Mozilla 對 WoSign 事件的決策 (草稿階段)

在「Mozilla 在考慮移除 WoSign 的 CA Root」這邊提到的事情,隨著時間的發展,大家發現事情愈來愈誇張,在兩個小時前 MozillaGervase Markham 提出了對 WoSign + StartCom 處置的草稿:「WoSign and StartCom」,草稿在 Google Docs 上的「WoSign and StartCom」這邊可以看到。另外 Mozilla 在 wiki 上「CA:WoSign Issues」將 WoSign + StartCom 的事情都整理了出來,也是重要的資料。

文章很長,先講結論:目前 Mozilla 打算把 WoSign 與 StartCom 所簽出的 certificate 都照當年 CNNIC 的方式拔掉。

從頭說明,事情發生於八月底的時候 Google 通知了 Mozilla 一連串 WoSign 出包卻沒有主動通報的事件,當時知道的大約有三或四件。而在 mozilla.dev.security.policy 不斷的討論的情況下,由於關注度變得超高,在搜尋大量的資料下發現更多問題,到現在 Mozilla 的 wiki 上已經列出了 13 個。

而這邊以 Mozilla 最後整理的草稿,將 13 個事件整合起來成幾件來說明:

WoSign and Back-Dated SHA-1

在瀏覽器會對 2016 後所簽出直接跳 error 的情況下 (像是「An update on SHA-1 certificates in Chrome」),直接偽造是 2015 年簽出的 certificate。

WoSign’s Ownership of StartCom

Mozilla 的 CA program 要求當公司擁有權轉移時必須揭露:

[...], Mozilla’s program requirements say that a change of CA ownership must be disclosed. In this case, that was not done - and in fact, the change was directly denied a few months after it happened.

直到最近被抓到而揭露後,發現 WoSign 所揭露的也不正確,StartCom 已經開始使用 WoSign 的 infrastructure 了:

More recently, even after the evidence of total control was public, WoSign referred to their interest in StartCom in a press release as “an equity investment”, and maintain that the two businesses continue to be separate even today. They say “the original system ... of StartCom remains unchanged”.

However, there is technical evidence that around a month and a half after the acquisition, StartCom issuances switched to using WoSign’s infrastructure - either the same instance of it, or their own instance.

而 Mozilla 要求 WoSign 提供他們產生 serial number 的程式碼時:(在 WoSign 簽出重複的 serial number 問題時得到的)

Mozilla asked WoSign how they generated their serial numbers, and was told that they used the Java package java.crypto.SecureRandom. They supplied the following code snippet:

[...]

However, as can be seen from this simple test harness, this code snippet does not produce serial numbers matching WoSign’s idiosyncratic pattern.

再度發現 WoSign 給的程式碼對不上。(hey)

然後再多方面分析後發現 WoSign 宣稱跟 StartCom 只共用 CRL/OCSP (revoke 機制) 是假的。Mozilla 由多方面判斷發現,至少程式碼是共用的 (i.e. clone),甚至猜測整個系統都是共用的 (在更後面提到):

We believe that, taken together, all this shows that StartCom’s certificates are now being issued using either WoSign’s existing infrastructure or a clone of it, and that WoSign’s operational control of StartCom began straight after the November 1st 2015 sale date. This evidence should be compared against WoSign’s recent assertion that “Even now, it still independent in the system, in the validation team and management team, we share the CRL/OCSP distribution resource only.”

SHA-1 Exceptions Process

再來是講一些背景。因為金流產業到了 2016 年還是有系統不支援 SHA-256 certificate,而 CA/Browser Forum 已經禁止簽發 SHA-1 憑證了,所以 2016 年二月的時候 WorldPay 跑上來尋求例外:

This became clear in February of 2016, where a payment processor called WorldPay applied to the CAB Forum for an exception so they could acquire 8 SHA-1 certificates to keep SSL working for their legacy payment terminals. Their CA was unable to help them because of the ban in the CAB Forum Baseline Requirements, and to issue in violation of the ban would lead to a “qualified” (not clean) audit, which might lead to browsers no longer accepting their audit as valid to keep them trusted.

而在亞利桑那的 face-to-face meeting 中剛好就討論了這點,允許 Symantec 簽發,而要提出來的是,WoSign 的 Richard Wang 也在場:

This issue was discussed at length in the CAB Forum face-to-face meeting from 16th-18th February 2016 in Scottsdale, Arizona (where Richard Wang of WoSign was present). Mozilla then had a public discussion about it in our policy forum starting on 23rd of February. In the end, the browsers reluctantly agreed to let Symantec issue these certificates for Worldpay - or rather, they agreed to accept that Symantec’s next audit would be qualified in this way.

所以 Mozilla 再次強調,當下大家的結論是特別許可,簽發被禁止的 SHA-1 certificate 是很嚴重違反規定的事情:

Even at this point, in February 2016, it was (or should have been) clear to all CAs, including WoSign, that issuing SHA-1 certificates in violation of the ban was a Very Big Deal, and that permission had to be sought from the browsers in order for the CA not to face difficulty.

Tyro

接下來是 Tyro,這是一家澳洲金流廠商,直接複製草稿上的時間表:

Feb 3rd 2010 GeoTrust issues a SHA-1 certificate for *.tyro.com from their Equifax root, valid until May 6th 2013.
Apr 6th 2013 A month before their old cert expires, GeoTrust issues a replacement SHA-1 certificate for *.tyro.com from a GeoTrust root, valid until June 7th 2016. A simple roll-over replacement.
Jan 1st 2016 SHA-1 issuance ban comes into effect.
May 24th 2016 A month before their old cert expires, GeoTrust issues a SHA-256 certificate for *.tyro.com from a GeoTrust root, valid until June 23rd 2019.

但 Tyro 在 2016 年五月拿到的 SHA-256 憑證很明顯不合用,於是試著找 SHA-1 憑證... 結果不管怎樣,後來拿到了 StartCom 所簽出來的 SHA-1 憑證,而藉由技術上的 pattern 可以發現這是 back-dated (偽造日期簽發):

But the strong evidence is that this SHA-256 certificate did not meet Tyro’s needs. We can see a SHA-1 certificate for *.tyro.com which was logged in CT on June 8th 2016, a day after their previous SHA-1 certificate expired. This certificate is not issued by GeoTrust (who still provide the cert for their main website) or Comodo, tyro.com’s usual providers, but by StartCom. And the notBefore date is that magic date of 20th December, 2015 - a date on which, as noted above, StartSSL.com was closed for upgrading, and on which we have seen many Macau certificates issued by WoSign, which we believe are back-dated.

也可以很清楚的確認到現在還在使用:

The SHA-1 certificate in question is still in use today on https://iclient.tyro.com/.

Conculsions

最後 Mozilla 得到的結論:

  • StartCom are using WoSign’s infrastructure (the same or a clone);
  • Certificates on this infrastructure with a notBefore of 2015-12-20 (China time) are indeed back-dated - this further confirms our suspicions about the Macau certificates we saw issued by WoSign; and
  • StartCom’s hierarchy has been directed by management to mis-issue “WoSign-style”.

同時他們認為最後一點是最嚴重的一點,你必須將 StartCom 視為與 WoSign 完全同樣的公司,所有對 WoSign 的檢查與處置都必須相同對應到 StartCom 上:

This last point is important; the practices at WoSign are now being seen at StartCom. Therefore, we conclude that all of ownership, infrastructure and control are sufficiently common between the two companies that it would therefore be reasonable for any action Mozilla chooses to take against WoSign to also be taken against StartCom and vice versa.

另外一個很嚴肅的問題,CA 架構是建立在稽核機制上,而 WoSign 所選擇的稽核單位無法稽核出應有的「多個問題」:

WoSign’s auditors, Ernst & Young (Hong Kong), have failed to detect multiple issues they should have detected. (Issue J, Issue X)

提案的處理方式類似於 CNNIC 當時被拔掉的方式,針對某個日期之後的都不信任。這同時包括了 WoSign 與 StartCom 的 certificate。這真是可喜可賀啊...

Posted in Browser, Computer, Firefox, Murmuring, Network, Security, Software, WWW | Tagged , , , , , , , , , , , , , , , , , | Leave a comment

貨運公司每次都把腳踏車弄壞...

在「Our secret’s out.」這邊看到 VanMoof (腳踏車生意) 對於托運公司每次都把腳踏車給弄壞的解決方法 XDDD

因為包裝很像平板螢幕,就掛個平板螢幕的圖片上去,然後運送的損壞率就下降 70%~80%:

Earlier this year our co-founder Ties had a flash of genius. Our boxes are about the same size as a (really really reaaaally massive) flatscreen television. Flatscreen televisions always arrive in perfect condition. What if we just printed a flatscreen television on the side of our boxes?

And just like that, shipping damage to our bikes dropped by 70–80%.

然後文末偷偷爆破了是哪家負責運送 XDDD

We were hoping to keep this small tweak quiet, but thanks to Twitter, the secret’s out.

Just don’t tell FedEx.

Posted in Murmuring | Tagged , , , , , , , , | Leave a comment

Akamai 阻擋 DDoS 能力的上限

這應該是最近在看 DDoS 事件中比較重要的新聞了,從這次的事件知道 Akamai 沒有能力擋下某種 620Gbps 以上的 DDoS 攻擊,而這是攻擊者已經有能力「示範」出來的量:「Akamai kicked journalist Brian Krebs' site off its servers after he was hit by a 'record' cyberattack」。

The assault has flooded Krebs' site with more than 620 gigabits per second of traffic — nearly double what Akamai has seen in the past.

然後現在 Krebs on Security 的整個站台都轉移到 GoogleProject Shield 計畫上了,接下來就是時間的考驗了:「The Democratization of Censorship」。

Posted in CDN, Cloud, Computer, Murmuring, Network, Security, WWW | Tagged , , , , , , , , , | Leave a comment

透過演算法修照片的工具

看到「A simple interface for editing natural photos with generative neural networks.」這個工具,直接看這個兩分鐘的影片比較清楚知道他想要做的事情:

當你修正了某一個點後,這個工具就透過演算法改變其他的點,讓照片看起來變得自然... 作者所發表的論文可以在「Neural Photo Editing with Introspective Adversarial Networks」這邊下載到。

Posted in Computer, Murmuring, Network, Photo, Programming, Recreation, Software | Tagged , , , , , , , | Leave a comment

Amazon CloudFront 在德國法蘭克福的 Edge 數量增加到五個...

看到 Amazon CloudFront 這個公告,在同一個地區增加到五個點:「Announcing Two New Edge Locations in Frankfurt, Germany for Amazon CloudFront」。

隔壁的法國則是分散到兩個地區:

Marseille, France
Paris, France (2)

日本也類似:

Osaka, Japan
Tokyo, Japan (2)

其他地區最多都三個點,第一次看到變五個點的:

Frankfurt, Germany (5)

沒考慮柏林或是漢堡嗎...

Posted in AWS, CDN, Cloud, Computer, Murmuring, Network, WWW | Tagged , , , , , , | Leave a comment

CloudFlare 把 HTTPS Everywhere 的清單拿到 CDN 上用所推出的產品...

這個產品就如同標題所說的方式而已,做起來不難,只是一直沒人做就是了:「How we brought HTTPS Everywhere to the cloud (part 1)」。

傳統的作法是直接硬幹下去換掉,或是用 header 讓瀏覽器主動轉過去:

A naive way to do this would be to just rewrite http:// links to https:// or let browsers do that with Upgrade-Insecure-Requests directive.

但這有必須有兩個假設成立才可以:

  • Each single HTTP sub-resource is also available via HTTPS.
  • It's available at the exact same domain and path after protocol upgrade (more often than you might think that's not the case).

而 HTTPS Everywhere 則是用人力確認了哪些網站可以這樣玩。CloudFlare 利用這份清單改寫程式碼裡面的 HTTP 連結,僅可能將 HTTP 資源換成 HTTPS。算是還不錯的方式...

之後有可能再推出對 HTTP images 與 HTTP assets 的 proxy cache?

Posted in CDN, Cloud, Computer, Murmuring, Network, Security, WWW | Tagged , , , , , , , , , | Leave a comment

華盛頓郵報的歷史創舉:呼籲對告密者的求刑

英國衛報華盛頓郵報因報導 Snowden 事件而拿到 2014 年的普立茲獎後,華盛頓郵報正式公開立場,表達應該將 Snowden 弄回美國受審,而非現在大家在呼籲的特赦:「WashPost Makes History: First Paper to Call for Prosecution of Its Own Source (After Accepting Pulitzer)」。

In doing so, the Washington Post has achieved an ignominious feat in U.S. media history: the first-ever paper to explicitly editorialize for the criminal prosecution of its own source — one on whose back the paper won and eagerly accepted a Pulitzer Prize for Public Service. But even more staggering than this act of journalistic treachery against the paper’s own source are the claims made to justify it.

華盛頓郵報的說法更是無恥:

The complication is that Mr. Snowden did more than that. He also pilfered, and leaked, information about a separate overseas NSA Internet-monitoring program, PRISM, that was both clearly legal and not clearly threatening to privacy. (It was also not permanent; the law authorizing it expires next year.)

這從來就不是合法的問題,而是侵犯人權的問題,合法的事情在事後甚至被制定憲法修正案而推翻的事情多的是。美國的女性在 1920 年才擁有投票權 (透過「美國憲法第十九修正案」)。

第四權必須發揮應有的能力去推動政府往正確的方向前進。在拿到普立茲獎後以「合法」的角度來論述淪落為政府打手,墮落至此...

Posted in Computer, Murmuring, Network, Political, Security, Social | Tagged , , , , , , , , | Leave a comment

Yahoo! 這次應該是史上最大的一次 leak...

Yahoo! 這次爆出來的 leak 應該是目前史上最大的一次:「An Important Message About Yahoo User Security」。

目前 Yahoo! 的研判是 2014 年時由政府單位搬出去的:

A recent investigation by Yahoo has confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor.

這包括了密碼的部份 (受過不同程度的 hash 保護):

The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.

照這樣的用詞,猜測是登入時一直將舊的密碼換掉... 類似於 $2a$ 這樣可以知道編碼方式的機制。

這次洩漏的資料大約有五億筆:

Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network. Yahoo is working closely with law enforcement on this matter.

依照目前在「Have I been pwned? Check if your email has been compromised in a data breach」上的資料,最大的應該是 MySpace 的 3.5 億筆,看起來這次會刷記錄...

Posted in Computer, Murmuring, Network, Security, WWW | Tagged , , , | Leave a comment

歐盟法院認為公開無線網路的營運者不需要對使用者的侵權行為負責

歐盟法院 (The Court of Justice of the European Union) 認為公開無線網路的營運者不需要對使用者的侵權行為負責:「EU Court: Open WiFi Operator Not Liable For Pirate Users」。

不過這是有一些前提的,法院認為應該要符合這幾個要件,營運方才不要負責。基本上完全沒有 filter 限制的無線網路會符合這些條件:

The Court further notes that in order for such ‘mere conduit’ services to be exempt from third party liability, three cumulative conditions must be met:

– The provider must not have initiated the transmission
– It must not have selected the recipient of the transmission
– It must neither have selected nor modified the information contained in the transmission.

帶這並不代表丟著不管,而是在發生後要求改善:

In an effort to strike a balance between protecting a service provider from third party liability and the rights of IP owners, the Court ruled that providers can be required to end infringement.

“[T]he directive does not preclude the copyright holder from seeking before a national authority or court to have such a service provider ordered to end, or prevent, any infringement of copyright committed by its customers,” the Court found.

One such measure could include the obtaining of an injunction which would force an operator to password-protect his open WiFi network in order to deter infringement.

但法院並不同意直接監控:

On a more positive note, the Court rejected the notion of monitoring networks for infringement or taking more aggressive actions where unnecessary.

“[T]he directive expressly rules out the adoption of a measure to monitor information transmitted via a given network. Similarly, a measure consisting in terminating the internet connection completely without considering the adoption of measures less restrictive of the connection provider’s freedom to conduct a business would not be capable of reconciling the abovementioned conflicting rights,” the Court concludes.

網路對現在的言論自由非常重要,所以只有在確認侵犯他人權益的情況下才採取必要措施,歐盟法院這樣判大概是覺得這樣吧...

Posted in Computer, Murmuring, Network, P2P | Tagged , , , , , , , , , , , , , , , , , , , | Leave a comment

Firefox 的大量寫入對 SSD 的影響

在「Firefox is eating your SSD - here is how to fix it」這邊講到 Firefox 寫入對 SSD 的影響,先引用文章裡的解法:

After some digging, I found out that this behavior is controlled by a parameter that you can access through typing “about:config” in the address bar. This parameter is called: —browser.sessionstore.interval

預設是 15 秒一次,作者改成 30 分鐘一次,因此下降了大約 5 倍 (應該可以解讀成 1/6?):

It is set to 15 seconds by default. In my case, I reset it to a more sane (at least for me) 30 minutes. Since then, I’m only seeing about 2GB written to disk when my workstation is left idle, which still feels like a lot but is 5 times less than before.

據文章後面的 update 說明,Google Chrome 也有類似的情況,不過暫時沒給解法...

Posted in Browser, Computer, Firefox, GoogleChrome, Hardware, Murmuring, Network, Software, WWW | Tagged , , , , , , | Leave a comment