[FM Discuss] DigiNotar Damage Disclosure
adam
adam at flossmanuals.net
Mon Sep 5 01:16:39 PDT 2011
hey Ed,
I'm not sure this is the place to publish these. Its not really much to
do with documenting free software.
adam
On 09/05/2011 06:52 AM, mokurai at earthtreasury.org wrote:
> https://blog.torproject.org/blog/diginotar-damage-disclosure
>
> About an hour ago I was contacted by the Dutch Government with more
> details about the DigiNotar Debacle. It seems that they're doing a
> great job keeping on top of things and doing the job that DigiNotar
> should've done in July. They sent a spreadsheet with a list of 531
> entries on the currently known bad DigiNotar related certificates.
>
> The list isn't pretty and I've decided that in the interest of
> defenders everywhere without special connections, I'm going to
> disclose it. The people that I have spoken with in the Dutch
> Government agree with this course of action.
>
> This disclosure will absolutely not help any attacker as it does not
> contain the raw certificates; it is merely metadata about the
> certificates that were issued. It includes who we should not trust in
> the future going forward and it shows what is missing at the moment.
> This is an incomplete list because DigiNotar's audit trail is
> incomplete.
>
> This is the list of CA roots that should probably never be trusted again:
>
> DigiNotar Cyber CA
> DigiNotar Extended Validation CA
> DigiNotar Public CA 2025
> DigiNotar Public CA - G2
> Koninklijke Notariele Beroepsorganisatie CA
> Stichting TTP Infos CA
>
> The most egregious certs issued were for *.*.com and *.*.org
>
> The article then points out that some of the supposed ID text in some
> of these certs is actually crackers bragging in Farsi.
>
> Of particular note is this certificate:
> CN=*.RamzShekaneBozorg.com,SN=PK000229200006593,OU=Sare Toro Ham
> Mishkanam,L=Tehran,O=Hameye Ramzaro Mishkanam,C=IR
>
> The text here appears to be be an entry like any other but it is
> infact a calling card from a Farsi speaker. RamzShekaneBozorg.com is
> not a valid domain as of this writing.
>
> Thanks to an anonymous Farsi speaker, I now understand that the above
> certificate is actually a comment to anyone who bothers to read
> between the lines:
> "RamzShekaneBozorg" is "great cracker"
> "Hameyeh Ramzaro Mishkanam" translates to "I will crack all encryption"
>
> Many other such IDs are listed in the notes. Then:
>
> On September 4th, 2011 Anonymous said:
>
> In country like IRAN the gov controls DNS, so without DNSSEC they
> decide what's the IP for google.com. Even with DNSSEC or knowing the
> IP is the ISP that decides what to deliver to you. That's it, without
> ssl and good CA the bad governments can control all the Internet. See
> also WiFi cracking and MITM attacks, btw
>
>
--
--
Adam Hyde
Founder, FLOSS Manuals
Project Manager, Booki
Book Sprint Facilitator
mobile :+ 49 177 4935122
identi.ca : @eset
booki.flossmanuals.net : @adam
http://www.flossmanuals.net
http://www.booki.cc
http://www.booksprints.net
More information about the Discuss
mailing list