[Owasp-portuguese] Fwd: A mighty fortress is our PKI

Jorge Pinto jorge.pinto at gmail.com
Fri Jul 23 05:16:30 EDT 2010


Boas,

Apesar de não estar directamente ligado a segurança aplicacional a
utilização de certificados nos sites é usada muita vezes (demasiadas) como
um argumento que o site é "seguro". Este artigo que apareceu noutra mailing
list é uma prova que este tipo de argumento é falso e só vem introduzir
descrédito na forma como estes são emitidos. A minha opinião desde sempre é
que a emissão de certificados digitais deveria ser feita por uma entidade
supra-nacional e confiável, além de que o tipo particular de certificado
referido no email não deveria sequer ser confiado.

Comentários?


-----Original Message-----
From: owner-cryptography at metzdowd.com [mailto:
owner-cryptography at metzdowd.com] On Behalf Of Peter Gutmann
Sent: quinta-feira, 22 de Julho de 2010 8:48
To: cryptography at metzdowd.com
Subject: A mighty fortress is our PKI

Readers are cordially invited to go to https://edgecastcdn.net and have a
look
at the subjectAltName extension in the certificate that it presents.  An
extract is shown at the end of this message, this is just one example of
many
like it.  I'm not picking on Edgecast specifically, I just used this one
because it's the most Sybilly certificate I've ever seen.  You'll find that
this one Sybil certificate, among its hundred-and-seven hostnames, includes
everything from Mozilla, Experian, the French postal service, TRUSTe, and
the
Information Systems Audit and Control Association (ISACA), through to
Chainlove, Bonktown, and Dickies Girl (which aren't nearly as titillating as
they sound, and QuiteSFW).  Still, who needs to compromise a CA when you
have
these things floating around on multihomed hosts and CDNs.

Ian Grigg pointed out that this is also an EV certificate, I'm guessing that
CDNs and multihomed hosts run into the same system-high problem that dogged
MLS systems in the 1980s, they have to use the certificate at the highest
level of any of the constituent domains.  So if you compromise (say)
inpath-static.iseatz.com (which consists of a page that says "We're sorry,
but
something went wrong") or images.vrbo.com ("Directory Listing Denied") then
you have an EV-validated site.  So the overall EV security becomes that of
the
least secure co-hosted domain.

I've tried connecting to the above site with HTTPS and get a normal non-EV
Sybil certificate even though it's rooted in an EV CA... well,
pseudo-rooted,
the "root" is then signed by an old Entrust certificate, and the certificate
itself is another multi-domain one, for Delta, Amtrak, Air France, KLM,
Alaska
Air, and others.  I wonder if they have some context-specific way to
override
EV on a per-site basis when it's used with Sybil certificates?  At the
moment
it's rather hard to test because depending on where you are in the world you
get different views of servers and certificates (for example when I connect
to
ISACA, which is an EV site, I get a standard non-Sybil certificate that's
only
valid for ISACA), and finding a particular hostname in a Sybil certificate
doesn't mean that you'll see that particular certificate when you connect to
the server.

(Again, not wanting to pick on ISACA here, but finding a security audit
organisation sharing a certificate with Dickies Girl is kinda funny.  You'd
think there'd be a security audit process to catch this :-).

What a mess!  A single XSS/XSRF/XS* attack, or just a plain config problem,
and the whole house of cards comes down.

(For the TLS folks, SNI (a client-supplied Server Name Indication when it
 connects) won't fix this because (a) it's not widely-enough supported yet
and
 (b) the server admin would have to buy 107 separate certificates to do the
 job that's currently done by one Sybil certificate, and then repeat this
for
 every other Sybil certificate they use).

 666 2633:         SEQUENCE {
 670    3:           OBJECT IDENTIFIER subjectAltName (2 5 29 17)
 675 2624:           OCTET STRING, encapsulates {
 679 2620:             SEQUENCE {
 683   15:               [2] 'edgecastcdn.net'
 700   18:               [2] 'ne.edgecastcdn.net'
 720   21:               [2] 'minitab.fileburst.com'
 743   30:               [2] 'cdn.montimbrenligne.laposte.fr'
 775   27:               [2] 'zeroknowledge.fileburst.com'
 804   23:               [2] 'images.goldstarbeta.com'
 829   25:               [2] 'radialpoint.fileburst.com'
 856   19:               [2] 'wac.edgecastcdn.net'
 877   22:               [2] 'ne.wac.edgecastcdn.net'
 901   19:               [2] 'images.goldstar.com'
 922   15:               [2] 'images.vrbo.com'
 939   12:               [2] 'cdn.vrbo.com'
 953   18:               [2] 'content.truste.com'
 973   13:               [2] 'e1.boxcdn.net'
 988   13:               [2] 'e2.boxcdn.net'
1003   13:               [2] 'e3.boxcdn.net'
1018   25:               [2] 'privacy-policy.truste.com'
1045   13:               [2] 'www.sonos.com'
1060   19:               [2] 'www.dickiesgirl.com'
1081   26:               [2] 'static-cache.tp-global.net'
1109   29:               [2] 'images.homeawayrealestate.com'
1140   14:               [2] 'cdn.verint.com'
1156   13:               [2] 'swf.mixpo.com'
1171   21:               [2] 'cdn.traceregister.com'
1194   14:               [2] 's.tmocache.com'
1210   17:               [2] 's.my.tmocache.com'
1229   23:               [2] 'ne1.wpc.edgecastcdn.net'
1254   23:               [2] 'gp1.wpc.edgecastcdn.net'
1279   23:               [2] 'gs1.wpc.edgecastcdn.net'
1304   23:               [2] 'ne1.wac.edgecastcdn.net'
1329   23:               [2] 'gp1.wac.edgecastcdn.net'
1354   23:               [2] 'gs1.wac.edgecastcdn.net'
1379   24:               [2] 'c1.socialcastcontent.com'
1405   21:               [2] 'www.steepandcheap.com'
1428   22:               [2] 'www.whiskeymilitia.com'
1452   17:               [2] 'www.chainlove.com'
1471   16:               [2] 'www.tramdock.com'
1489   16:               [2] 'www.bonktown.com'
1507   16:               [2] 'www.brociety.com'
1525   15:               [2] 'www.mozilla.com'
1542   22:               [2] 'resources.homeaway.com'
1566   21:               [2] 'ssl-cdn.sometrics.com'
1589   35:               [2] 'cache.vehicleassets.captivelead.com'
1626   17:               [2] 'static.woopra.com'
1645   20:               [2] 'images.cardstore.com'
1667   15:               [2] 'images.ink2.com'
1684   32:               [2] 'resources.homeawayrealestate.com'
1718   18:               [2] 'cdn1.adadvisor.net'
1738   24:               [2] 'www.pictureitpostage.com'
1764   26:               [2] 'images.vacationrentals.com'
1792   34:               [2] 'serviceportal.carestreamhealth.com'
1828   23:               [2] 'assets-secure.razoo.com'
1853   29:               [2] 'resources.vacationrentals.com'
1884   23:               [2] 'download.entraction.com'
1909   12:               [2] 'ec.pond5.com'
1923   21:               [2] 'images.esellerpro.com'
1946   15:               [2] 'use.typekit.com'
[etc]

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

AVISO DE CONFIDENCIALIDADE

Esta mensagem e quaisquer ficheiros anexos a ela são confidenciais e
destinam-se a uso exclusivo da pessoa ou entidade
a quem são dirigidos. Se não é o destinatário da mensagem ou a pessoa
responsável pelo seu encaminhamento ao respectivo
destinatário, fica informado de que recebeu esta mensagem por engano, e de
que qualquer utilização, distribuição,
reencaminhamento ou outra forma de revelação a outrem, impressão, ou cópia
desta mensagem é expressamente proibida.
Se recebeu esta mensagem por engano deverá destrui-la, eliminá-la do
sistema, e informar o remetente ou o Banco BPI,SA.
O Banco BPI, SA utiliza software anti-virus. No entanto, não obstante terem
sido tomadas todas as precauções, não pode
garantir que a mensagem e seus anexos não contém virus. É, assim, da
responsabilidade do destinatário assegurar que esta
mensagem e seus anexos são submetidos a detector de virus antes de serem
utilizados. Alerta-se no entanto que as mensagens
transmitidas por este meio podem ser interceptadas, corrompidas, perdidas,
destruidas ou chegarem ao destino com atraso.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-portuguese/attachments/20100723/d95b4173/attachment.html 


More information about the Owasp-portuguese mailing list