
The Spy in the Middle - olefoo
http://www.crypto.com/blog/spycerts/
======
rmorrison
_They found turnkey surveillance products, marketed and sold to law
enforcement and intelligence agencies in the US and foreign countries,
designed to collect encrypted SSL traffic based on forged "look-alike"
certificates obtained from cooperative certificate authorities. The products
(apparently available only to government agencies) appear sophisticated,
mature, and mass-produced, suggesting that "certified man-in-the-middle" web
surveillance is at least commonplace and widespread enough to support an
active vendor community._

I wonder if China, Sudan, or Iran are included on the list of governments that
they're _allowed_ or _willing_ to sell to. If so, the problems that arise from
trusting too many Certificate Authorities would also apply to trusting too
many governments.

~~~
dkimball
With the SSL-subversion boxes mentioned in
<http://www.wired.com/threatlevel/2010/03/packet-forensics/> , I don't think
it matters who's on the list (though I'm sure China is). A small company
selling devices to intercept SSL means that the whole concept is dead. Even if
no one else can acquire their devices, the whole world (that cares to find it
out) now knows that such a man-in-the-middle attack is possible, so it's just
a matter of time before they become much more common.

Worse yet, the company that makes these boxes advertised them at "the world's
largest gathering of North American, Caribbean and Latin American Law
Enforcement, Intelligence and Homeland Security Analysts and Telecom Operators
responsible for lawful interception, electronic investigations and network
Intelligence gathering." Any Mexican drug lord worth his cocaine money (or, of
course, FARC) will now start bribing or scaring some suitable official into
handing over a box or two.

Hopefully we'll discover an alternative approach to ensure online security.
Just having fewer, more reliable CAs would be enough -- although, as I pointed
out elsewhere, the measure of security is ultimately boots on the ground, not
code in the aether.

Update: You're right, there's a trusted Chinese CA. From the Wired article:
"[w]hen Mozilla added a Chinese company, China Internet Network Information
Center, as a trusted Certificate Authority in Firefox this year, it set off a
firestorm of debate, sparked by concerns that the Chinese government could
convince the company to issue fake certificates to aid government
surveillance."

~~~
qjz
The number of CAs doesn't matter. The essential flaw in SSL is that once you
trust a CA, you trust it for all sites. This is what makes a MITM attack so
trivial for someone who is well positioned in a network, and these appliances
just make it that much easier to deploy if you don't have all the skills
yourself.

Another problem is the sheer conceptual complexity of the system. It wouldn't
take much to convince your boss to let you purchase an "SSL proxy" to fight
viruses and commercial espionage, when all you really want is to steal all his
passwords.

------
wmf
We've known that this is possible for years (<http://crypto.stanford.edu/ssl-
mitm/> [http://www.darknet.org.uk/2009/08/sslsniff-v0-6-released-
ssl...](http://www.darknet.org.uk/2009/08/sslsniff-v0-6-released-ssl-mitm-
tool/)), but the fact that it's now a commercial product indicates that it is
actually happening for real.

------
peterwwillis
I think an even better question is: what does it take to become a real CA?
Don't just assume 'oh, it must be really tough' if you don't know for sure.

How much money and what kind of resources would it take some to really create
their own valid CA just for generating forged yet valid certs that browsers
would not flag as invalid when used in a MITM such as those used by the device
in the wired article?

~~~
wmf
It is fairly difficult:
<http://www.mozilla.org/projects/security/certs/policy/>

~~~
peterwwillis
i'm sorry, but, how is that difficult? most of that involves basic procedures
for verifying someone's identity before providing a cert plus an independent
party for auditing and other purposes. you don't even need any money, just to
set up the basic infrastructure and steps for issuing certs as documented in
provided links. i think they basically hinge on the idea that they will match
up your CA with real human beings and verify you gen certs safely, but this is
not a roadblock for an attacker.

i think with time, patience, and an apparent genuine interest in doing things
the right way, anyone could get mozilla to accept their root certificate. (and
then generate certs for the black market for unauthorized people with loads of
cash)

~~~
wmf
CAcert has been trying to get into Mozilla for years and failing:
<http://wiki.cacert.org/InclusionStatus>

