Confirmed users, Administrators
5,526
edits
CA:MaintenanceAndEnforcement: Difference between revisions
Jump to navigation
Jump to search
→Risks to Consumers
| Line 41: | Line 41: | ||
= Risks to Consumers = | = Risks to Consumers = | ||
Possession of a mis-issued certificate alone does not allow an attacker to do anything. The attacker also needs some control over the victim's network connection. This means that the most likely attacks are either very localized (shared WiFi, local network compromise) or very broad (governments). | Possession of a mis-issued certificate alone does not allow an attacker to do anything. The attacker also needs some control over the victim's network connection. This means that the most likely attacks are either very localized (shared WiFi, local network compromise) or very broad (governments). An attacker armed with a fraudulent certificate and an ability to control their victim’s network could impersonate websites in a way that would be undetectable to most users. The end users could be deceived into revealing personal information such as usernames and passwords, or downloading malware (containing malicious content or software) if they believe it’s coming from a trusted site. | ||
An attacker armed with a fraudulent SSL certificate and an ability to control their victim’s network can: | |||
* Impersonate a valid website -- Present a fake website that looks like a valid website, and make the browser believe it is the real version of the website, because the browser finds that the SSL certificate of the fake site is valid. | * Impersonate a valid website -- Present a fake website that looks like a valid website, and make the browser believe it is the real version of the website, because the browser finds that the SSL certificate of the fake site is valid. | ||
* Re-direct users to a fake site -- Users on a compromised network could be directed to sites using a fraudulent certificate and mistake them for the legitimate sites. | * Re-direct users to a fake site -- Users on a compromised network could be directed to sites using a fraudulent certificate and mistake them for the legitimate sites. | ||
** In a rogue hotspot, “www.mybank.com” might resolve to an attacker’s server (instead of the real thing) and the HTTPS connection may never happen. Many users might not notice this and end up logging into an attacker’s website. | ** In a rogue hotspot, “www.mybank.com” might resolve to an attacker’s server (instead of the real thing) and the HTTPS connection may never happen. Many users might not notice this and end up logging into an attacker’s website. | ||
* Sign malicious code and make it look like it came from a valid organization, such as the end-user's bank. | * Sign malicious code and make it look like it came from a valid organization, such as the end-user's bank. | ||
= Potential Problems, Prevention, Response= | = Potential Problems, Prevention, Response= | ||