Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Google Microsoft Mozilla Security News Apple Technology

Mozilla Breaks Its Own Promise, Allows Symantec To Issue Insecure Certificates (softpedia.com) 86

An anonymous reader writes: After researchers discovered that SHA-1 can be decrypted, Mozilla, together with Microsoft and Google, said they will no longer "trust" SHA-1-based certificates issued after January 1, 2016, and later stop supporting any type of SHA-1 certificates after June 30, 2016, or January 1, 2017. The foundation went back on its word this week, when Symantec begged Mozilla to allow it to issue nine new certificates for one of its clients, Worldpay PLC, which forgot to request these certificates before January 1. Symantec got what it wanted. Fortunately, other companies like Microsoft, Apple, or Google didn't cave under the pressure.
This discussion has been archived. No new comments can be posted.

Mozilla Breaks Its Own Promise, Allows Symantec To Issue Insecure Certificates

Comments Filter:
  • Choice of words? (Score:4, Insightful)

    by buchner.johannes ( 1139593 ) on Saturday February 27, 2016 @04:15PM (#51600147) Homepage Journal

    Hashes are not encryption. Plans are not promises.

    • Re:Choice of words? (Score:5, Interesting)

      by marcansoft ( 727665 ) <hector@marcansoft.UMLAUTcom minus punct> on Saturday February 27, 2016 @04:35PM (#51600277) Homepage

      And this has nothing to do with trusting SHA-1 certificates in browsers. This is purely a policy issue.

      Symantec isn't asking for a whitelist. They aren't asking for an exception in browser policy. They aren't asking Mozilla to trust those certificates. What they're asking for is an exception to CA policy. They are asking to violate agreed upon CA rules by "merely" issuing certificates using a weak algorithm (browsers ought not to trust these certs, but that's irrelevant, it's the fact that they're issuing them at all that breaks the rules). In effect, what they're saying to Mozilla is "we're breaking the rules, but please don't kick us out from the root store".

      If Symantec goes ahead and issues the certs, then any other trust store or entity in a position to enforce CA policy requirements (such as other browser vendors, MS, etc.) is well within their right to remove trust from Symantec roots due to a violation of CA policy.

      Of course, since this is Symantec, it won't happen. They're too big to fail. They'll do it anyway and get a slap on the wrist at most. This is too minor a bending of the rules for anyone to seriously propose kicking them out. That's the problem with big CAs - nobody wants to be the guy to detrust them, because then what users will see is "this browser sucks, I can't access all these sites". And so big CAs get to ignore policy or have major security breaches (I'm looking at you, Comodo) with impunity.

      • Re:Choice of words? (Score:5, Interesting)

        by khasim ( 1285 ) <brandioch.conner@gmail.com> on Saturday February 27, 2016 @04:44PM (#51600317)

        There is one aspect that is hopeful:

        Internally, Mozilla has agreed to allow Symantec to issue these certificates under two conditions: the entire process should be transparent, and that the certificates should expire after only 90 days.

        So if the certificates expire in 90 days (and are replaced with better ones) I'm okay with that.

        The part I still don't understand is why anyone would still need the old SHA-1 certificates. Are their systems THAT OLD? If so, I'm sure they have other problems that haven't been addressed.

        • Re:Choice of words? (Score:5, Interesting)

          by marcansoft ( 727665 ) <hector@marcansoft.UMLAUTcom minus punct> on Saturday February 27, 2016 @04:59PM (#51600431) Homepage

          One of the arguments in the e-mail discussion thread is actually reasonable: the rules say no new SHA-1 certs issued after January 1 2016, and no certs valid for >1 year. Which meant that a ton of people got last-minute certs issued in December. Those certs are valid for the whole year of 2016. WorldPay just fucked up and forgot - had they done so they would have the whole year to upgrade their terminals.

          So, in a way, a 90-day cert issued today is less of a security problem than all the last-minute certs issued right at the end of 2015. From that point of view, perhaps the rules weren't defined very well. It would've made more sense to have only a NotAfter restriction: no SHA-1 certs expiring after December 31st this year, effectively a steadily decreasing maximum validity period as the year progresses. Then this wouldn't have happened.

          Still, policy is policy, and the fact that Symantec is being allowed an exception (even if that exception makes some logical sense) is concerning.

          As for why they need SHA-1 certs? Old POS terminals using public CA roots, and still without SHA-256 support. Welcome to the embedded world. And yes, I'm sure they have lots of other vulnerabilities.

          • by mysidia ( 191772 )

            Still, policy is policy, and the fact that Symantec is being allowed an exception (even if that exception makes some logical sense) is concerning.

            I would suggest that in the future, CAs should be required to post a bond to get into the trust store, and there should be a financial penalty for non-compliance, AND the removal from trust store is at the option of some enforcement committee.

            Preferably, the browser vendors should get together and agree to remove any certificate that the committee judges t

          • for why they need SHA-1 certs? Old POS terminals using public CA roots, and still without SHA-256 support. Welcome to the embedded world. And yes, I'm sure they have lots of other vulnerabilities.

            What I don't understand (and maybe because I haven't looked too hard) is what "Old POS terminals" have to do with Mozilla. I can understand why Worldpay might need to support SHA1 for their own stuff, I don't quite get why that means a general browser should.

            Indeed, perhaps it's nothing to do with the browser at

            • Indeed, perhaps it's nothing to do with the browser at all, and it just means that Symantec can issue these certs without being considered by Mozilla (the group) in breach of some agreed to policy, but that these certs still won't we accepted (if they were seen) by Mozilla (the browser).

              That is exactly what I said and exactly what this means. In fact, one of the stipulations is that the certs will be added to CRLs so that browsers explicitly distrust them.

              If that is the case, then really this isn't a big d

            • by Gerv ( 15179 )

              "What I don't understand (and maybe because I haven't looked too hard) is what "Old POS terminals" have to do with Mozilla."

              The certificates they are using chain up to publicly-trusted roots, and so are covered by Mozilla's policies. In 20-year hindsight, that was a bad idea, but it was a decision taken a long time ago.

        • by Anonymous Coward

          e-commerce sites that target businesses. I kid you not. We had one client say that their site was broken when we removed SHA-1 acceptance. They were testing on IE8 on XP. We told them to pound sand, we weren't going to lower our security.

        • by Luthair ( 847766 )

          Not sure whether it is the case here, but apparently there are some older SSL accelerators companies are still using that only support sha1. Similarly some corporate reverse proxies only supporting sha1.

          There is an about:config option which allows you to turn off sha1 certs if you like, I turned it on a while back.

          • That's all well and good but if you have a device that hasn't been updated since the mainstreaming of SHA2 (about a decade ago?), what other issues and vulnerabilities does that hardware/software have?

        • The part I still don't understand is why anyone would still need the old SHA-1 certificates. Are their systems THAT OLD? If so, I'm sure they have other problems that haven't been addressed.

          Most existing Windows drivers were signed with SHA-1 code signing certificates. It's not 100% clear what's going to happen to those drivers, and the hardware they support, in future versions of Windows.

        • This is a HUGE screw-up for a payment processor on the FTSE 100.
        • the 90-day clause is so arbitrary, and the choice of '90' is random. Cough it up in 9 days using 10 top tier techs.
          Only then do we know they are serious and on the level.

      • Of course, since this is Symantec, it won't happen.

        I wouldn't be too sure of that. There are more than enough people out there with a simmering hatred of Symantec and the crapware they have foisted on the world.

    • by arglebargle_xiv ( 2212710 ) on Saturday February 27, 2016 @06:39PM (#51600967)

      Oh dear Cthulhu, how can you get a simple summary wrong on so many levels?

      • Firstly, SHA-1 is a hash function, not a cipher, so you can't "decrypt it".
      • Secondly, there's no immediate attack on it, it's just known to not be as strong as it should be. With a couple of simple precautions (e.g. using a high-entropy cert serial number) you can make it more resistant to known issues. It's not a total fix, but it helps.
      • Thirdly, Mozilla doesn't control Symantec. Symantec were asked by a private customer to be allowed to use a small number of SHA-1 certs for their payment terminals, which have absolutely nothing to do with Mozilla.
      • Fourthly, "other companies" have nothing to do with it, this is a decision by the CA. It just happened to be discussed on the Mozilla forums.
      • ...
      • Twenty-fifthly, it's a pretty odd distinction to make over cert issuance, if they'd issued a few weeks earlier (before the end of 2015) they'd have got cert with a one-year validity, so valid till the end of 2016. By not having them issued until now they're supposed to get one with an effective zero validity. All this is doing is allowing a private user with no connection to Mozilla to get the same effect as if it had bought the certs a few weeks ago.
      • Twenty-sixthly, ...
  • Years ago they made great software that I relied upon to make my machines go. Now it produces bloated infestations of pain that are like getting Lyme disease, a bot fly, and Ebola from a single insect bite.

    I would think the simple formula would be: If Symantec asks for something then it runs contrary to the public good. At this point if Symantec makes a large donation to fight cancer I would wonder if there are some benefits to cancer that they are hiding.
  • by Anonymous Coward

    Mozilla "bowed to pressure" over making a version of Firefox without pocket, australis and hello.

    Mozilla needs to be shut down and replaced by a competent browser making organization.

  • by rudy_wayne ( 414635 ) on Saturday February 27, 2016 @04:47PM (#51600337)

    Once again we are reminded of the truly sad state of business security.

    From TFA:

    A company representative has informed Mozilla that one of its clients, Worldpay PLC, has asked for nine new SHA-1 certificates. Symantec explains that Worlpay has forgot to ask for nine new SHA-1 certificates for some of its servers that process SSL/TLS communications for over 10,000 payment terminals across the world. Worldpay blames this situation on a communications mishap. They say that someone forgot to ask for these certificates before the January 1 deadline.

    The purpose of the January 1 deadline was supposed to be "Hey, your shit is not secure, you need to change to something else". It was NOT intended as "Hurry up and get all your shitty insecure SHA-1 certificates right away before we stop giving them out on Jan 1".

    • by Striek ( 1811980 )

      The problem is when those decisions end up putting someone out of business. I actually fully expected Mozilla to go Full Asshole on this; they consistently ignore the needs of users anyway. But it seems they were willing to reach a compromise, and especially in this case, I feel it's quite warranted:

      Worldpay blames this situation on a communications mishap. They say that someone forgot to ask for these certificates before the January 1 deadline.

      The company says they are already in the midst of the process of updating their servers to SHA-2, but this blunder now puts some of its users in danger of not having their payments go through.
      -snip-
      Internally, Mozilla has agreed to allow Symantec to issue these certificates under two conditions: the entire process should be transparent, and that the certificates should expire after only 90 days.

      WorldPay is a rather large online payment processor - this would affect a rather large number of innocent users, which certainly wasn't the purpose behind the deadline. As much as I agree that SHA-1 based certs

      • The company says they are already in the midst of the process of updating their servers to SHA-2, but this blunder now puts some of its users in danger of not having their payments go through.

        I'm still not understanding why it's Mozilla's responsibility to fix an issue caused by WorldPay's irresponsibility. WorldPlay should have been ready for the new certs months ago, not still "in the midst of the process of updating their servers to SHA-2" two full months after they should have had that in productio
  • i guess it's time to switch to chrome?
    • by eWarz ( 610883 )
      Took you that long? Trust issues with Google aside, there were always Chromium along with other alternatives, and the platform is far superior to Firefox. Don't get me wrong, I was a Mozilla fanboy ever since they god rid of that god awful suite of applications they had and released Phoenix. etc. However, when Chrome came out, it redefined the browser market...just like the iPhone redefined the smart phone market (disclaimer: the only Apple devices I've ever owned were a Macintosh SE, SE/30, iPod Touch a
  • I would have let you pay for that favour.
    I hope, but I also detest that Mozilla did exactly that.

  • Couldn't Symantec simply set the certificate date to be valid from 31 December of 2015?

    Also, why would I trust Worldpay PLC with any business if they can screw up something as simple as renewing certificates?

  • So I can make sure they go in the Untrusted Certs folder where they belong?

    • there are 3 tweets at the end of the article the third includes links to the 9 certs symantec issued after the deadline
  • by thegarbz ( 1787294 ) on Saturday February 27, 2016 @05:05PM (#51600467)

    So this "blunder" means that user's payments aren't going through, and now the work around is to ensure the user's payments are no longer secure?

    Sorry but I'd prefer my payment to not go through. I want no business with people who refuse to secure my financial transactions, I mean it's not like there wasn't a warning. Mozilla is again showing that they don't give a shit about users.

    But the article gives rise to another interesting issue, it implies there may have been a rush on renewals for SHA-1 certs. This kicking the can down the road approach deserves naming and shaming.

    • But the article gives rise to another interesting issue, it implies there may have been a rush on renewals for SHA-1 certs.

      Yeah, and that's a worse issue than the one brought up by the summary.

    • If the certificate gets it's 90 day extension, your payment is as secure as it was on 12/31/2015.

      Of course the announcement that no new SHA-1 certificates would be issued after 12/31/2015 would mean there would be a rush to get them before that date. However, the second part was that the new certificates would be 1 year with no renewal.

      Which means that if they were doing the right thing, they would have gotten them before the end of last year, and they would have expired before then end of this year.

      Instea

      • Which means that if they were doing the right thing, they would have gotten them before the end of last year, and they would have expired before then end of this year.

        If they were doing the right thing they would have started upgrading their infrastructure when the vulnerability was first discovered instead of kicking the can as far as contractually possible down the road. This in itself doesn't change anything. There are people using SHA-1 which has been shown to be too weak to properly secure communications for critical connections. They should be named and shamed regardless if they upgraded their cert on the 31/12/15 or not.

  • The danger in issuing a certificate with a weak signature (like SHA1 today) is that the entity requesting the certificate (WorldPay in this case) is planning to take the signature from that certificate and apply it to another certificate, effectively forging the signature of the CA to create another valid certificate without the CA's blessing. In order to pull this off, the requestor needs to first find a hash collision (leveraging the weakness of the signature algorithm) and then anticipate exactly what's

  • The last bastion turned out to be a house of cards after all.

    And Microsoft and Google weren't the highest bidders this time.

    firefox me.

  • How can anybody trust a "security" company that is literally crying to have people accept insecure certificates? Absolutely mindboggling.

    It's really unfortunate, too... Symantec used to be top of the game.

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...