In my previous blog I had mentioned about the flaw which exists in the current implementation of SSL Certificate generation and the same has been revealed in the pastebin content posted by the one who claims to have hacked Diginotar, GlobalSign and Comodo.
The hacker who has been nicknamed ComodoHacker, also claims to have a foolproof answer to end the woes of the cryptography world and I would love to see this algorithm.
The list of compromised CA is growing day by day causing endless nightmare to everyone. And here is the latest from GlobalSign.
GlobalSign is currently investigating the claims by the hacker and have already implemented precautionary steps. Hopefully the investigation doesn’t end with certificate revocations.
Update from #GlobalSign. We deem these claims to represent an industry wide attack. At this time we continue with our investigation and precautionary measures. We thank our customers, and the industry as a whole, for supporting the difficult decision to halt issuance while these steps are taken. We will update again as soon as we release a defined timeline to reactivate our services.
If the first half of 2011 was occupied by Anonymous and Lulzsec then the second half of the year seems to belong to fraudulent certificates. I now wonder, where is all this leading to?
The generation of fraudulent certificates has created a Trust-Deficit, though very few are willing to admit but at the end of the day we have take it for granted that all is well in the world of 128 256 512 1024 even though hackers have provided ample proof.
A few months down the line some other CA might get compromised, again for a few weeks we will see a spike in certificate revocations and then calm shall prevail.
This raises a lot of questions
a: The time-frame of the fraud-certificate existing is very small, so what can be achieved in this smaller time frame? malware signed by a reliable CA, MITM attacks, evading Antivirus, spear attack – these are all methods but never divulge the intentions.
If “Stuxnet” can be used as an example then one possible theory is – Mail/Internet traffic being sniffed during “general elections” / high level diplomatic meeting.