With regard to
DigiNotar SSL certificate hack amounts to cyberwar, says expert
Monday 5 September 2011 18.14 BST http://www.guardian.co.uk/technology/20 ... k-cyberwar
posted 09 05 11 in Current Events under Some More Newsstories
ANOTHER IRAN ATROCITY STORY
posted in Current Events Sun Apr 03, 2011 4:15 pm
Under the 24 March 2011 headline "Iran accused in 'dire' net security attack" BBC claimed:
"Hackers in Iran have been accused of trying to subvert one of the net's key security systems.
"Analysis in the wake of the thwarted attack suggests it originated and was co-ordinated via servers in Iran."
What's this all abut?
Microsoft Security Advisory 2524375 dated 23 March 2011 reported under "Fraudulent Digital Certificates Could Allow Spoofing":
"Microsoft is aware of nine fraudulent digital certificates issued by Comodo, a certification authority present in the Trusted Root Certification Authorities Store on all supported versions of Microsoft Windows.
"Comodo advised Microsoft on March [>] 16, 2011 that nine certificates had been signed on behalf of a third party without sufficiently validating its identity. These certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer."
"A digital certificate is a tamperproof piece of data that packages a public key together with information about it - who owns it, what it can be used for, when it expires, and so forth."
"Certification authorities are the organizations that issue certificates. They establish and verify the authenticity of public keys that belong to people or other certification authorities, and they verify the identity of a person or organization that asks for a certificate."
That is to say, CAs (or RAs = registration authorities) are SUPPOSED TO VERIFY the identity of a person or organization that asks for a certificate.
And when that DOESN'T happen?
In his 25 March 2011 comment "Comodo's SSL certificates: the underlying problem," Jeremy L. Gaddis at evilrouters dot net explicates:
"Comodo, the vendor with such lax security that allowed this to happen, quickly pointed out that the attack originated 'mainly from Iran' (and 'was likely to be a state-driven attack').
"Of course, there’s no way for them to know this. With an attack carried out in a manner such as this one was, I don’t think it’s far-fetched to believe that the attacker was likely coming through a few proxies or compromised hosts."
"The REAL underlying issue — that Comodo barely mentioned — is that 'one user account in one RA was compromised' and allowed this whole incident to occur.
"Yes, you heard that right: 'one user account' is all that stands in the way of a malicious individual, group, or — as Comodo would like you to believe — Iran (it makes for a better story, right?), from obtaining fraudulent SSL certificates for damn near any domain on the Internet."
A couple of years ago, "Patricia from CertStar [a Comodo reseller] wrote that 'a glitch in our validation system has today caused a certificate to be issued to a person who successfully abused our system.' Yeah, a glitch.
"The 'system' is the glitch."
Back to the BBC story. Having passed along another Iran atrocity story, it does end on a sober note:
"Writing on the blog of digital rights lobby group the Electronic Frontier Foundation, Peter Eckersley, said the attack posed a 'dire risk to internet security.'
"'The incident got close to — but was not quite — an internet-wide security meltdown,' he said.
"'We urgently need to start reinforcing the system that is currently used to authenticate and identify secure websites and e-mail systems,' said Mr Eckersley."
Or as Gaddis bluntly states:
"The 'system' is the glitch."