Security

Firefox 3 SSL certificate warnings

Users of Firefox 3 have likely seen the new warnings for various "invalid" SSL certificates. Unlike earlier versions of Firefox, these new warnings are much scarier, as well as more difficult to ignore—clicking through to the web site is decidedly more time consuming. This is exactly as the Mozilla folks intend, but it has raised some eyebrows, and ire, amongst site owners and Firefox users.

SSL certificates are used to enable encrypted communication (i.e. https) between browsers and web sites. Web site owners generate a public and private key for use in the encryption. The public key gets wrapped up in an X.509 certificate and must be signed by someone. For larger sites, it is typically a certificate authority (CA) that signs the certificate, but that generally costs money. Many smaller sites will sign their own certificate creating what is known as a self-signed certificate

As part of the negotiation of an encrypted connection, a web site will present its certificate to the browser. In order to prevent man-in-the-middle attacks against the encrypted connection, the browser needs to verify that the certificate belongs to the web site it believes it is talking to. It does that by verifying the signature of the CA.

A signature can only be verified if the browser has the public key of the CA that has signed the certificate. Because there are a multitude of CAs, a "web of trust" is established whereby a number of root CAs sign the certificate of lesser CAs, who might in turn sign for other CAs. A browser developer, like Mozilla, chooses a set of root certificates that they trust. When verifying the certificate from some random website, the browser follows the signature chain; if it reaches one of their root certificates, the web site certificate is valid. A self-signed certificate will, of course, fail this test.

When a user comes across a site that has such a certificate, Firefox 3 puts up a nasty warning. The images that accompany this article are screenshots of the warning, along with two of the three steps one must take to accept the certificate. They were generated by visiting https://bugzilla.gnome.org. The days of a single pop-up message that could easily be clicked through are long gone.

There are a few different issues here. To start with, there are a large number of legitimate sites that have self-signed certificates. In order to access those sites, users are being trained to click through a series of dialogs and scary ("Legitimate banks, stores, and other public sites will not ask you to do this") warnings, just as they were trained to do with single pop-up message in earlier Firefox versions.

Mozilla's position is that self-signed certificates are untrustworthy, not invalid necessarily, but not something that the browser can trust without asking the user. Because most users are not very sophisticated, the warnings need to be detailed and somewhat frightening. The problem is that users of all kinds may get annoyed by the dialogs—then train themselves to essentially ignore them.

Because there are CAs, like StartSSL, that provide free certificate signing (as well as others that cost less than $20/year), Mozilla is clearly trying to push web sites into moving away from self signing. There is a risk of man-in-the-middle attacks from self-signed certificates because anyone can create certificate that purports to be for any other given web site. To some extent, though, the level of danger depends on what the encryption is trying to protect.

For sites that do e-commerce or transmit and receive sensitive information, there is no question that a CA signed certificate is required. There are other reasons to encrypt traffic, though, including evading deep packet inspection (DPI), where the risks of accepting a bogus certificate are relatively low. One might get ads injected into their web browser inappropriately—annoying, but hardly fatal.

There is no simple solution. Mozilla is erring on the side of caution by trying to protect its users while still allowing them to override its protections. Other techniques, possibly like the Perspectives Firefox extension, may help alleviate the problem in the long term. Until then, we may have to just grit our teeth and click our way past the multiple warnings.

Comments (29 posted)

Brief items

CERT warns about SSH key-based attacks

CERT has sent out an advisory on key-based attacks being used against Linux systems. "The attack appears to initially use stolen SSH keys to gain access to a system, and then uses local kernel exploits to gain root access. Once root access has been obtained, a rootkit known as 'phalanx2' is installed." There's no talk of where the original stolen keys come from. CERT's advice includes disabling key-based authentication, which, of course, runs counter to the advice given to those trying to defend against brute-force password-guessing attacks.

Comments (23 posted)

Perspectives: an extension to block man-in-the-middle attacks

A group at Carnegie Mellon University has announced the availability of a Firefox extension called "Perspectives"; its purpose is to provide an independent verification of SSL HTTP connections. "Perspectives employs a set of friendly sites, or 'notaries,' that can aid in authenticating Web sites for financial services, online retailers and other transactions requiring secure communications. By independently querying the desired target site, the notaries can check whether each is receiving the same authentication information, called a digital certificate, in response." The system also gets rid of the obnoxious Firefox popups associated with self-signed certificates; more information on the Perspectives page.

Full Story (comments: 24)

Revealed: The Internet's Biggest Security Hole (Wired)

Wired covers a talk given at DefCon about vulnerabilities in the Border Gateway Protocol (BGP) which is the protocol used to advertise routes for internet traffic. The attack can hijack packets bound for a particular IP address, then silently send them on to the proper destination—possibly after modifying them. "The issue exists because BGP's architecture is based on trust. To make it easy, say, for e-mail from Sprint customers in California to reach Telefonica customers in Spain, networks for these companies and others communicate through BGP routers to indicate when they're the quickest, most efficient route for the data to reach its destination. But BGP assumes that when a router says it's the best path, it's telling the truth. That gullibility makes it easy for eavesdroppers to fool routers into sending them traffic."

Comments (17 posted)

New vulnerabilities

ipsec-tools: two denial of service vulnerabilities

Package(s):	ipsec-tools	CVE #(s):	CVE-2008-3651 CVE-2008-3652
Created:	August 27, 2008	Updated:	May 19, 2009
Description:	From the Red Hat advisory: Two denial of service flaws were found in the ipsec-tools racoon daemon. It was possible for a remote attacker to cause the racoon daemon to consume all available memory. (CVE-2008-3651, CVE-2008-3652)
Alerts:	SuSE SUSE-SR:2009:004 2009-02-17 Gentoo 200812-03 2008-12-02 SuSE SUSE-SR:2008:025 2008-11-14 Fedora FEDORA-2008-9016 2008-11-07 Fedora FEDORA-2008-9007 2008-11-07 Ubuntu USN-641-1 2008-09-09 Mandriva MDVSA-2008:181 2007-08-28 CentOS CESA-2008:0849 2008-08-27 Red Hat RHSA-2008:0849-01 2008-08-26

Comments (none posted)

java: vulnerable versions can be requested by applet

Package(s):	java	CVE #(s):	CVE-2008-3115
Created:	August 25, 2008	Updated:	November 18, 2009
Description:	From the SUSE advisory: CVE-2008-3115: Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities in these older releases.
Alerts:	Gentoo 200911-02 2009-11-17 SuSE SUSE-SA:2008:042 2008-08-25

Comments (none posted)

kernel: several vulnerabilities

Package(s):	kernel	CVE #(s):	CVE-2008-2931 CVE-2008-3272 CVE-2008-3275
Created:	August 26, 2008	Updated:	September 1, 2010
Description:	From the Ubuntu advisory: The do_change_type routine did not correctly validation administrative users. A local attacker could exploit this to block mount points or cause private mounts to be shared, leading to denial of service or a possible loss of privacy. (CVE-2008-2931) Tobias Klein discovered that the OSS interface through ALSA did not correctly validate the device number. A local attacker could exploit this to access sensitive kernel memory, leading to a denial of service or a loss of privacy. (CVE-2008-3272) Zoltan Sogor discovered that new directory entries could be added to already deleted directories. A local attacker could exploit this, filling up available memory and disk space, leading to a denial of service. (CVE-2008-3275)
Alerts:	SUSE SUSE-SA:2010:036 2010-09-01 Red Hat RHSA-2008:0787-01 2009-01-05 CentOS CESA-2009:0014 2009-01-15 CentOS CESA-2008:0973 2008-12-17 Red Hat RHSA-2008:0973-03 2008-12-16 Mandriva MDVSA-2008:220-1 2008-11-19 CentOS CESA-2008:0972 2008-11-20 Red Hat RHSA-2008:0972-01 2008-11-19 SuSE SUSE-SR:2008:025 2008-11-14 Red Hat RHSA-2009:0001-01 2009-01-08 Mandriva MDVSA-2008:220 2008-10-29 SuSE SUSE-SA:2008:052 2008-10-21 Red Hat RHSA-2008:0857-02 2008-10-07 SuSE SUSE-SA:2008:049 2008-10-02 SuSE SUSE-SA:2008:048 2008-10-01 SuSE SUSE-SA:2008:047 2008-10-01 Red Hat RHSA-2009:0014-01 2009-01-14 CentOS CESA-2008:0885 2008-09-25 Red Hat RHSA-2008:0885-01 2008-09-24 Debian DSA-1636-1 2008-09-11 SuSE SUSE-SA:2008:044 2008-09-11 Ubuntu USN-637-1 2008-08-25

Comments (none posted)

libxml2: denial of service

Package(s):	libxml2	CVE #(s):	CVE-2008-3281
Created:	August 22, 2008	Updated:	December 2, 2008
Description:	From the Mandriva advisory: Andreas Solberg found a denial of service flaw in how libxml2 processed certain content. If an application linked against libxml2 processed such malformed XML content, it could cause the application to stop responding
Alerts:	Gentoo 200812-06 2008-12-02 rPath rPSA-2008-0325-1 2008-11-19 Fedora FEDORA-2008-8575 2008-10-03 Fedora FEDORA-2008-8582 2008-10-03 SuSE SUSE-SR:2008:018 2008-09-19 Ubuntu USN-644-1 2008-09-11 Mandriva MDVSA-2008:192 2007-09-11 Fedora FEDORA-2008-7395 2008-09-05 Fedora FEDORA-2008-7724 2008-09-05 Ubuntu USN-640-1 2008-09-03 CentOS CESA-2008:0836 2008-08-27 Mandriva MDVSA-2008:180-1 2007-08-26 Debian DSA-1631-2 2008-08-26 CentOS CESA-2008:0836-02 2008-08-23 Debian DSA-1631-1 2008-08-22 Red Hat RHSA-2008:0836-02 2008-08-21 Mandriva MDVSA-2008:180 2007-08-21

Comments (none posted)

openoffice.org: numeric truncation error

Package(s):	openoffice.org	CVE #(s):	CVE-2008-3282
Created:	August 27, 2008	Updated:	October 31, 2008
Description:	From the Red Hat advisory: A numeric truncation error was found in the OpenOffice.org memory allocator. If a carefully crafted file was opened by a victim, an attacker could use this flaw to crash OpenOffice.org or, possibly, execute arbitrary code. (CVE-2008-3282)
Alerts:	Fedora FEDORA-2008-7680 2008-09-05 Fedora FEDORA-2008-7531 2008-09-05 CentOS CESA-2008:0835 2008-08-30 Red Hat RHSA-2008:0835-01 2008-08-27

Comments (none posted)

tiff: arbitrary code execution

Package(s):	tiff	CVE #(s):	CVE-2008-2327
Created:	August 26, 2008	Updated:	December 4, 2009
Description:	From the Debian alert: Drew Yao discovered that libTIFF, a library for handling the Tagged Image File Format, is vulnerable to a programming error allowing malformed tiff files to lead to a crash or execution of arbitrary code.
Alerts:	Mandriva MDVSA-2009:169-1 2009-12-03 Mandriva MDVSA-2009:169 2009-07-28 Mandriva MDVSA-2009:150 2009-07-13 CentOS CESA-2008:0847 2008-10-03 SuSE SUSE-SR:2008:018 2008-09-19 Fedora FEDORA-2008-7370 2008-09-05 Fedora FEDORA-2008-7388 2008-09-05 Gentoo 200809-07 2008-09-08 rPath rPSA-2008-0268-1 2008-09-04 Mandriva MDVSA-2008:184 2007-09-03 Ubuntu USN-639-1 2008-09-02 CentOS CESA-2008:0848 2008-08-30 CentOS CESA-2008:0863 2008-08-29 Red Hat RHSA-2008:0863-01 2008-08-28 Red Hat RHSA-2008:0848-01 2008-08-28 Red Hat RHSA-2008:0847-01 2008-08-28 Debian DSA-1632-1 2008-08-26

Comments (none posted)

tomcat: multiple vulnerabilities

Package(s):	tomcat	CVE #(s):	CVE-2008-1232 CVE-2008-2370 CVE-2008-2938
Created:	August 27, 2008	Updated:	February 17, 2009
Description:	From the Red Hat advisory: A cross-site scripting vulnerability was discovered in the HttpServletResponse.sendError() method. A remote attacker could inject arbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232) A traversal vulnerability was discovered when using a RequestDispatcher in combination with a servlet or JSP. A remote attacker could utilize a specially-crafted request parameter to access protected web resources. (CVE-2008-2370) An additional traversal vulnerability was discovered when the "allowLinking" and "URIencoding" settings were activated. A remote attacker could use a UTF-8-encoded request to extend their privileges and obtain local files accessible to the Tomcat process. (CVE-2008-2938)
Alerts:	SuSE SUSE-SR:2009:004 2009-02-17 Red Hat RHSA-2008:0864-02 2008-10-02 Red Hat RHSA-2008:0862-02 2008-10-02 SuSE SUSE-SR:2008:018 2008-09-19 Fedora FEDORA-2008-8113 2008-09-16 Fedora FEDORA-2008-8130 2008-09-16 Fedora FEDORA-2008-7977 2008-09-11 Mandriva MDVSA-2008:188 2008-09-05 CentOS CESA-2008:0648 2008-08-28 Red Hat RHSA-2008:0648-01 2008-08-27

Comments (none posted)

yelp: format string vulnerability

Package(s):	yelp	CVE #(s):	CVE-2008-3533
Created:	August 21, 2008	Updated:	November 7, 2008
Description:	From the Mandriva alert: A format string vulnerability was discovered in yelp after version 2.19.90 and before 2.24 that could allow remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command-line or via URI helpers in Firefox, Evolution, or possibly other programs,
Alerts:	SuSE SUSE-SR:2008:024 2008-11-07 Fedora FEDORA-2008-7293 2008-09-05 Gentoo 200809-01 2008-09-04 Ubuntu USN-638-1 2008-08-27 Mandriva MDVSA-2008:175 2008-08-20

Comments (none posted)

Page editor: Jake Edge
Next page: Kernel development>>