From owner-freebsd-security@freebsd.org Mon Sep 26 08:31:16 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E219BBE8427 for ; Mon, 26 Sep 2016 08:31:16 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [81.2.117.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "infracaninophile.co.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 6FD70D8B for ; Mon, 26 Sep 2016 08:31:16 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from liminal.local (unknown [109.111.229.194]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: m.seaman@infracaninophile.co.uk) by smtp.infracaninophile.co.uk (Postfix) with ESMTPSA id 0F21D1D0F for ; Mon, 26 Sep 2016 08:31:10 +0000 (UTC) Authentication-Results: smtp.infracaninophile.co.uk; dmarc=none header.from=FreeBSD.org Authentication-Results: smtp.infracaninophile.co.uk/0F21D1D0F; dkim=none; dkim-atps=neutral Subject: Re: Two Dumb Questions To: freebsd-security@freebsd.org References: <32084.1474872154@segfault.tristatelogic.com> From: Matthew Seaman Message-ID: <74ed7019-cb87-c55a-fb6d-1c016bf04d59@FreeBSD.org> Date: Mon, 26 Sep 2016 10:31:02 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Thunderbird/45.3.0 MIME-Version: 1.0 In-Reply-To: <32084.1474872154@segfault.tristatelogic.com> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="7sO2noG75KfhLoMMKJRA473CIAMgUNK6c" X-Spam-Status: No, score=1.0 required=5.0 tests=BAYES_00, RCVD_IN_BRBL_LASTEXT, RDNS_NONE,SPF_SOFTFAIL autolearn=no autolearn_force=no version=3.4.1 X-Spam-Level: * X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on smtp.infracaninophile.co.uk X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Sep 2016 08:31:17 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --7sO2noG75KfhLoMMKJRA473CIAMgUNK6c Content-Type: multipart/mixed; boundary="W8i43gvhfDsuSFDe85Kk7TXEDnHGSuNb8"; protected-headers="v1" From: Matthew Seaman To: freebsd-security@freebsd.org Message-ID: <74ed7019-cb87-c55a-fb6d-1c016bf04d59@FreeBSD.org> Subject: Re: Two Dumb Questions References: <32084.1474872154@segfault.tristatelogic.com> In-Reply-To: <32084.1474872154@segfault.tristatelogic.com> --W8i43gvhfDsuSFDe85Kk7TXEDnHGSuNb8 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 26/09/2016 08:42, Ronald F. Guilmette wrote: >=20 > Sorry folks. I'm almost entirely ignorant about everything crypto, > and these questions would probably be better asked elsewhere, but > you all on this list are nicer that folks elsewhere, and probably > will have the kindness not to poke too much fun at my ignorance. > So, here goes... >=20 > First question: Regarding the specific kind of MiM deception > being discussed in the following old article (which appears to > be from way back in 2010), I'm confused by the assertion that > it would be necessary to either bribe or bully some CA into > handing out a fradulent cert in order to make the scheme work: >=20 > https://www.wired.com/2010/03/packet-forensics/ >=20 > Here's my point: If you really have already managed to become > the man-in-the-middle anyway, then couldn't you just dummy up > any and all responses, including those for DNS, in such a way > as to make it all appear to the victim that everything was > "normal", you know, such that he can see the cute little > padlock symbol to the left of the URL in the browser? The article doesn't make it entirely clear, but they are talking about encrypted web traffic here. In this case the MitM attacker acts as a proxy between you and the real web site you're attempting to contact. In order to gaid any advantage through being the man in the middle, they have to see the plaintext of the traffic you're sending to the intended site (plus they'd need the plaintext if they were intending to alter the traffic as it passed through -- think of them changing the destination or amount of a payment from your on-line banking servers for example). So they need to receive your HTTPS traffic, decrypt it, scan it for interesting stuff or modify it, and then re-encrypt it and send it on to the original destination as if it came directly from you. Similarly in reverse for the responses from the original site. Now, the MitM can easily set up a HTTPS server, but what they should not be able to do is get a TLS certificate in the name of the domain they are trying to spoof. So your browser should warn you about the DN of the certificate not matching the URL you're attempting to reach. This should be the case if the Certification Authority system is working as intended. Mostly it does, but there have been cases where, either through lax procedure or malfeasance a site certificate has been issued to some third party who does not own the site in question. There are also cases of Certification Authorities under the control of repressive regimes who will issue certificates for Google or Facebook or whatever on behalf of their government, thus enabling that government to spy on their citizen's supposedly secure web traffic. Those government controlled CAs were in the global lists of trusted CAs baked into web browsers and available as the ca_root_nss package, so browsers would automatically trust certificates issued by them. At least until this spoofing action was discovered, when they were dropped from the trusted list with extreme alacrity. (Is your copy of ca_root_nss up to date?) > Second question: I've been trying to do some very simple- > minded early reconnaissance on something that I believe to be > a Really Bad Domain. The web site for the domain doesn't > appear to use SSL at all, however when I went to this site: >=20 > https://censys.io/ >=20 > and punched in teh domain name and then clicked on "certificates" > I was surprised to find three different ones shown for the domain > in question, all three apparently issued by "Let's Encrypt Authority > X3". So anyway, my question is real simple: Is there some way to > work backwards from those in order to get some clues... any clues... > about the identities of the actual owners/operators of this specific > domain and/or its associated web site? >=20 > Thanks in advance for any and all enlightenment. Hmmm... their TLS certificate is issued by 'StartCom Class 1 DV Server CA' This is a CA that prominently advertizes free SSL certificates, but otherwise looks like it charges just like any other CA. See: http://www.startssl.com/ No idea if this CA is any good but there's nothing to suggest any wrong doing just from their site. Neither is there anything apparently wrong with censys.io -- in fact the censys.io site looks like a very useful research tool. Well, except it seems to have no clue about IPv6 which is pretty useless in this day and age. Cheers, Matthew --W8i43gvhfDsuSFDe85Kk7TXEDnHGSuNb8-- --7sO2noG75KfhLoMMKJRA473CIAMgUNK6c Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQJ8BAEBCgBmBQJX6NzOXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkAT60EP/3ROIhv0II18byq93oWXmeFw MTmeOHhyRoS8upS6jOeIxNI+zDB+n+x+6tsuGikYn9P7akXVXX/x6aWyGztNKVwa IUlgTcWCH6s+wavn9mtTHOizs6EhT8UfoUWk0+I3L9YccWzFYf/kA6gxhFKKagoS B63YbulZqDA6LoyPvLvzqoIqijCZtPnBDak80K7DQqTI4Uof8M3OyCAMwqPv44m3 3nMRa59WI0l5hm9Bcq76fsPcb0as3G3HY4UBpjiVwQoGVpStf1ErIUcPWSEhxiIu AwxTLSbEAGIJ7DAdR8ciG4ukP2vTFZgiEQGZlhNsr7QW0uxzS06xd5bqDzHvS8aD X7NGbM5PzhhwYagOBvkON2MknPYr+oHU+GNvMLCrj4LRSQ5H59fHyXCYeUvbHnIQ 7CpDk7jANmLHr2DoEY0YPQo2sN3dqiuefQ33fUz4bkdY1+NjDeqFIHMFIB3udjvA 1pxdFXn/MJISBoPwAKFrcJ6qIYVvX9qlle0anjLdlo9As2i1xUbJ/gJplb7nGSnw nrXni0Hw+DFYJwx/ofW1Q2w3a3OZwkqTLJOAWB2W9FYRw9/DsM54hr7MKjVy4cIY 7UEHj+k3kmGzQNKAX8c9tjXFSJCc1SZTBAbm781YJl6eCpUh0jQj9yYN5M8U3QIM Y8RZdeYAjRqd1LyAgdlG =UE3K -----END PGP SIGNATURE----- --7sO2noG75KfhLoMMKJRA473CIAMgUNK6c--