UPDATE: A certificate authority in the Netherlands issued a valid SSL wildcard certificate for Google to a third party in July, leading to concerns that attackers may have been using the certificate to route sensitive traffic through their own servers, capturing it and compromising user data in the process. The certificate was revoked by the CA, DigiNotar, after the problem came to light Monday and Mozilla and Microsoft both have removed DigiNotar from their lists of trusted root CAs.
The attack appears to have been targeting Gmail users specifically. Some users trying to reach the Gmail servers over HTTPS found that their traffic was being rerouted through servers that shouldn’t have been part of the equation. On Monday afternoon, security researcher Moxie Marlinspike checked the signatures on the certificate for the suspicious server, which had been posted to Pastebin and elsewhere on the Web, and found that the certificate was in fact valid. The attack is especially problematic because the certificate is a wildcard cert, meaning it is valid for any of Google’s domains that use SSL.
It’s not clear who DigiNotar issued the certificate to at this point.
Security and privacy experts began discussing the problem Monday, after some people in Iran began posting messages to Twitter and elsewhere about the possibility of a man-in-the-middle attack by the country’s government, using the certificate. The certificate was issued on July 10, and Mozilla said on Monday that it is planning to isue immediate updates to many of its products, including Firefox, Thunderbird and others, to remove the DigiNotar root CA.
“Users on a compromised network could be directed to sites using a fraudulent certificate and mistake them for the legitimate sites. This could deceive them into revealing personal information such as usernames and passwords. It may also deceive users into downloading malware if they believe it’s coming from a trusted site. We have received reports of these certificates being used in the wild,” Mozilla security officials said in a blog post.
“Because the extent of the mis-issuance is not clear, we are releasing new versions of Firefox for desktop (3.6.21, 6.0.1, 7, 8, and 9) and mobile (6.0.1, 7, 8, and 9), Thunderbird (3.1.13, and 6.0.1) and SeaMonkey (2.3.2) shortly that will revoke trust in the DigiNotar root and protect users from this attack.”
Microsoft issued an advisory late Monday, as well, saying that it has removed DigiNotar’s root certificate from the Microsoft Certificate Trust List.
“As a precautionary measure, Microsoft has removed the DigiNotar root certificate from the Microsoft Certificate Trust List.
supported editions of Windows Vista, Windows 7, Windows Server 2008,
and Windows Server 2008 R2 use the Microsoft Certificate Trust List to
validate the trust of a certification authority. Users of these
operating systems will be presented with an invalid certificate error
when they browse to a Web site or try to install programs signed by the
DigiNotar root certificate. In those cases users should follow the
instructions in the message. Microsoft will release a future update to
address this issue for all supported editions of Windows XP and Windows
Server 2003,” the Microsoft advisory said.
The problem with the fraudulent *.google.com certificate is quite similar to the results of the attack on Comodo earlier this year in which the attackers were able to compromise one of the company’s European registration authorities and issue valid SSL certs for Gmail, Yahoo, Skype and several other high-value sites.
Firefox users who want to disable the browser’s trust of the DigiNotar root immediately can do so by clicking on Options, then Advanced, then Encryption and then selecting the View Certificates option. Then scroll down to the DigiNotar root CA, click on it and then click on Delete or Distrust.