Trevor Perrin and I have been working on a dynamic certificate pinning proposal called TACK to help mitigate these types of attacks: http://tack.io
In the current state of the world, we're all dependent on CA signatures for each connection we make to a website. TACK is a layer of indirection away from CA certificates, such that we'd only be dependent on CA signatures the very first time we contacted a website. It doesn't introduce any new authorities or change the default UX at all.
After the Comodo breaches a few years ago, I put together a talk about these types of attacks, where the fundamental problems lie, and why approaches like DANE are similarly ineffective:
A point worth making here: antisurveillance technology like TACK does more than make it harder for NSA to MITM TLS. As we've apparently discovered, it also makes it possible for us to detect TLS subversion. It is, right now, a major news story if someone has obtained a malicious root certificate; we need to know when that happens and to which CAs those certs chain (which is discoverable from the certificate).
If you don't pay much attention to how TLS works, you should know that NSA (presumably) does not have a magic ability to inject new certs into your root cert repository. If you remove every CA cert from your browser and selectively allow certs, they can't MITM that. The CAs aren't baked into TLS! They're a software configuration detail. And when MITM certs appear on the wire, for them to be honored, they have to somehow chain to a specific CA.
What things like pinning and TACK do is give us the opportunity to discover MITM certificates and start tracing them. If that capability becomes widespread enough, it can potentially foreclose on dragnet TLS MITM attacks, because there will be too much of a risk that deploying a dragnet MITM net will result in the death penalty for the implicated CA.
TACK (and the related efforts) are hugely more important than I think most people think they are. If you want to advocate for something in the wake of the NSA debacle, I think TACK is a great choice.
While an absolute necessity, it doesn't solve the immediate issue of NSLs and widespread use of unnecessary services.
Let's say that the NSA would like to track bitcoin transactions through MtGox. I don't know how easy it would be for them to plug a backdoor into a server in Japan, and let's assume that the NSA can't break the RC4 crypto their web server is configured to use ..
Since MtGox uses Google Analytics, and possibly pull other scripts from Google's CDN, they could either eavesdrop on whatever data comes back from them by default -- or insist that changes are made to ... pick up more.
Moxie, have you had any success with getting TACK into OpenSSL builds with the various distributions?
It's not a big deal to rebuild nginx/apache but I would think that getting TACK to ship default with OpenSSL would go a long way in getting more adoption.
I've been running Firefox with CertPatrol add-on and if there's one take away is that simple client-side pinning generates so much noise that it conditions you into completely ignoring any certificate changes. Way, way too many websites either change their certs regularly or they use a CDN (and sometimes more than one) so that the page ends up getting a different cert on virtually every load. The most obvious example is Twitter's web interface - I am not a heavy user, but I still need to click through a dozen certificate changes per day.
TACK is certainly a must-have and I'm really looking forward it being a native part of browsers, but there will still be likely a lot of (high-profile) websites that won't play along :-/
>In the current state of the world, we're all dependent on CA signatures for each connection we make to a website.
Now that you mentioned it, are those safe from say a government agency having access to the companies that serve as certificate authorities? Or is it all a house of cards, as it is now?
If this is true, and that NSA has been MITMing providers like Google, they are undermining the already shabby trust the US cloud-industry has attempted to build. I doubt Google and friends are very happy about that, since that's their one big basket where all the money comes in.
NSA in their eagerness to do rampant spying on everyone have had quite some collateral. They have decided to compromise the one thing which allows us to communicate securely on the internet: trust.
Right now we need to find out which (root?) CAs are compromised by the NSA. Long term it would probably be a very wise decision to revoke any US-based CA from the default trusted-list of browsers and OSes.
We cannot have untrustworthy CAs in a system based on trust. That's simply not an option.
Edit: As I've been pondering for a while (and which was also pointed out on reddit) we now have a situation where self-signed certs are more secure than CA-issued ones. They are the only ones you know can't be faked. How backwards is that?
The NSA is ruining the internet one piece at a time. The NSA needs to be dismantled.
The HSTS commits /maybe/ suggest that Google thinks a Verisign intermediate was signing MITMs for Google properties. They just blacklisted "VeriSignClass3SSPIntermediateCA"
Didn't the slides show that it was the Diginotar compromise?
> We cannot have untrustworthy CAs in a system based on trust. That's simply not an option.
The entire CA trust model is broken. In the trust model, any CA can issue certs for any domain; so a Chinese CA could issue Google certs, or a US CA could issue certs for the Dutch government.
Self-signed certs with certificate pinning are indeed more likely to be secure than CA certs. Of course, you can do both; CA signed certs (which does add a small amount of trustworthiness, as the CA is at least supposed to do a little work to verify a real-world identity), and use certificate pinning to avoid this kind of attack.
This. In a recent post a commenter discussed how Bruce uses a machine not connected to any network ever for highly sensitive material. The problem with that is we really have no adequate indication of exactly what in all of this is really compromised. The conspiracy theorist in me suggests the whole of the internet in all its layers have been nurtured by our government. Exactly what part of that the NSA was involved in seems irrelevant. I have to wonder which operating systems, which network devices or any other devices that can run code and listen in.
The only advice if any of it were true would be to scrap it all and start over. Scrap multiple decades of work by really smart people due to a few "bad seeds" being planted during the harvest? Unfortunately that's the only true remedy unless someone can really unwind the rootkit in our lives that is the NSA. It's an analogy of a computer being infected with a virus. Do we try to go back to a backup we hope isn't compromised or do we reformat and start over? We're all trying the former because I don't think anyone really has a grasp on or even wants to think about the latter (I certainly don't).
> Right now we need to find out which (root?) CAs are compromised by the NSA.
Given that basically all CAs people actually use (even in Europe) are owned by US companies, I would estimate something close to 100% of them have cooperated with the NSA at some point. Obviously there are non-US CAs like China's CNNIC but most of them won't actually sell you a certificate.
For what it's worth Moxie Marlinspike gave a talk a few years back about some of the major issues with SSL as it is and had an anecdote about how bad Verisign's security is including the fact that they had a major breach in which several certs were taken.
The Diginotar hack basically exposed all of the information about the Dutch that NSA could ever want to digg through: Information about licenseplates (RDW) Tax info (DigiD) Phone records (OPTA) and the complete dutch encrypted government infrastructure (PKI Overheid)
Let's see what traction this new info will get now in The Netherlands...
My understanding was DigiNotar was pretty strongly linked to an Iranian government affiliated hacker. Indeed, the breach was caught because someone man in the middled gmail in Iran and Chrome's certificate fingerprinting caught it.
Although the NSA certainly has reason to spy on Iran, why risk discovery this way? They can legally compel Google to give them the email of foreigners in a foreign country.
So maybe NSA had DigiNotar's key, but the hack that shut it down was done by someone else.
I still don't have a DigiD (which is a real pain in many ways) simply because I don't think they have the technical expertise to create a system with information like that that I would trust. It's just too juicy a target.
If it is true that the NSA MITMed Google connections, then one could draw the conclusion that the NSA doesn't actually have a direct connection to Google data centers (as claimed by Google).
If they had such a connection, then why would they use MITM attacks against people?
The "direct access" that the NSA has to Google accounts probably requires sending a request for some set of information to Google. It likely needs to be signed off on (even if it's all automated). I'd imagine the NSA would like to hide some activities, especially corporate espionage, even from the watchers at Google--it reduces the risk of anyone at Google growing a spine.
Requests to Google may be audited or logged; Google have an incentive to do this so they can pass the buck when the inevitable evidence of abuse comes out.
The NSA, on the other hand, would prefer there to be no audit trail so there's no evidence of the inevitable abuses.
Hard to know for-sure, but it could be something as basic as redundancy. If one method of information-capture was eventually disallowed, they'd have an alternative. Or if one method of information-capture required more oversight than they wanted - they'd have an alternative.
It would also stand to reason that the court/LEO requests to Google for data are just a CYA/formality with respect to them "legally" getting the authorization to read the data.
They likely have the access to all the data they want. They use the legal vectors for requests just to see what the companies would give them on the request, and can compare the difference between the provided data vs the slurped data.
A bit surprised at the shock here, CAs are, for the most part, in the lawful intercept business and have been as long as they've existed.
Moxie Marlinspike and others have been talking about this for years. Its a recognized problem, and thats why apps that are serious about protecting communications have been moving to a pinning model.
Obviously this sucks at the browser level, though Chrome protect does this with Google properties (and others?) at the CA level now, but at the app level it's very doable and should be something you're implementing.
If I had to design a system to break TLS (and I had the authority of a secretive government agency), selected MITM attacks would be exactly what I would use.
Large-scale MITM attacks, i.e. ones against a huge section of the population, really have a lot of disadvantages. First, there are always cautious people who check certs religiously, sometimes with browser addons to help (in fact I see that peterwwillis linked to some below). So, if you execute a large-scale MITM effort, you run the risk of being discovered. Note that if the NSA can compel Google to turn over its secret key(s), this isn't an issue, but I am operating under the assumption that we don't want to give away our MITMing easily.
Second, broad MITMs require a lot of resources to be effective. To MITM all of Google's traffic requires network capacity equivalent to Google's, no small thing (though I suspect very much within the power of the NSA if it were deemed necessary). There's a lot of data on the internet at any one time.
Third, the fact that you must have physical servers on physical networks sitting between Google and the target means that the MITM server's IP address will be the one that targeted clients appear under. That is, if you have a single server MITMing thousands of requests, all of them will appear from the same IP address. That's another risk of being discovered if the MITM is too broad and the servers are too beefy. Although, this assumes that people on the other end are doing some sort of analytics --- maybe not true. But intel agencies are pretty paranoid, so whatever.
Fourth, it still pretty much gets the job done anyway, with less cost: passively sniff traffic for, say, DNS requests to resolve suspicious domains, or plaintext connections that have suspicious contents. Passive sniffing requires less computational power than actual MITMs, and it can be done without raising any red flags. Plus, even if you miss someone suspicious, just get a NSL for Google to hand over all the data anyway in the worst case.
Fourth, if an investigation ever were launched about my breaking of TLS, targeted attacks look great. See, we don't target the American people --- only specific connections that are "suspicious" are targeted. Broad-scale MITMs seem very illegal-wiretap-y, but the targeted connections look very legitimate, at least in comparison.
So, these reasons are why I've always held the belief that the government is not executing large-scale MITM/dragnet collection of encrypted communications ... and hence TLS is effective, so long as you're not the one being targeted.
> Some firefox add-ons to help defend against mitm:
In theory yes, but not more than 10 minutes ago Cert Patrol noticed that Amazon have changed the CA for the SSL cert for an image server.
What am I supposed to do? It is interesting info, but if I reject the cert then I can't be sure my connection is secure. If I accept it... I can't be sure my connection isn't MiTMed.
Certificate Patrol is kind of useless for all Google properties, since they constantly swap out certificates on most of their domains every few days. Ironically, these are probably the most important sites you need to be worried about MITMs with, but you'll constantly be ignoring them with Certificate Patrol.
Weird. This has been submitted in less than two hours, has 90 points, but it is at the bottom of the front page. Other stories from 6+ hours ago with less points are at the top.
The documents mention the DigiNotar hack explicitly. What I do not understand is that the hack was detected when (afair) Iranian authorities tried to MITM Google connections, so the hack was claimed to come from an Iranian hacker. This begs the question whether this is wrong and the NSA hacked DigiNotar genuinely or they just used the breach (perhaps then only known to them) to fake certificates themselves. One may also take into account that DigiNotar was responsible for Netherlands public key infrastructure. This made DigiNotar possibly an even more valuable target.
Terrorists are groups with relatively small power who use dramatic methods. The NSA is quite the opposite; as a governmental organization attached to a very powerful government they would lot be called terriers for their actions, but rather something like totalitarians or tyrants.
> One document [1] published by Fantastico, apparently taken from an NSA presentation [...]
> Another screenshot [2] implies is that the 2011 DigiNotar hack was either the work of the NSA, or exploited by the NSA.
I doubt that those 2 documents are original slides or screenshots from NSA material. They both are written with the familiar rounded font that Globo uses for all its text [3]
The simplified view given in the documentcloud link begs a question: just which CA certificate(s) is/are controlled by NSA?
Because in order to pull that MITM off, they either need to have the target service's CA - or they have the ability to fake any certificate. My guess is on the latter.
And that means at least one commonly accepted CA certificate is effectively compromised.
Eventually we will find out enough about what the NSA can do that the entire internet is as good as screwed. If they can get away with MITM against just about any secure site then how does the internet economy function any more?
I'd say this is likely bullshit at least that it was done against a Brazilian company. Why take the risk of getting caught and burning your ability to do this when you can get the information from Google?
1) Chrome(and some plugins) pin's certificates and would notice a man in the middle attack(unless it was done with google's key). Sure, most corporate targets probably use IE, but if anyone uses chrome on or one of these plugins on the network, you've both alerted your target and exposed a presumably tightly guarded ability. Hell, if it get's reported, you've probably burned the ability. Of course, you might be able to filter out both the plugins and chrome, but it's a risk.
2) NSA could legitimately just ask for the company's emails from Google. Petrobras is a Brazilian company in Brazil staffed by Brazilians and as such a legally allowed target for Foreign Surveillance without either the NSA's twisted definitions of search and who is a US national. Google is legally required to hand over the information by the Foreign Intelligence Surveillance Amendment Act of 2008. Why authorize an operation that could reveal both the CA's you have in your pocket and you network penetration exploits?
As a side note, the cited slide looks nothing like anything else we have seen and lack security/ handling information (e.g the prominent TS/SCI/ORCON/NOFORN on the top of the prism slides).
This might also be an indication that their advances in attacking commonly used ciphers are not that major - it does not make that much sense to perform a relatively complex MITM attack if you are able to just break the used cipher.
Flying Pig - I wonder if it has something to do with the "With sufficient trust pigs fly just fine". Seems to summarize very well the NSA approach towards its mandates.
[+] [-] moxie|12 years ago|reply
In the current state of the world, we're all dependent on CA signatures for each connection we make to a website. TACK is a layer of indirection away from CA certificates, such that we'd only be dependent on CA signatures the very first time we contacted a website. It doesn't introduce any new authorities or change the default UX at all.
After the Comodo breaches a few years ago, I put together a talk about these types of attacks, where the fundamental problems lie, and why approaches like DANE are similarly ineffective:
http://youtu.be/8N4sb-SEpcg?t=4m47s
[+] [-] tptacek|12 years ago|reply
If you don't pay much attention to how TLS works, you should know that NSA (presumably) does not have a magic ability to inject new certs into your root cert repository. If you remove every CA cert from your browser and selectively allow certs, they can't MITM that. The CAs aren't baked into TLS! They're a software configuration detail. And when MITM certs appear on the wire, for them to be honored, they have to somehow chain to a specific CA.
What things like pinning and TACK do is give us the opportunity to discover MITM certificates and start tracing them. If that capability becomes widespread enough, it can potentially foreclose on dragnet TLS MITM attacks, because there will be too much of a risk that deploying a dragnet MITM net will result in the death penalty for the implicated CA.
TACK (and the related efforts) are hugely more important than I think most people think they are. If you want to advocate for something in the wake of the NSA debacle, I think TACK is a great choice.
[+] [-] einaros|12 years ago|reply
Let's say that the NSA would like to track bitcoin transactions through MtGox. I don't know how easy it would be for them to plug a backdoor into a server in Japan, and let's assume that the NSA can't break the RC4 crypto their web server is configured to use ..
Since MtGox uses Google Analytics, and possibly pull other scripts from Google's CDN, they could either eavesdrop on whatever data comes back from them by default -- or insist that changes are made to ... pick up more.
[+] [-] MichaelSalib|12 years ago|reply
[+] [-] newman314|12 years ago|reply
It's not a big deal to rebuild nginx/apache but I would think that getting TACK to ship default with OpenSSL would go a long way in getting more adoption.
[+] [-] devx|12 years ago|reply
[+] [-] huhtenberg|12 years ago|reply
TACK is certainly a must-have and I'm really looking forward it being a native part of browsers, but there will still be likely a lot of (high-profile) websites that won't play along :-/
[0] http://patrol.psyced.org
[+] [-] coldtea|12 years ago|reply
Now that you mentioned it, are those safe from say a government agency having access to the companies that serve as certificate authorities? Or is it all a house of cards, as it is now?
[+] [-] ck2|12 years ago|reply
[+] [-] unnuun|12 years ago|reply
[deleted]
[+] [-] Margaret12|12 years ago|reply
[deleted]
[+] [-] josteink|12 years ago|reply
NSA in their eagerness to do rampant spying on everyone have had quite some collateral. They have decided to compromise the one thing which allows us to communicate securely on the internet: trust.
Right now we need to find out which (root?) CAs are compromised by the NSA. Long term it would probably be a very wise decision to revoke any US-based CA from the default trusted-list of browsers and OSes.
We cannot have untrustworthy CAs in a system based on trust. That's simply not an option.
Edit: As I've been pondering for a while (and which was also pointed out on reddit) we now have a situation where self-signed certs are more secure than CA-issued ones. They are the only ones you know can't be faked. How backwards is that?
The NSA is ruining the internet one piece at a time. The NSA needs to be dismantled.
[+] [-] semenko|12 years ago|reply
See: https://chromiumcodereview.appspot.com/23523051
Note that the associated bug is private (https://code.google.com/p/chromium/issues/detail?id=173460).
There's a good explanation of the "bad_static_spki_hashes" parameter here: http://ritter.vg/blog-cas_and_pinning.html
[+] [-] lambda|12 years ago|reply
> We cannot have untrustworthy CAs in a system based on trust. That's simply not an option.
The entire CA trust model is broken. In the trust model, any CA can issue certs for any domain; so a Chinese CA could issue Google certs, or a US CA could issue certs for the Dutch government.
Self-signed certs with certificate pinning are indeed more likely to be secure than CA certs. Of course, you can do both; CA signed certs (which does add a small amount of trustworthiness, as the CA is at least supposed to do a little work to verify a real-world identity), and use certificate pinning to avoid this kind of attack.
[+] [-] w0rd-driven|12 years ago|reply
The only advice if any of it were true would be to scrap it all and start over. Scrap multiple decades of work by really smart people due to a few "bad seeds" being planted during the harvest? Unfortunately that's the only true remedy unless someone can really unwind the rootkit in our lives that is the NSA. It's an analogy of a computer being infected with a virus. Do we try to go back to a backup we hope isn't compromised or do we reformat and start over? We're all trying the former because I don't think anyone really has a grasp on or even wants to think about the latter (I certainly don't).
[+] [-] __alexs|12 years ago|reply
Given that basically all CAs people actually use (even in Europe) are owned by US companies, I would estimate something close to 100% of them have cooperated with the NSA at some point. Obviously there are non-US CAs like China's CNNIC but most of them won't actually sell you a certificate.
[+] [-] einaros|12 years ago|reply
I wrote a semiparanoid rant about this a couple of days ago ... but didn't think I'd be this close to the truth.
https://2x.io/read/would-the-nsa-infiltrate-cdns-to-circumve...
[+] [-] cenhyperion|12 years ago|reply
https://www.youtube.com/watch?v=Z7Wl2FW2TcA
[+] [-] SchizoDuckie|12 years ago|reply
This means that The Netherlands was a high-level target with Diginotar, and they hit the frickin' jackpot.
Just for reference, read this: http://nl.wikipedia.org/wiki/Hack_bij_DigiNotar
The Diginotar hack basically exposed all of the information about the Dutch that NSA could ever want to digg through: Information about licenseplates (RDW) Tax info (DigiD) Phone records (OPTA) and the complete dutch encrypted government infrastructure (PKI Overheid)
Let's see what traction this new info will get now in The Netherlands...
[+] [-] anologwintermut|12 years ago|reply
Although the NSA certainly has reason to spy on Iran, why risk discovery this way? They can legally compel Google to give them the email of foreigners in a foreign country.
So maybe NSA had DigiNotar's key, but the hack that shut it down was done by someone else.
[+] [-] Nanzikambe|12 years ago|reply
[+] [-] jacquesm|12 years ago|reply
[+] [-] newgre|12 years ago|reply
[+] [-] discostrings|12 years ago|reply
[+] [-] frank_boyd|12 years ago|reply
[+] [-] michaelt|12 years ago|reply
The NSA, on the other hand, would prefer there to be no audit trail so there's no evidence of the inevitable abuses.
[+] [-] uptown|12 years ago|reply
[+] [-] samstave|12 years ago|reply
They likely have the access to all the data they want. They use the legal vectors for requests just to see what the companies would give them on the request, and can compare the difference between the provided data vs the slurped data.
[+] [-] dpeck|12 years ago|reply
Moxie Marlinspike and others have been talking about this for years. Its a recognized problem, and thats why apps that are serious about protecting communications have been moving to a pinning model.
Obviously this sucks at the browser level, though Chrome protect does this with Google properties (and others?) at the CA level now, but at the app level it's very doable and should be something you're implementing.
[+] [-] diego_moita|12 years ago|reply
Schneier's credibility makes a lot of difference.
[+] [-] ReidZB|12 years ago|reply
Large-scale MITM attacks, i.e. ones against a huge section of the population, really have a lot of disadvantages. First, there are always cautious people who check certs religiously, sometimes with browser addons to help (in fact I see that peterwwillis linked to some below). So, if you execute a large-scale MITM effort, you run the risk of being discovered. Note that if the NSA can compel Google to turn over its secret key(s), this isn't an issue, but I am operating under the assumption that we don't want to give away our MITMing easily.
Second, broad MITMs require a lot of resources to be effective. To MITM all of Google's traffic requires network capacity equivalent to Google's, no small thing (though I suspect very much within the power of the NSA if it were deemed necessary). There's a lot of data on the internet at any one time.
Third, the fact that you must have physical servers on physical networks sitting between Google and the target means that the MITM server's IP address will be the one that targeted clients appear under. That is, if you have a single server MITMing thousands of requests, all of them will appear from the same IP address. That's another risk of being discovered if the MITM is too broad and the servers are too beefy. Although, this assumes that people on the other end are doing some sort of analytics --- maybe not true. But intel agencies are pretty paranoid, so whatever.
Fourth, it still pretty much gets the job done anyway, with less cost: passively sniff traffic for, say, DNS requests to resolve suspicious domains, or plaintext connections that have suspicious contents. Passive sniffing requires less computational power than actual MITMs, and it can be done without raising any red flags. Plus, even if you miss someone suspicious, just get a NSL for Google to hand over all the data anyway in the worst case.
Fourth, if an investigation ever were launched about my breaking of TLS, targeted attacks look great. See, we don't target the American people --- only specific connections that are "suspicious" are targeted. Broad-scale MITMs seem very illegal-wiretap-y, but the targeted connections look very legitimate, at least in comparison.
So, these reasons are why I've always held the belief that the government is not executing large-scale MITM/dragnet collection of encrypted communications ... and hence TLS is effective, so long as you're not the one being targeted.
[+] [-] peterwwillis|12 years ago|reply
Certificate Patrol (notifies you when certs change) https://addons.mozilla.org/en-us/firefox/addon/certificate-p...
Force-TLS (force websites to always use HTTPS) https://addons.mozilla.org/en-us/firefox/addon/force-tls/
Perspectives (compare certs with peers to verify authenticity) https://addons.mozilla.org/en-us/firefox/addon/perspectives/
[+] [-] dingaling|12 years ago|reply
In theory yes, but not more than 10 minutes ago Cert Patrol noticed that Amazon have changed the CA for the SSL cert for an image server.
What am I supposed to do? It is interesting info, but if I reject the cert then I can't be sure my connection is secure. If I accept it... I can't be sure my connection isn't MiTMed.
The human factor is always the weak link.
[+] [-] jlgaddis|12 years ago|reply
http://web.monkeysphere.info/download/ https://www.eff.org/https-everywhere
[+] [-] foodstances|12 years ago|reply
[+] [-] fejr|12 years ago|reply
[+] [-] chopin|12 years ago|reply
[+] [-] wmeredith|12 years ago|reply
[+] [-] verteu|12 years ago|reply
[+] [-] code_duck|12 years ago|reply
[+] [-] mindcrime|12 years ago|reply
[+] [-] gregschlom|12 years ago|reply
> Another screenshot [2] implies is that the 2011 DigiNotar hack was either the work of the NSA, or exploited by the NSA.
I doubt that those 2 documents are original slides or screenshots from NSA material. They both are written with the familiar rounded font that Globo uses for all its text [3]
[1] http://www.scribd.com/doc/166819124
[2] http://imgur.com/a/g3UGP#1
[3] http://www.fonts.com/font/urw/vag-rundschrift?siteId=2c670c8...)
[+] [-] bostik|12 years ago|reply
Because in order to pull that MITM off, they either need to have the target service's CA - or they have the ability to fake any certificate. My guess is on the latter.
And that means at least one commonly accepted CA certificate is effectively compromised.
[+] [-] einaros|12 years ago|reply
https://2x.io/read/would-the-nsa-infiltrate-cdns-to-circumve...
[+] [-] coldcode|12 years ago|reply
[+] [-] anologwintermut|12 years ago|reply
1) Chrome(and some plugins) pin's certificates and would notice a man in the middle attack(unless it was done with google's key). Sure, most corporate targets probably use IE, but if anyone uses chrome on or one of these plugins on the network, you've both alerted your target and exposed a presumably tightly guarded ability. Hell, if it get's reported, you've probably burned the ability. Of course, you might be able to filter out both the plugins and chrome, but it's a risk.
2) NSA could legitimately just ask for the company's emails from Google. Petrobras is a Brazilian company in Brazil staffed by Brazilians and as such a legally allowed target for Foreign Surveillance without either the NSA's twisted definitions of search and who is a US national. Google is legally required to hand over the information by the Foreign Intelligence Surveillance Amendment Act of 2008. Why authorize an operation that could reveal both the CA's you have in your pocket and you network penetration exploits?
As a side note, the cited slide looks nothing like anything else we have seen and lack security/ handling information (e.g the prominent TS/SCI/ORCON/NOFORN on the top of the prism slides).
[+] [-] danbruc|12 years ago|reply
[+] [-] rurounijones|12 years ago|reply
Which CA did they use to get those certs, they should be obliterated from trust networks.
[+] [-] venomsnake|12 years ago|reply
[+] [-] cromwellian|12 years ago|reply