Tuesday, October 15, 2013

Spoof attacks, MITM and outdated certificates

On the subject of network ethics, we often want to ask how fraudulent digital fingerprints may manifest themselves over a particular domain. Whether you are using Chrome, Internet Explorer or Firefox, it is very easy to access the SSL certificates you have access to. As it turns out, the layer is not so secure.

The investigation started when I got onto campus this morning and decided to check the key chain on the Windows 7 machines in the library. A quick Google search turned up (using the keywords "fraudulent certificates") a few articles on spoofs, phishing and man in the middle (MITM) attacks over outdated certificate authorities. While some Tom can (and do) access information over web sockets between Alice and Bob's computers, we must keep in mind that most of these certificate authorities over SSL were instantiated in the 21st century. You can usually find certificates from Mozilla, Microsoft, Yahoo and Google. Other typical objects in the key chain usually come from international telecommunication networks, like Turkish and Dutch roots.

Typical adopters of web browsers will never give these objects much thought, they just kind of run in the background as artifacts of SOCKS routing. It is a matter of course that an attacker would use the path of least resistance and spoof or else forge a digital fingerprint for malicious means using what, prima facie, look like trusted certificates.

Although the latest documentation says that browser updates usually circumvent attacks on outdated or fraudulent authorities, it seems like it may not be the case after all. Attacks have been cited in 2011 onward by sources worldwide (a quick Google will turn up thousands of results). At the cost of bashing Microsoft (which is not the intent), the interesting case is that you usually do not find such digital fingerprints on even what figures like RMS call "spyware operating systems" (like Ubuntu). Indeed, a quick look at my home network does not turn up any fraudulent or else outdated certificate authorities.

Now, a colleague did make mention of some back-doors like this back when we were studying at the University of Calgary Health Sciences department, and it seems to have been patched, but IT in general here seems to allow for more than just MITM attacks - often unwittingly. Dangers of unauthenticated or non-secure SSL channels could be a 'black hat' digital signature, which implicates unknowing end users as perpetrators - not victims - of MITM or spoofs, and also allows prying eyes to look into your email. As an example, we trust our service providers to keep our banking information secured. I can say that my bank account information has been left as a starred item on Gmail since 2010 or so and there have been no worries. What does cause worry is when geographic metadata itself releases malicious digital fingerprints into cyberspace, particularly as a University student, and the next thing you know some police choppers are flying over an entire sub-net to investigate what is believed to be bad traffic.




No comments:

Post a Comment