A mighty fortress is our PKI, Part III
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Wed Sep 15 11:39:47 EDT 2010
Some more amusing anecdotes from the world of PKI:
- A standard type of fraud that's been around for awhile is for scammers to
set up an online presence for a legit offline business, which appears to
check out when someone tries to verify it. A more recent variation on this
is to buy certs for legit businesses. One of these certs was traced back by
a security researcher who found that the scammers had obtained it through
the incredibly devious trick of shopping round commercial CAs until they
found one that was prepared to sell them a certificate.
- In a repeat of the original race to the bottom with non-EV certs, CA's have
issued EV certs for RFC 1918 addresses (!!!). What makes this particularly
entertaining is that in combination with a router warkitting attack and
Moxie Marlinspike's OCSP faking it allows an attacker to spoof any EV-cert
site.
- The list of people who have bought certificates for Apple from commercial
CAs keeps on growing (I guess Microsoft is just so five minutes ago :-).
For example one SMTP admin needed a cert for his server and wondered what
would happen if he asked for one for *.apple.com instead of his actual
domain name. $100 and a cursory check later he had a wildcard cert for
Apple. At least two more users have reported buying certificates for Apple,
and there are probably even more lurking out there - if you too have a
certificate from a certificate vending machine saying that you're Apple, do
get in touch
- There's malware out there that pokes fake Verisign certificates into the
Windows trusted cert store, allowing the malware authors to be their own
Verisign.
- CAs have issued certs to cybercrime web sites like
https://www.pay-per-install.com (an affiliate program for malware
installers), because hey, the Russian mafia's money is as good as anyone
else's.
- One of the most important things a CA needs to manage is certificate serial
numbers, because the combination { CA name, cert serial number } is a unique
identifier used in lots of security protocols to identify certs. Without
this uniqueness, you can't tell who signed something, you can't revoke a
cert, you can't... well, you get the idea. Not only have commercial CAs
issued certs with duplicate serial numbers, they've issued *CA certs* with
duplicate serial numbers. Ouch!
(When this was pointed out to the CA who did this - "oops, my bad, we'll get
those re-issued for you" - someone else pointed out that their OCSP
responder certs had expired, which none of the CA's clients appeared to have
noticed until then. "Yeah, we'll look into fixing those too. Anything else
while we're at it?").
If anyone has any further amusing PKI stories, please get in touch, I'd love
to add a Part IV to this series.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list