Ian CarrollNov 18, 2022
HD Moore
In which Ian Carroll casually compromises a Turkish root CA trusted by most browsers: https://ian.sh/etugra
Security concerns with the e-Tugra certificate authority

Certificate authorities (CAs) are a critical backbone of internet security; when they are compromised, users lose the ability to securely connect to websites without fear of interception. Websites cannot insulate themselves against a fully-compromised CA, even if they normally use other CAs.

Security concerns with the e-Tugra certificate authority
Nov 17, 2022 at 8:47pmWeb
Show threadServer Reboot EngineerNov 17, 2022
@hdm
Show threadGerard ByrneDec 1, 2022
@hdm the CA model is broken. Too many trusted parties unworthy.
Show threadFarce MajeureDec 1, 2022
@hdm one time @sleevi ridiculed me for saying EV (code sign) certs are bullshit, but *more than once* the EV portion has been "can you give me a reference from another employee" and the response was "sure, let me forward you" *hands cellphone to person next to me*, "hey, talk to this dude." It is amazing. Other things I've scene work include "hey, I moved away from the office, can you overnight the hsm to my home address?" and \
Show threadFarce MajeureDec 1, 2022
@hdm @sleevi "yes, the company name changed since the d&b number was issued, and I can't fix it right now but if you don't issue a new cert we'll take our business elsewhere."
Show threadFarce MajeureDec 1, 2022
@hdm @sleevi To be fair, Sleevi ridiculed me for not being willing to say which CA did that, and I'm still chicken shit because I still need them. But it's not hard to figure out.
Show threadhallvorsDec 1, 2022
@hdm 😱
Show threadMarius (windsheep) Dec 1, 2022
@hdm aren’t these just shell CAs at this point in time, setup for on-demand “lawful” interception via SD-WAN or MPLS?
Show threadCurt WilsonDec 1, 2022
@windsheep @hdm even if they are shell CA’s, such 1980’s/1990’s style vulnerabilities anywhere are pathetic. I’d almost think it was a honeypot. Do you have any pointers to info about specific CA’s being used for “lawful” interception? This is an area that could use more illumination, or at least an area I need to refresh.
Show threadMarius (windsheep) Dec 1, 2022

@CurtWilson @hdm

I agree. CAs should have adequate security. I just don't know whether it helps to notify black sheep CAs of security issues.

I have "only" researched lawful interception tech personally. Mostly because I was interested in the viability of VPNs in certain cases. And what attack surface there is.

ETSI has a standard for lawful interception. They also refer to cases where the ISP cannot offer decryption via Men In The Middle approaches (national legislations may differ).
Then the law enforcement agency has to handle this based on the original packets.
https://www.etsi.org/deliver/etsi_tr/102500_102599/102528/01.01.01_60/tr_102528v010101p.pdf

On a network level, Cisco offers Lawful Interception setups.
https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/policies/ios-xe-17/policies-book-xe/lawful-intercept.pdf

This is openly specified. So, anyone can dig into the details.

There are various suppliers in the surveillance tech sector, which handle the CA part in cases, where it is necessary. Some more discreet than others, but the process is the same across the board:
https://www.edecision4u.com/lawful%20interception%20article_07.html