{"id":5958,"date":"2014-07-10T10:00:52","date_gmt":"2014-07-10T14:00:52","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=5958"},"modified":"2014-07-10T10:00:52","modified_gmt":"2014-07-10T14:00:52","slug":"crypto-certificates-impersonating-google-and-yahoo-pose-threat-to-windows-users","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2014\/07\/10\/crypto-certificates-impersonating-google-and-yahoo-pose-threat-to-windows-users\/","title":{"rendered":"Crypto certificates impersonating Google and Yahoo pose threat to Windows users"},"content":{"rendered":"<p style=\"text-align:center;\"><a href=\"http:\/\/arstechnica.com\/security\/2014\/07\/crypto-certificates-impersonating-google-and-yahoo-pose-threat-to-windows-users\/\"><img data-recalc-dims=\"1\" height=\"728\" width=\"640\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/07\/disguise-kit-640x728.jpg?resize=640%2C728\" alt=\"\" \/><\/a><\/p>\n<p>People using Internet Explorer and possibly other Windows applications could be at risk of attacks that abuse counterfeit encryption certificates recently discovered masquerading as legitimate credentials for Google, Yahoo, and possibly an unlimited number of other Internet properties.<\/p>\n<p>A blog post published Tuesday by Google security engineer Adam Langley said the fraudulent transport layer security (TLS) certificates were issued by the National Informatics Centre (NIC) of India, an intermediate certificate authority that is trusted and overseen by India&#8217;s Controller of Certifying Authorities (CCA). The CCA, in turn, is trusted by the Microsoft Root Store, a library that IE and many other Windows apps rely on to process the TLS certificates that banks, e-mail providers, and other online services use to encrypt traffic and prove their authenticity. (Firefox, Thunderbird, and Chrome on Windows aren&#8217;t at risk. More about that later in this post.)<\/p>\n<p>Unknown scope<\/p>\n<p>In an update posted Wednesday, Langley said the CCA confirmed that the bogus certificates were the result of a compromise of NIC&#8217;s certificate issuance process. The CCA reportedly said only four certificates were compromised. In a sign the CCA&#8217;s findings aren&#8217;t reliable, or at least are only tentative, Langley went on to say Google researchers are aware of still more counterfeit credentials stemming from the NIC breach.<\/p>\n<p>&#8220;The four certificates provided included three for Google domains (one of which we were previously aware of) and one for Yahoo domains,&#8221; he wrote Wednesday. &#8220;However, we are also aware of misissued certificates not included in that set of four and can only conclude that the scope of the breach is unknown.&#8221;<\/p>\n<p>Further Reading<\/p>\n<p>How Heartbleed transformed HTTPS security into the stuff of absurdist theater<\/p>\n<p>Certificate revocation checking in browsers is &#8220;useless,&#8221; crypto guru warns.<\/p>\n<p>The CCA has already revoked all certificates held by intermediate authority NIC. The revocation in theory means Windows users who encounter one of the fraudulently issued TLS certificates will be alerted through mechanisms including the certificate revocation list and online certificate status protocol, which are supposed to flag revoked credentials before they&#8217;re trusted by a browser or other app. In practice, and as Ars reported following the catastrophic Heartbleed vulnerability, the real-time revocation checks are trivial for attackers to bypass.<\/p>\n<p>House of cards<\/p>\n<p>The result is that IE and other apps that rely on Windows to know which certificates to trust have no reliable way of detecting the bogus credentials at the moment. Worse still, at this early stage in the investigation, there&#8217;s no way of knowing just how many certificates were fraudulently issued. Based on Langley&#8217;s account, there are at least five impostors (the four confirmed by CCA and at least one other not included in that list seen by Google), but it&#8217;s hard to imagine attackers with the control over a Windows-trusted authority would stop at just a handful. Absent some technical constraint, there&#8217;s every reason the attackers minted hundreds, thousands, or even more of the fake IDs.<\/p>\n<p>It was precisely this scenario following the 2011 compromise of DigiNotar that prompted Microsoft to hardwire the revocation of the Dutch certificate authority directly into Windows. By the time Microsoft and other software makers responded, more than 300,000 Internet users, mostly located in and around Iran, were exposed to the certificates when accessing Google mail. Asked Wednesday afternoon if Microsoft planned to follow a similar path this time, company officials issued the following statement:<\/p>\n<p>&#8220;We are aware of the mis-issued third-party certificates and we have not detected any of the certificates being issued against Microsoft domains. We are taking the necessary precautions to help ensure that our customers remain protected.&#8221;<\/p>\n<p>Full Story: <a href=\"http:\/\/arstechnica.com\/security\/2014\/07\/crypto-certificates-impersonating-google-and-yahoo-pose-threat-to-windows-users\/\" target=\"_blank\">Crypto certificates impersonating Google and Yahoo pose threat to Windows users | Ars Technica<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>People using Internet Explorer and possibly other Windows applications could be at risk of attacks that abuse counterfeit encryption certificates [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[5,9,11],"tags":[178,341,424,536,1178,1265],"class_list":["post-5958","post","type-post","status-publish","format-standard","hentry","category-microsoft","category-software","category-windows","tag-certificate-authorities","tag-exploit","tag-google","tag-internet-explorer","tag-vulnerability","tag-yahoo"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-1y6","jetpack-related-posts":[{"id":9452,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/11\/19\/internal-bug-discovery-security-now-693\/","url_meta":{"origin":5958,"position":0},"title":"Internal Bug Discovery &#8211; Security Now 693","author":"NCCT","date":"November 19, 2018","format":false,"excerpt":"https:\/\/youtu.be\/ClVI9PMQGCY Australia vs Encryption, Google+ Bugs Hasten its Demise -- Australia's recently passed anti-encryption legislation -- Details of a couple more mega-breaches including a bit of Marriott follow-up -- A welcome call for legislation from Microsoft -- A new twist on online advertising click fraud -- The DHS is interested\u2026","rel":"","context":"In &quot;Microsoft&quot;","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/ClVI9PMQGCY\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9511,"url":"https:\/\/nccomputertech.com\/techtalk\/2019\/01\/22\/millsplain-it-to-me-this-week-in-tech-702\/","url_meta":{"origin":5958,"position":1},"title":"Millsplain It to Me &#8211; This Week in Tech 702","author":"NCCT","date":"January 22, 2019","format":false,"excerpt":"https:\/\/youtu.be\/EtTfFJVBZ6s -Apple's Tim Cook Calls for Data Privacy. -773M Passwords Pwned - How to Find Out If Yours Was. -Amazon Tries to Make Alexa Sound \"Newsy.\" -Google Buys Fossil. -74% of Facebook Users are Clueless. -Facebook's 10 Year Challenge. -Atari Founder Making Alexa Board Games. -Stop Using Windows Phone! -Tokyo\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/EtTfFJVBZ6s\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9364,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/06\/03\/this-week-in-tech-669-15-minutes-of-fun\/","url_meta":{"origin":5958,"position":2},"title":"This Week in Tech 669: 15 Minutes of Fun","author":"NCCT","date":"June 3, 2018","format":false,"excerpt":"https:\/\/youtu.be\/KQc0YlNQNfY --Apple's WWDC this week looks like it may be a disappointment for anyone hoping for new hardware. --Facebook is killing its \"Trending Topics\" section. --Teens prefer Instagram and Snapchat to Facebook; close to half are \"almost constantly\" online. --The Atari VCS is coming soon for expensive retro gaming. --Scooters\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/KQc0YlNQNfY\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9938,"url":"https:\/\/nccomputertech.com\/techtalk\/2025\/05\/16\/google-antitrust-ruling-breakdown-what-this-means-for-chrome-and-search\/","url_meta":{"origin":5958,"position":3},"title":"Google Antitrust Ruling Breakdown &#8211; What This Means for Chrome and Search","author":"NCCT","date":"May 16, 2025","format":false,"excerpt":"https:\/\/youtu.be\/ELXjmrnN1uM The panel breaks down the antitrust ruling that could force Google to sell Chrome, stop paying Apple billions for default search placement, and fundamentally reshape the internet. This is just one explosive topic from This Week in Tech - we also discuss AI's environmental impact and the government's security\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/ELXjmrnN1uM\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9902,"url":"https:\/\/nccomputertech.com\/techtalk\/2025\/02\/11\/tpm-2-0-is-not-required-for-windows-11\/","url_meta":{"origin":5958,"position":4},"title":"TPM 2.0 Is Not Required for Windows 11","author":"NCCT","date":"February 11, 2025","format":false,"excerpt":"https:\/\/youtu.be\/yjjCbOOpREg On Security Now, Steve Gibson talks about Microsofrt dropping the TPM 2.0 requirement from Windows 11.","rel":"","context":"In &quot;Microsoft&quot;","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/yjjCbOOpREg\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9428,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/10\/28\/all-the-presidents-phones-this-week-in-tech-690\/","url_meta":{"origin":5958,"position":5},"title":"All the President&#8217;s Phones &#8211; This Week in Tech 690","author":"NCCT","date":"October 28, 2018","format":false,"excerpt":"https:\/\/youtu.be\/pmfcU05twvo IBM buys Red Hat, worst Windows 10 ever, Right to Repair wins, and more. -- What's in store for Apple's big event this Tuesday? -- Tim Cook vs the \"data industrial complex\" -- Amazon's government controversies -- IBM buys Red Hat for $34 billion - the largest software purchase\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/pmfcU05twvo\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/5958","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=5958"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/5958\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=5958"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=5958"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=5958"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}