FYI: pervasive mass internet surveillance by the US military with the active cooperation of large US telcos AT&T, Verizon, and others already enables this capability in the US and much of the rest of the world.
The surveillance allows them to read the TCP sequence numbers or DNS query IDs, and then spoof valid response packets.
DNS usually isn’t, and TLS still runs over TCP, which is vulnerable to this type of hijacking, so yes, it is indeed still relevant due to both resolution as well as transport layer.
NSA would be very bad at their job indeed if they couldn’t issue valid TLS certificates for any domain to themselves.
There are 270+ CAs out there. All the NSA has to do is compromise the CA cert keys of one of them and they can then generate their own valid certs, completely disconnected from CT. All CT tells you is somebody goofed, was tricked into issuing a cert, or an account was compromised and an attacker generated a cert. In other words, not-super-advanced attacks.
The NSA have plenty of tricks. They intercept devices being shipped around the country/world, they tap cables, they dig into airgapped networks, they compromise satellites, they compromise the internal networks of the world's biggest corporations. They've been doing this for decades. If we don't believe they can compromise one organization out of 270...
> and they can then generate their own valid certs, completely disconnected from CT
Aren't browsers now requiring that certificates from many CAs (if not all of them) are submitted to CT before they are accepted as valid by the browser? That is, a certificate without an attached CT proof, even if it has a valid signature from the CA, will be treated as invalid.
(However, given what's being talked about (MITM of software update servers), this might be enough if the libraries being used by the software updater are not as strict as the browsers, and don't require an attached CT proof.)
The NSA released a who-knows-how-many-day in crypto32.dll to Microsoft recently that allows one to bypass app/driver EC certificate verification. It’s
called CVE-2020-0601.
My assumption is that they had it for years and released it for patching the moment they detected anyone else using it.
It’s not TLS, but it’s close. I still think they’d be bad at their job if they didn’t have some method of getting valid certs, and I don’t think they are bad at their job. With bulk collection they may be able to spoof replies to LE DNS verification. There are lots of avenues.
The surveillance allows them to read the TCP sequence numbers or DNS query IDs, and then spoof valid response packets.
It’s called QUANTUMINSERT.
https://blog.fox-it.com/2015/04/20/deep-dive-into-quantum-in...