[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Holy shit I caught 1



On Wed, Aug 30, 2006 at 01:55:10PM +0200, Fabian Keil wrote:
> To: or-talk@xxxxxxxxxxxxx
> From: Fabian Keil <freebsd-listen@xxxxxxxxxxxxx>
> Date: Wed, 30 Aug 2006 13:55:10 +0200
> Subject: Re: Holy shit I caught 1
> 
> "Marco A. Calamari" <marcoc1@xxxxxxx> wrote:
> 
> > On Wed, 2006-08-30 at 03:59 -0400, Roger Dingledine wrote:
> > > On Wed, Aug 30, 2006 at 02:52:53AM -0500, Shatadal wrote:
> > > > So does that mean that if I am trying to access an SSL enabled account
> > > > (say gmail or yahoo e-mail), the certificate is a spoofed one being
> > > > provided by the rogue tor node and therefore my login name and password
> > > > are therefore being provided in cleartext to the node operator?
> > > 
> > > Yes, but only if you click "accept" when your Firefox tells you that
> > > somebody is spoofing the site.
> > > 
> > > I often click accept when a site gives me a bogus certificate, because
> > > I want to see the page anyway -- but if I do I know that I shouldn't
> > > expect any security from the site anymore.
> > > 
> > > (And if you're using a browser that doesn't give you warnings for
> > > bogus certificates... you should switch. :)
> > 
> > Just a couple of notes trying to clarify this often over-simplified
> >  world of "bogus" or "valid" certificates.
> 
> > "bugus" certificates give the impression that are fake
> >  certificates; they are self-signed certificates, so are
> >  "valid" by definition. Often there is confusion about
> >  the "validity" of certificates.
>  
> > An authentic certificate by a commercial site is
> >  normally signed by a commercial certification
> >  authority.
> > 
> > Ending this boring explaination; when the
> >  browser open a window about certificates,
> >  read it with great attention and triple
> >  check the origin if it is self-signed.
> 
> How do you triple check a self-signed certificate?
> You can check that it is self-signed, but you
> don't know if it is self-singed by the website
> you want to visit, or self-signed by the man
> in the middle.
> 
> What do you gain, if you know that the traffic
> between you and the man in the middle is secured? 

and there is another issue that hasn't been brought up: even if the
certificate is valid and non-bogus, there may be an attack.

the root CA operators are run by humans, too.  somebody could have the
successor of an expired certificate signed before the legitimate
owner, or intercept the communication between owner and versign and
tamper with the submission process.  i'm sure it's not simple.  all
this cannot go undetected for long, because it knocks out the official
site by invalidating (note: not bogifying) its certificate.  but then
the adversary is not stupid, and even interruptions for a few hours
can do a great of harm to sensitive sites.

i vaguely remember that the microsoft.com https certificate was
renewed by some uninvolved admin a while back, because microsoft
forgot.  does anybody have a pointer?  any other stories?  or any bets
on the first time it is going to bite a larger group of users?


matthias

Attachment: signature.asc
Description: Digital signature