Comodo Attack Sparks SSL Certificate Security Discussions


The recent disclosure about an attack on a Comodo affiliate registration authority has opened a wider conversation about Internet security and SSL certificates.

Wednesday, Comodo revealed a revealed a registration authority had been compromised in a March 15 attack and that the username and password of a Comodo Trusted Partner in Southern Europe were stolen.

Using those credentials, the attacker was able to request nine digital certificates across seven domains, including: login.yahoo.com, mail.google.com, login.skype.com and addons.mozilla.org. According to Comodo, the situation was discovered within hours of the attack and all nine certificates were revoked -- only one of which the company said was seen being used.

The company believes the attack -- which it traced to two IP addresses assigned to an Iranian Internet Service Provider (ISP) -- may have been an effort by the Iranian government to spy on dissidents using Gmail, Skype and other services. But in addition to opening discussions of possible government spying, the situation also has turned a spotlight on one of the basic issues of the Internet -- proper authentication. “There really has never been an ‘SSL trust chain,''' explained Gartner John Pescatore. “SSL in practice only provides transport encryption -- it does not provide any meaningful authentication of the user and only minimal authentication of the server. It has always been way overhyped by the ecommerce world to try to overcome fears in online commerce.”

Security researcher Moxie Marlinspike, who has been well-publicized for his research on attacking SSL, told CRN the existing certificate revocation process “is not viable.” Certificate authorities [CAs] can’t seem to provide a reliable OCSP [Online Certificate Status Protocol] service, so most OCSP implementations fail, he wrote in an e-mail.

“Two years ago I demonstrated an OCSP bypass using my tool sslsniff, and it still hasn't been fixed,” he wrote. “If these attackers have forged certificates, the standard revocation mechanisms aren't going to stop them, which is why the browser vendors had to hardcode the serials into the new browsers they're shipping.”

The anomaly here isn't that this happened, he added, it's that anyone noticed.

“CAs, particularly resellers, have a reputation for terrible validation systems, and getting forged certificates is a pretty low bar,” he argued. “A few years ago, Mike Zusman was able to obtain a certificate for login.live.com (one of the certs obtained in this attack) simply by asking for it. I think it's fair to assume that this sort of thing is happening all the time.”

Next: Browser Weaknesses