Microsoft on Wednesday posted an advisory warning of nine fraudulent digital certificates issued by Comodo, a vendor of SSL certificates and other online security solutions.
The certificates were signed on behalf of a third party without sufficient proof of identity, Comodo informed Microsoft.
The certificates could have been used by a fraudster to create a fake website that was able to bypass a browser's validity mechanism and appear like the real thing to users.
The attacker would then be able to spoof content or perform phishing attacks and man-in-the-middle attacks to steal credentials or spy on users.
Major web domains, such as those belonging to Google, Yahoo, Skype and Mozilla, were affected. However, Comodo has revoked these certificates – they are included on Comodo's most recent Certificate Revocation List.
Customers don't need to do anything since the update is typically loaded automatically. As well, web browsers with the Online Certificate Status Protocol (OCSP) enabled will block the phony certificates from being used. Researcher Jacob Appelbaum first reported the problem to Comodo but withheld disclosure until the certification authority could remediate the issue.
The origin of the attack was traced to several IP addresses, mainly originating in Iran, Comodo explained on its website. One user account was compromised when an attacker created a new user ID (with a new username and password) on the compromised user account.
Comodo said the attack was performed with "clinical accuracy," and considering the Iranian government recently attacked other encrypted methods of communication, led the company to the conclusion that "this was likely a state-driven attack."
"The attacker was well prepared and knew in advance what he was trying to achieve," Comodo said.
Although the attacker requested nine certificates, Comodo is uncertain whether all were issued. At least one was issued, but all certificates were revoked immediately on discovery.
"The account in question has been suspended pending ongoing forensic investigation," the site stated. Comodo also instituted new controls "in the wake of this new threat to the authentication platform."
Paul Mutton, a British researcher and author, writing on Netcraft.com, said public announcement of the attack was delayed to allow Mozilla to include fixes in its update this week of Firefox to version 4.
"Comodo's unfortunate security breach puts many consumers at risk, as common and popular web sites visited by billions of people every day have been spoofed," Chester Wisniewski, senior security adviser at Sophos said in a release. Sophos recommends the following prevention measures:
- Enable CRL/OCSP in your browsers: In Internet Explorer ensure the checkbox “Check for server certificate revocation” is checked (It is in IE9 by default, not for previous versions.)
- Firefox supports OCSP by default which will check with Comodo to protect Firefox users. Checking for CRL lists is not available in Firefox.
- Chrome, like IE9 defaults to checking for server certificate revocation.
Although seemingly resolved, the attack illustrates problems in what Stephen Schultze, associate director at the Center for Information Technology (CITP) at Princeton University in New Jersey, has referred to as the online “chain of trust.”
This chain, he explained at a conference at Princeton in the fall, is the security path among web browsers and/or operating systems, more than 600 certification authorities that issue digital certificates to websites, the sites or “subscribers” that use the web worldwide, and end-users.
Speaking on Wednesday with SCMagazineUS.com, Schultze said the entire system is flawed because there are so many entities that can grant SSL certificates.
"The system is designed in such a way that any single point of failure can affect the whole operation," he said.
As far as this week's breach of Comodo, he said the structure that the company has set up is too liberal in allowing affiliates to issue certificates.
The company has a bad track record with its "Reseller Authorities" program, which has led to poor or nonexistent validation in the past. What is needed is a better system, he said.
"The current SSL structure is broken, and it has been for more than a decade," he said. "We need fundamentally better architecture for baseline security, where all entities are trusted equally."
To achieve this goal, he said a new authentication system is needed, such as Dane. The system places encrypted keys in secure DNS and is deployed in top-level domains.