The way you position yourself in the network infra-structure is of
very importance when doing data collection.
Users of a given ISP may have rogue certificates while others at the
same country but another ISP may not. We as researchers need to
position ourselves at different network scopes in orde
Hi,
> study this more carefully and sooner as possible. SSL Observatory from
> EFF is a step forward but we need more.
Their distributed observatory is probably going to help much here, but I
can offer the data sets from our paper. I'll put the paper online
tomorrow and paste the link here.
> 1
Let's be honest, without any methamatical/design/architectural
assumptions, about the current PKI practical context. One of the
weakest links of PKI is trust delegation to some sort of governement
based legislated system. As said, somewhere on this maling list, CA's
are companies in those same legi
Hi,
Sorry, but this is too good. This is the Bavarian tax office, and ELSTER
is the government's tax software:
C=DE, ST=Bayern, L=Muenchen, O=Bayerisches Landesamt fuer Steuern -
Dienststelle Muenchen, OU=ELSTER, CN=Elster HTTPS-Client, 41
I seem to live in the country of offenders.
Ralph
--
D
Hi,
> Oh, now it makes sense, those are mostly router certs (and various other certs
> from vendors who create broken certs like the Plesk ones). You won't just
> find them in Korea, they're everywhere, in vast numbers, but (at least for the
> router certs) they're usually only visible from the L
Randall Webmail writes:
>Does this warkitting require physical access to the router?
No, it's all remotely done.
(This is why I have two different routers from different vendors between me
and the public internet, and have had this setup for about a decade now).
Peter.
From: "Peter Gutmann"
To: cryptography@randombit.net
Sent: Monday, September 19, 2011 2:32:21 PM
Subject: Re: [cryptography] Another data point on SSL "trusted" root
CA reliability (S Korea)
Ralph Holz writes:
>In terms of warkitting routers, they'r
Ralph Holz writes:
>I am wondering if we can't get our hands on such a router and do a proof-of-
>concept. Anyone in?
In terms of warkitting routers, they're pretty much all vulnerable [0], so all
you'd need to do after that is exploit the "CA" certs. OTOH if you can warkit
a router you can als
Hi,
> Why do we assume that government spies will go to such lengths to get
> at an individual's data, when a downloaded root-kit on the target PC
> suffices?
Because some governments like spying on Gmail accounts.
I would agree with you if your goal is to snoop on a dissident, there
are easier
Hi,
>> http://www.meleeisland.de/issuer_ca_on_eff.csv
>
> Oh, now it makes sense, those are mostly router certs (and various other certs
> from vendors who create broken certs like the Plesk ones). You won't just
Hm. I agree that many are router certs, certainly those with brand names
of networ
Ralph Holz writes:
>I don't think so. Here is a list of "COUNT(issuers), issuers" from the EFF
>dataset. Only those counted that appeared > 200 times.
>
>http://www.meleeisland.de/issuer_ca_on_eff.csv
Oh, now it makes sense, those are mostly router certs (and various other certs
from vendors who
Hi,
>> In the EFF dataset of the full IPv4 space, I find 773,512 such certificates.
>
> Could these be from the bizarro Korean DIY PKI (the NPKI) that they've
> implemented? Could you post (or email) some of the certs?
I don't think so. Here is a list of "COUNT(issuers), issuers" from the
EFF d
Ralph Holz writes:
>In the EFF dataset of the full IPv4 space, I find 773,512 such certificates.
Could these be from the bizarro Korean DIY PKI (the NPKI) that they've
implemented? Could you post (or email) some of the certs?
Peter.
___
cryptography
Hi,
True, we found about 80 distinct certificates that had subject
"Government of Korea" and CA:TRUE [1].
In our full dataset from April 2011, however, we found about 30k
certificates with this property. None of them had valid chains to the
NSS root store. The numbers do not seem to change over t
On 2011-09-18 1:18 PM, Arshad Noor wrote:
Why do we assume that government spies will go to such lengths to get
at an individual's data, when a downloaded root-kit on the target PC
suffices?
The government has less ability, but no more ability, to rootkit your
computer than do ten thousand Nig
On 09/17/2011 08:01 PM, James A. Donald wrote:
On 2011-09-18 12:03 PM, Arshad Noor wrote:
Why is it the most plausible assumption? Isn't it far easier to
replace the cryptographic libraries on PCs with one that has a
"wrapper" that copies all payloads before encryption and after
decryption, and
On 2011-09-18 12:03 PM, Arshad Noor wrote:
Why is it the most plausible assumption? Isn't it far easier to
replace the cryptographic libraries on PCs with one that has a
"wrapper" that copies all payloads before encryption and after
decryption, and transmits the payload to the snooper?
That is
On 09/17/2011 09:03 PM, Arshad Noor wrote:
On 09/17/2011 06:37 PM, Marsh Ray wrote:
It's not entirely clear that a trusted CA cert is being used in
this attack, however the article comes to the conclusion that
HTTPS application data is being decrypted so it's the most
plausible assumption.
Wh
On 09/17/2011 06:37 PM, Marsh Ray wrote:
It's not entirely clear that a trusted CA cert is being used in this
attack, however the article comes to the conclusion that HTTPS
application data is being decrypted so it's the most plausible assumption.
Why is it the most plausible assumption? Isn'
Been seeing Twitter from @ralphholz, @KevinSMcArthur, and @eddy_nigg
about some goofy certs surfacing in S Korea with CA=true.
via Reddit http://www.reddit.com/tb/kj25j
http://english.hani.co.kr/arti/english_edition/e_national/496473.html
It's not entirely clear that a trusted CA cert is bein
20 matches
Mail list logo
