{"id":662,"date":"2017-11-10T16:11:27","date_gmt":"2017-11-10T16:11:27","guid":{"rendered":"https:\/\/securitycurve.com\/?p=662"},"modified":"2017-11-10T16:11:27","modified_gmt":"2017-11-10T16:11:27","slug":"vault-8-should-former-symantec-cas-go-the-way-of-wosign","status":"publish","type":"post","link":"https:\/\/securitycurve.com\/?p=662","title":{"rendered":"Vault 8: Should Former Symantec CA’s go the way of WoSign?"},"content":{"rendered":"

\"\"<\/a>Have you heard about the Vault 8 stuff?\u00a0 If you haven’t, Vault 8 is a new repository at Wikileaks<\/a> for US Intelligence software tools.\u00a0 One particularly interesting thing they put out there is Hive<\/a>\u00a0— I’ll warn you that I haven’t gone through it with a fine-toothed comb or anything, but one of the things folks are noticing is that it contains a mechanism to use fraudulent Kaspersky certificates, issued by Thawte,<\/a> to aid in exfiltration.<\/p>\n

That’s interesting on it’s own, and I feel bad for Kaspersky because they’re already struggling to get out from under the bus…\u00a0 but really for me it’s a bit of “last straw” for Thawte and maybe all the CA’s-that-were-formerly-Symantec on the whole.\u00a0 Yes, I know this is just one instance of one bogus cert… but it seems like every time I read about certificate problems, Thawte has something to do with it.\u00a0 I never really unpacked the data (until now), and I think Thawte is reflected disproportionately high.\u00a0 I’ll explain what I mean, but first let’s tee it up.<\/p>\n

First, you probably recall that I’ve been griping on this blog about the public PKI security model.\u00a0 I did it when WoSign got the boot<\/a> from the last of the browser trusted root stores, I did it again\u00a0to comment on the meteoric rise of Let’sEncrypt<\/a>\u00a0(arguing that the economics of public CA’s support this) and then again when Google announced plans to pull HPKP out of Chrome<\/a>\u00a0(it didn’t address the root issue anyway and it’s better done at a different level of the stack).\u00a0 Anyway, you’ve probably noticed I’ve been beating a drum that the public PKI model is broken.\u00a0 I’m not the first to say that of course.\u00a0 That said, I flatter myself that I’m maybe early to the table in trying to unpack the specific microeconomic reasons why.\u00a0 Maybe others are out there researching that and I just don’t know about it.\u00a0 If somebody knows of formal research in this area, I would greatly appreciate you telling me about it.<\/p>\n

Anyway, I’ve explained why the case is what it is, so I’ll spare you going through it again (if you’re really interested, the Let’sEncrypt link I referenced above will go through it in more detail).\u00a0 Just trust me when I tell you that the economics favor overall reduction in the security of certificate issuance processes over time.\u00a0 You can take it to the bank.\u00a0 It likewise frustrates me that nobody seems to care.\u00a0 I promise you, this is every bit as big a problem as something like EternalBlue — it’s arguably worse because it facilitates targeted, stealth attacks against pretty much whomever.\u00a0 No, there’s no “zombie apocalypse” scenario like WannaCry that originates from the PKI problem.\u00a0 It’s more subtle, which I’d argue is worse.\u00a0 So we know two things: 1) the rigor of certificate issuance processes and security measures will erode over time.\u00a0 2) As they do so, the probability of bogus certs will tend to increase.\u00a0 In fact, if you’ve been paying attention, you can see it at work right now.<\/p>\n

A decade ago, it was unusual to hear about bogus certs.\u00a0 Not that they couldn’t happen or anything, just that it was rare.\u00a0 Remember DigiNotar<\/a>?\u00a0 The reason you remember it – and the reason that CA no longer exists today – is precisely because it was so unusual for fraudulent certificates to be issued.\u00a0 Now?\u00a0 It’s just something that happens.\u00a0 Which gets me back to Thawte.\u00a0 A while back, some enterprising researchers published a paper called “Certified Malware: Measuring Breaches of Trust in the Windows Code-Signing PKI”.\u00a0 It’s a good paper.\u00a0 I recommend you go read it<\/a>.\u00a0 \u00a0The reason I think the work they did is so valuable though is that they didn’t just analyze the problem, but they also published the supporting data and CA information<\/a>.\u00a0 It contains a list of compromised code signing certificates.\u00a0 Which, should one be interested in doing so, one can import into Excel and do a comparative analysis of which CA’s are there, and compare that to the marketshare of certificates they issue.\u00a0 In fact, I did that this morning.<\/p>\n

Here’s what I found out.\u00a0 Thawte, as you might know, was owned by Symantec as of last year.\u00a0 Symantec sold it off<\/a> in large part probably because Google decided to pull it out of Chrome<\/a>.\u00a0 Now, Thawte specifically represents just about 1.8% of the marketshare.\u00a0 I base that on Symantec as a group (I’m calling it that even though it’s sold because that’s how the source data refers to it) having 13% marketshare<\/a>\u00a0and Thawte being 14.2 percent of the Symantec group<\/a>.\u00a0 That’s generous, by the way since the “marketshare” number is different from the “absolute usage” number.\u00a0 If you use absolute usage, Thawte comes in at .07%.\u00a0 Now hold that number in your head.\u00a0 If you then look at the issuers on the signed malware list, what is the population of Thawte certs specifically?\u00a0 Just about 40% (37.7).\u00a0 If you include all the CA’s that were formerly Symantec?\u00a0 74%.<\/p>\n

Now, it bears saying that this is not really a systematic or scientific analysis.\u00a0 There are a few reasons why.\u00a0 First, and most obviously, these are code signing certs not server certs.\u00a0 We can posit that there’s maybe a correlation for marketshare between the two groups, but it’s highly spurious to the point that I wouldn’t bet on it.\u00a0 Second,\u00a0I don’t know the methodology for why they picked the CA’s they did for the signed malware stuff.\u00a0 So those things could skew the population, and thereby the integrity of the above.\u00a0 \u00a0That said, I do think one can reasonably conclude a few things.\u00a0 First, I think we can surmise that Google was right to drop these.\u00a0 Second, we can safely say that Symantec was probably pretty smart to unload them.<\/p>\n

It likewise opens a few questions. One is the question of why Google is on its own in supporting these.\u00a0 I haven’t heard yet that others are dropping these CA’s – maybe they are and I just missed it.\u00a0 The second is whether the properties that were Symantec conform to the CAB minimum baseline.\u00a0 If they don’t, it’s a problem because you’d expect browser (and OS) vendors to use it — because that’s the purpose.\u00a0 More importantly, it’s pretty much the last line of defense and underpins the whole of the PKI ecosystem.\u00a0 If they do adhere to the baseline, it makes me wonder about their utility — like whether the bar is high enough.\u00a0 Either way, it isn’t good.\u00a0 Practitioners need to pay attention to this.<\/p>\n","protected":false},"excerpt":{"rendered":"

Have you heard about the Vault 8 stuff?\u00a0 If you haven’t, Vault 8 is a new repository at Wikileaks for US Intelligence software tools.\u00a0 One particularly interesting thing they put out there is Hive\u00a0— I’ll warn you that I haven’t gone through it with a fine-toothed comb or anything, but one of the things folks […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[4],"tags":[22,91,116,117,124,128],"class_list":["post-662","post","type-post","status-publish","format-standard","hentry","category-security","tag-ca","tag-pki","tag-symantec","tag-thawte","tag-vault8","tag-wikileaks"],"_links":{"self":[{"href":"https:\/\/securitycurve.com\/index.php?rest_route=\/wp\/v2\/posts\/662","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/securitycurve.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/securitycurve.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/securitycurve.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/securitycurve.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=662"}],"version-history":[{"count":0,"href":"https:\/\/securitycurve.com\/index.php?rest_route=\/wp\/v2\/posts\/662\/revisions"}],"wp:attachment":[{"href":"https:\/\/securitycurve.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=662"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/securitycurve.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=662"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/securitycurve.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=662"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}