who seemingly issue certificates to make the cash register ring.

      • buia · 1495 days ago

        Great, I think I can agree with you that it's not about replacing PKI, it's just another (powerful) capability within our strategy for network endpoint authentication. So this won't "eliminate" CAs?

        Let's not through the baby out with the bathwater is all I'm saying.

  3. Glenn · 1495 days ago

    When a CA sells a certificate for $9.95 you know that there's not a lot of background effort going on the verify anything.

    • lechuga · 1495 days ago

      yeah it's going to be much better when they sites cut their own certs for free and people are making an individual, manual trust decision for every site they go to.

  4. I usually give attention to the URL rather than the security protocols. If the URL is right, than the website is safe...

    Also, I rely on Norton IdentiySafe to make sure I don't enter password on the wrong site.

    • lechuga · 1495 days ago

      here's the problem folks. this person doesn't even understand why it's important to use SSL, and we are expecting our global internet user base to make individual trust decisions on which proxies/notaries to use and which sites to trust.

      • Chester Wisniewski · 1495 days ago

        No, if browsers integrate support for notaries and supply a default trusted list the average user will still be better off than today. If you disagree with the default notaries and want to muck about, you can run your own or choose the ones you prefer to trust.

        This isn't a perfect solution, but far better than what we are doing today.

  5. Kim · 1495 days ago

    Help!! I am VERY unsavvy with IT stuff, but read all the SOPHOS posts as I have had a few problems with security on some of my sites and have had contacts on FB and googlemail copied and used by someone sending spam from me, as well having just had someone use my bank card details to buy airtickets and hotel rooms!!! which I can only imagine they got from me using it online to buy things with??
    What are certificates for, and how do I know if any of the other certificates I have are "good" or bad? I followed Firefox instructions are how to delete the Diginotar certificate as it was on my machine. I have loads of other certificates listed..... do I need to do anything? Thanks for any advice or constructive comments.

  6. MITM'ed · 1495 days ago

    With the problems I'm currently having with MITM attacks, I'm willing to try anything. The problem is that my Firefox doesn't install the Convergence addon as it's incompatible with Firefox 6.0.

    Unfortunately those who we need to trust don't do a very good job of [i]earning[/i] that trust. We need to be able to trust CA's and VPN providers for our online security, but when we are hit by fake certificates or have to use VPN services that even after we show them, and they concede, that their system is flawed and open to MITM attacks they still refuse to make a simple change to mitigate the problem, then the Internet becomes a very unsafe place to go to.

    BTW, that Comodo certificate hack was done by no random individual.

    • Chester Wisniewski · 1495 days ago

      I contacted Moxie Marlinspike (the author of Convergence) and he is working on Firefox 6 compatibility. It also appears to have sparked a discussion with some Mozilla developers that could make it easier for extensions like Convergence to stay current for the accelerated release cycle that Firefox has moved to.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.