Comodo SSL证书系统被入侵攻击事件的Comodo官方声明

 网络学院  没有评论 »
3月 242011
 

Report of incident on 15-MAR-2011

An RA suffered an attack that resulted in a breach of one user account of that specific RA.
This RA account was then used fraudulently to issue 9 certificates (across 7 different domains).

All of these certificates were revoked immediately on discovery.
Monitoring of OCSP responder traffic has not detected any attempted use of these certificates after their revocation.

Fraudulently issued certificates

9 certificates were issued as follows:

Domain:  mail.google.com    [NOT seen live on the internet]
Serial:  047ECBE9FCA55F7BD09EAE36E10CAE1E

Domain:  www.google.com  [NOT seen live on the internet]
Serial:  00F5C86AF36162F13A64F54F6DC9587C06

Domain:  login.yahoo.com  [Seen live on the internet]
Serial:  00D7558FDAF5F1105BB213282B707729A3

Domain:  login.yahoo.com    [NOT seen live on the internet]
Serial:  392A434F0E07DF1F8AA305DE34E0C229

Domain:  login.yahoo.com     [NOT seen live on the internet]
Serial:  3E75CED46B693021218830AE86A82A71

Domain:  login.skype.com     [NOT seen live on the internet]
Serial:  00E9028B9578E415DC1A710A2B88154447

Domain:  addons.mozilla.org     [NOT seen live on the internet]
Serial:  009239D5348F40D1695A745470E1F23F43

Domain:  login.live.com     [NOT seen live on the internet]
Serial:  00B0B7133ED096F9B56FAE91C874BD3AC0

Domain:  global trustee     [NOT seen live on the internet]
Serial:  00D8F35F4EB7872B2DAB0692E315382FB0

What didn’t Happen

Our CA infrastructure was not compromised.
Our keys in our HSMs were not compromised.
No other RA was compromised.  No other RA user accounts were compromised.

What Happened

One user account in one RA was compromised.
The attacker created himself a new userID (with a new username and password) on the compromised user account. Continue reading »

Comodo SSL证书系统被入侵攻击事件的回放

 网络学院  没有评论 »
3月 242011
 

内容很长,大家慢慢看.

Detecting Certificate Authority compromises and web browser collusion

Posted March 22nd, 2011 by ioerror

Thanks to Ian Gallagher, Seth Schoen, Jesse Burns, Chris Palmer, and other anonymous birds for their invaluable feedback on this writeup.

The Tor Project has long understood that the certification authority (CA) model of trust on the internet is susceptible to various methods of compromise. Without strong anonymity, the ability to perform targeted attacks with the blessing of a CA key is serious. In the past, I’ve worked on attacks relating to SSL/TLS trust models and for quite some time, I’ve hunted for evidence of non-academic CA compromise in the wild.

I’ve also looked for special kinds of cooperation between CAs and browsers. Proof of collusion will give us facts. It will also give us a real understanding of the faith placed in the strength of the underlying systems.

Does certificate revocation really work? No, it does not. How much faith does a vendor actually put into revocation, when verifiable evidence of malice is detected or known? Not much, and that’s the subject of this writing.

Last week, a smoking gun came into sight: A Certification Authority appeared to be compromised in some capacity, and the attacker issued themselves valid HTTPS certificates for high-value web sites. With these certificates, the attacker could impersonate the identities of the victim web sites or other related systems, probably undetectably for the majority of users on the internet.

I watch the Chromium and Mozilla Firefox projects carefully, because they are so important to the internet infrastructure. On the evening of 16 March, I noticed a very interesting code change to Chromium: revision 78478, Thu Mar 17 00:48:21 2011 UTC.

In this revision, the developers added X509Certificate::IsBlacklisted, which returns true if a HTTPS certificate has one of these particular serial numbers:

047ecbe9fca55f7bd09eae36e10cae1e
d8f35f4eb7872b2dab0692e315382fb0
b0b7133ed096f9b56fae91c874bd3ac0
9239d5348f40d1695a745470e1f23f43
d7558fdaf5f1105bb213282b707729a3
f5c86af36162f13a64f54f6dc9587c06

A comment marks the first as “Not a real certificate. For testing only.” but we don’t know if this means the other certificates are or are not also for testing. Continue reading »