Date: Sat, 17 Sep 2011 20:37:56 -0500
From: Marsh Ray <marsh[at]extendedsubset.com>
To: Discussion of cryptography and related <cryptography[at]randombit.net>
Subject: [cryptography] Another data point on SSL “trusted” root CA reliability (S Korea)

Been seeing Twitter from [at]ralphholz, [at]KevinSMcArthur, and [at]eddy_nigg about some goofy certs surfacing in S Korea with CA=true. via Reddit http://www.reddit.com/tb/kj25j

http://english.hani.co.kr/arti/english_edition/e_national/496473.html [below]

It’s not entirely clear that a trusted CA cert is being used in this attack, however the article comes to the conclusion that HTTPS application data is being decrypted so it’s the most plausible assumption. Quoting extensively here because I don’t have a sense of how long “The Hankyoreh” keeps their English language text around. – Marsh

_______________________________________________
cryptography mailing list cryptography[at]randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

 


Date: Sun, 18 Sep 2011 12:11:59 +0200
From: Ralph Holz <holz[at]net.in.tum.de>
To: cryptography[at]randombit.net
Subject: Re: [cryptography] Another data point on SSL “trusted” root CA reliability (S Korea)

True, we found about 80 distinct certificates that had subject “Government of Korea” and CA:TRUE [1].

In our full dataset from April 2011, however, we found about 30k certificates with this property. None of them had valid chains to the NSS root store. The numbers do not seem to change over time: in Nov 2009, it was about 30k, and about the same in Sep 2010. In the EFF dataset of the full IPv4 space, I find 773,512 such certificates. *Distinct* ones – and the EFF dataset has 5.5m distinct certs. It is a wide-spread problem.

For the case of Korea, [at]KevinSMcArthur found that the issuing certificates have a pathlen of 0, which makes it impossible for the end-host cert to operate as a CA *as long as the client actually checks that extension*. I don’t know which ones do, but it would be a question to ask the NSS developers.

As of now, I don’t think these are really attacker certs, also because the overall numbers seem to point more at some CA software that creates certs with the CA flag on by default.

Although your article seems to indicate something bad is going on over there…

[1] If you want to check, CSVs at:

www.meleeisland.de/korean_hosts_CA_on.csv

www.meleeisland.de/korean_hosts_CA_on_fullchains.csv

www.meleeisland.de/scan_apr2011_ca_on_issuers_not_selfsigned.csv

Ralph

 


NIS admits to packet tapping Gmail

If proven, international fallout could occur over insecurity of the HTTP Secure system

By Noh Hyung-woong

It has come to light that the National Intelligence Service has been using a technique known as “packet tapping” to spy on emails sent and received using Gmail, Google’s email service. This is expected to have a significant impact, as it proves that not even Gmail, previously a popular “cyber safe haven” because of its reputation for high levels of security, is safe from tapping.

The NIS itself disclosed that Gmail tapping was taking place in the process of responding to a constitutional appeal filed by 52-year-old former teacher Kim Hyeong-geun, who was the object of packet tapping, in March this year.

As part of written responses submitted recently to the Constitutional Court, the NIS stated, “Mr. Kim was taking measures to avoid detection by investigation agencies, such as using a foreign mail service [Gmail] and mail accounts in his parents’ names, and deleting emails immediately after receiving or sending them. We therefore made the judgment that gathering evidence through a conventional search and seizure would be difficult, and conducted packet tapping.”

The NIS went on to explain, “[Some Korean citizens] systematically attempt so-called ‘cyber asylum,’ in ways such as using foreign mail services (Gmail, Hotmail) that lie beyond the boundaries of Korea‘s investigative authority, making packet tapping an inevitable measure for dealing with this.”

The NIS asserted the need to tap Gmail when applying to a court of law for permission to also use communication restriction measures [packet tapping]. The court, too, accepted the NIS’s request at the time and granted permission for packet tapping.

Unlike normal communication tapping methods, packet tapping is a technology that allows a real-time view of all content coming and going via the Internet. It opens all packets of a designated user that are transmitted via the Internet. This was impossible in the early days of the Internet, but monitoring and vetting of desired information only from among huge amounts of packet information became possible with the development of “deep packet inspection” technology. Deep packet inspection technology is used not only for censorship, but also in marketing such as custom advertising on Gmail and Facebook.

The fact that the NIS taps Gmail, which uses HTTP Secure, a communication protocol with reinforced security, means that it possesses the technology to decrypt data packets transmitted via Internet lines after intercepting them.

“Gmail has been using an encrypted protocol since 2009, when it was revealed that Chinese security services had been tapping it,” said one official from a software security company. “Technologically, decrypting it is known to be almost impossible. If it turns out to be true [that the NIS has been packet tapping], this could turn into an international controversy.”

“The revelation of the possibility that Gmail may have been tapped is truly shocking,” said Jang Yeo-gyeong, an activist at Jinbo.net. “It has shown once again that the secrets of people’s private lives can be totally violated.” Lawyer Lee Gwang-cheol of MINBYUN-Lawyers for a Democratic Society, who has taken on Kim’s case, said, “I think it is surprising, and perhaps even good, that the NIS itself has revealed that it uses packet tapping on Gmail. I hope the Constitutional Court will use this appeal hearing to decide upon legitimate boundaries for investigations, given that the actual circumstances of the NIS’s packet tapping have not been clearly revealed.”

Please direct questions or comments to [englishhani[at]hani.co.kr]

 

http://cryptome.org/0005/packet-spy.htm