27 March 2011

Comodo "SSL certificate" incident and what it means for you

For those of you who missed all the news coverage, here's a quick (and hopefully straightforward) explanation of the issue.

What is this?

Executive summary: The way secure communications is handled on the internet is broken, and a recent attack higlighted that. People running the latest version of their browsers are protected.

Whenever you visit a web site, your're either accessing that site through HTTP, the Hypertext Transfer Protocol, or via HTTP inside TLS (Transport Layer Security), aka HTTPS.

With HTTP, anything you do can be watched, recorded, etc by any entity between you and the site you are trying to visit. These entities include your ISP, various internet providers your ISP has peering agreements with, or anybody who is on the same Wifi (or sometimes wired) connection as you.

HTTPS encrypts your traffic to prevent such "man in the middle" attacks. Because the entire connection is private, it can be harder for organizations to filter out specific HTTPS sites.

My personal website is available via HTTPS, and your browser accepts that it is connecting to me and not an impostor because GeoTrust / RapidSSL checked the domain records to find my contact information, and called me up to make sure I am who I say I am.

To ensure that when you connect to a site, you are actually connecting to that site and not a malicious attacker, your web browser relies on Certificate Authorities, which vouch for a site's identity. Any CA can vouch for any domain, and there are almost 50 such entities which Mozilla Firefox fully trusts. Microsoft trusts hundreds, including a variety of governments ranging from France to South Korea to  Hong Kong.

What happened?

Recently one of these CAs, Comodo, was compromised, insofar as somebody was able to get a signed certificate for a domain they did not own. From what I understand, the attacker gained control of a reseller account at Comodo, and there were inadequate checks to prevent the now compromised account from issuing fraudulent certificates.

In this case, they were able to obtain certificates for the log in pages of Google, Yahoo, Windows Live, and Skype, as well as the Mozilla Addons site. Full details are in their incident report. Based on their initial analysis, the attack appears to be sourced from within Iran, and Comodo has concluded that the breach was orchestrated by the state.

Since Comodo's certificates are trusted by all major browsers, these sites can be impersonated by others, even though none of the targeted sites used Comodo.

Why should I care?

The Iranian government or another organization controlling those certificates can intercept usernames and passwords, and access private information. This is of primary concern to Iranian dissidents, but could be used by the government there to target anybody they don't like, given the right circumstances.

What can I do about it?

Well, this breach has shown that the process for revoking a certificate is horribly broken, since most browsers do not check to see if a certificate is still valid. Fortunately, the major browser vendors (Mozilla, Google, and Microsoft) have all issued updates, so if you are running the most updated version of your browser (which you should be doing anyway!) then you are protected against this specific attack. ((Well, Apple hasn't as of this writing, but you can work around it via this  method))

However, the incident shines light on the wider issue of the way our internet trust model works: allowing hundreds of unrelated organizations to vouch authoritatively that somebody else is who they say they are. This is a hard problem in information security to solve, and most of the proposed alternatives (cough DNSSEC) also suffer from having a trusted issuer. It will be interesting to see if any decentralized alternatives to CAs gain traction because of the Comodo affair.

No comments:

Post a Comment

Note: only a member of this blog may post a comment.